Just when you think you have your network under control, there’s always something — or someone — creating a bit more complexity than you thought you had to deal with. One thing that’s often overlooked is third-party vendor connections into network environments.
Whether you know about them or not, such connections likely exist today, and they’re probably creating more risks than you’re willing to tolerate. They may come in the form of VPN connections, web services or even something more rudimentary, such as a remote desktop or a third-party remote PC access tool.
The reality is that vendors, business partners and customers connect into your LAN or cloud environments. You probably just haven’t discovered them yet.
Bad Connections
On the surface, these outside connections may seem harmless. The odds are certainly in your favor that intentions are good, but you know which road is paved with that approach.
It doesn’t matter how well you know these outside parties, what security policies you have in place or how strong your contract is. Your network can be compromised if one of these inbound connections facilitates something like a curious user on the other end or, perhaps worst of all, malware or an attacker who has gained a foothold into that outside environment and now has a path into yours.
It really doesn’t matter what type of connection they have; all that matters is that the connection is there. It could provide someone with unfettered access to your network that is, in all likelihood, unmonitored and unaudited. Like many seemingly resilient organizations we’ve heard about in the past, this type of unauthorized access can literally bring an organization to its knees. So what can you do about this security risk?
The solution is along the lines of the common issue that few people seem to be addressing: You have to know your environment and understand the risk in order to do something about it. Many IT and security shops simply manage things in the short term, putting out fires day by day. They fail to look at the bigger picture and gain control of their environment from a higher level.
Monitoring Third-Party Vendor Connections
The following steps can help you gain some semblance of control over third-party vendor network connections:
- Perform an inventory yourself, and speak with department managers and data owners to help you determine where these connections are coming from and going to, who has been granted access and so on.
- Perform a firewall rulebase analysis to look for rules allowing inbound connections you may not have been aware of.
- Run vulnerability scans on your external-facing hosts — including cloud-based environments — to look for services that are listening for inbound connections. Make sure that you look for all of your known IP addresses. Many people forget about systems here and there, and that’s often how these inbound network connections get overlooked.
- Determine whether your enterprise password policies apply to accounts on inbound network connections. What about malware protection, personal firewalls and software update checks similar to the promises of network access control in years past?
- Decide if you need to establish additional security standards and enforce them via technical controls, such as DLP, cloud access security broker and SIEM technologies.
- What internal processes are involved in provisioning inbound network connections and account setup? What are the gaps and how can they be improved?
Stay Alert
Your own internal network environment is complicated enough. The last thing you need is someone else’s inbound connection creating unnecessary risks for your business — but you cannot secure the things you haven’t yet acknowledged.
It’s important not to overlook third-party network connections. Make this exercise part of on your ongoing information security assessments and audits. Given the interconnectedness of the business world in which we operate, things are only going to get more complicated.
Independent Information Security Consultant