Do you know who’s accessing resources on your servers?
Do you know who’s snooping for information on your workstations?
Do you have control over what computers can access other computers, regardless of the logged on user?
Do you have control over what users can connect to other computers on your network, regardless of what device they’re connecting from?
Do you know if someone is listening in on your communications as they move over the wire?
If you don’t know the answers to these, you need to do something. What you do depends on how much time you have:
- Implement NIDS and HIDS, review your network segmentation, reconfigure your switches to support 802.1x, reconfigure the firewalls on all your clients, review and configure Share and NTFS permissions on all shared resources, update your antimalware to prevent network sniffing on clients, put crazy glue in the span ports on your switches, and more
- Deploy Domain and Server Isolation using IPsec
Me, I like the second option.
Check out this article by security MVP Rogrido Immaginario for more information about IPsec Server and Domain Isolation.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer