CyberWarfare / ExoWarfare

Protecting the Logical Security of a Network Environment

By Edward J. Hawkins, II
Contributor, InCyberDefense

Once you’ve successfully completed the physical security of your environment, it is time to examine its logical security. Logical security should reflect the administrative security of the environment. It is the mapping of the administrative security to its logical counterparts.

For example, if an administrative policy says that your organization will host an e-commerce website and that Internet traffic to that server will only accept HTTP or HTTPS requests, the logical security should allow only that traffic and nothing else. Logical security is the set of rules implemented in that environment.

Logical Security Involves Patches, Updates, Anti-Malware Suites and Possibly Firewalls

When the topic of logical security comes up among consumers, the conversation quickly turns to patches, updates, anti-malware suites and maybe the firewall. I say “maybe the firewall” because it is the one security measure that is put into place from inside an organization or home, not something managed from outside the corporate enterprise environment.

In fact, most small office/home office (SOHO) wired and wireless routers will run a stateful packet inspection (SPI) firewall. However, they do not allow the consumer to determine what traffic will be allowed or to monitor the firewall.

Without the ability to decide what traffic to allow or block, the user is at the mercy of the device’s firmware developer to have properly implemented the firewall code. This network device is the first line of defense in any SOHO network. Next in line are the individual devices on the network, which may not have any software-based security installed in them.

Logical Security Also Depends on Your Operating System, Server/Workstation and Software

Depending on your operating system (OS) — such as Windows, Mac or Linux — several built-in features are available to implement a logical security program. It is also important to distinguish what server/workstation and what software (home, professional or something else) you’re using. This level of understanding is important because it helps you determine what security features are available without having to automatically go to third-party software.

That is not to say that using third-party software is bad. Such software does provide gap coverage, but you must determine what valid security software is and what it is not. There are a number of malicious developers out there who have created scareware and other hoax software to rob their victims. Some of the more notable types of these programs are related to fake antivirus software.

Microsoft Has Made Home Users More Vulnerable by Removing Local Security Policy Editor

For years, Microsoft Windows provided two key methods for implementing logical security: Local Security Policy Editor (Group Policy Editor in the server environment) and the Advanced Firewall. Unfortunately, Microsoft has now removed the Local Security Policy Editor from Windows 10 Home edition. Microsoft provides it only in the Professional edition, which is a huge security mistake.

Advanced Firewall in Microsoft’s Windows 10 Can Be Configured to Improve Logical Security

The Advanced Firewall, on the other hand, can be configured. The purpose of the security policy editor is to allow users to interact with the system based on established rules.

Some of the more common rules relate to the number of attempts a user can make to gain entry to a network before the account is locked and how complex a password must be for valid use. The local and group Windows security policy editors are robust and allow for highly granular security and auditing.

Firewalls in Microsoft and Apple Software Must Be Configured with the Right Security Rules

The Advanced Firewall can be found in the control panel, which is buried in Windows 10. This firewall provides a highly detailed level of control, but it needs to be configured with the appropriate rules. It can take considerable time to determine what configuration works best for the environment.

Apple, on the other hand, uses the Berkeley Software Distribution (BSD) of UNIX and the Mach microkernel from Carnegie Mellon University. These kernels provide the underlying architecture for a logical security environment.

I’m not too familiar with Apple’s security architecture. But the overview reads like a sales pitch and its 14-page description of security is not much better.

However, from what I have been able to gather, Apple’s goal for its operating system security is to simplify the process for users while providing a level of security that meets industry and global standards. For example, the firewall settings are found in the Settings menu under “Security and Privacy.”

Linux Has Multiple Security Implementations

Because Linux is open source software and therefore easily modifiable, there are many different security implementations. It is, however, common to see the program iptables used for the firewall system and ClamAV for anti-malware.

These are just two of the more common defensive security applications available to Linux users. There are also complete distributions available to create a fully defensible environment.

Logical Security Software Products Often Available as Cross-Platform Solutions

Many of these logical security software products are available as cross-platform solutions. For example, ClamAV is also available as a port to Windows.

One of the more robust security tools that can be implemented within a cross-platform environment is Snort. It is a lightweight intrusion detection system (IDS) and the actual application size is small and highly configurable. It is so configurable, in fact, that books have been written on it.

Remember: When It Comes to Security, You Get What You Pay For

Always remember that you get what you pay for. Take the time to understand what your security needs are for your environment and what you seek to protect. Then research all possible solutions.

Once you have that all figured out, determine the best approach to testing your solution. There are plenty of testing methodologies available to ensure that your security solution will prevent most attacks.