For the record, adding a firewall to your network is no longer enough to declare it secure.
More devices are connected to networks every day, and large, complex networks are paving the way for more services and processes than we could have imagined. Because of this, the attack surface has grown rapidly, and so we must adapt.
We must secure our systems against dangers from all directions, not just from the "outside." We must understand that "trusted" endpoints have privileged access to the infrastructure and that they may be compromised. As a result, to fight against a privileged attacker, we need to harden the infrastructure.
While a perimeter security appliance is always beneficial, other factors such as authorized network access, segmentation, and secured infrastructure become just as critical as a solid traffic security strategy.
Kirey Group and IP Fabric aim to integrate network assurance capabilities to create a complete and reliable model of the network and to facilitate data sharing through integration and the use of APIs.
CVEs
One of the most important aspects of this is ensuring that the network's devices are not vulnerable to attack. The Common Vulnerability and Exposure (CVE) program is administered by the Mitre Corporation, which is funded by the US government. The goal of this program is to find, define, and catalog publicly revealed software and infrastructure vulnerabilities. Each vulnerability is given an identity, categorized, and reviewed before being added to the NIST-hosted central repository. The data in the repository can then be used by organizations to analyze their risk.
Vendors typically make this information available to their support customers to aid with lifecycle management. Until recently, NIST allowed access to the National Vulnerability Database (NVD) in the form of a feed file to anyone who requested it. Since June 2020, the preferred option is to use a REST API call, which offers up a slew of possibilities! A single API call can provide you with a list of the CVEs related to a particular model in a family of vendor’s equipment running a specific code version.
Inventory
IP Fabric's industry-leading discovery maps out your network hop-by-hop in automated snapshots on a schedule that you choose. Each point-in-time snapshot contains a complete representation of the network, including device inventory, code version, and other information.
When you combine that model with the CVE database, you'll have all the information you need to identify which CVEs might impact your network architecture.
Model
Let’s take it a step further. The IP Fabric model also keeps account of the configurations that have been applied to devices, the network topology, and the hosts that are connected to a device at any given time. Once you've found the CVEs affecting devices in your environment, you may use the model's information to:
- determine whether a device is affected by a specific CVE by checking if it is configured using the affected feature;
- determine the impact of upgrading or replacing devices by visualizing their role in the topology;
- enumerate the impact of an issue by counting the number of connected users on an affected switch or the APs connected to an affected device.
APIs
The data in the model we described above may be easily extracted from IP Fabric using its comprehensive REST API. The API call to get that data is straightforward.
Create an API token, then submit a POST request to your IP Fabric server's API endpoint 'tables/inventory/devices' to retrieve inventory from the relevant snapshot.
For example:
curl "https://demoX.ipfabric.io/api/v1/tables/inventory/devices" -X POST -H "X-API-Token: XXXXXXXXXXXX" -d '{"columns":["hostname","vendor","family","version"],"snapshot":"$last"}'
You may then cycle through the list of devices returned and put together a request to search the NIST database, for example:
curl "http://services.nvd.nist.gov/rest/json/cves/1.0?cpeMatchString=cpe:2.3:*:<vendor>:<family>:<version>"
This produces a JSON data structure with a list of CVEs that apply to the device.
A description of the CVE, the report's source, a threat level categorization in terms of effect and exploitability, and so on are all included for each CVE item. Use a script to perform the API request, and then analyze the list on your own to compare the effect of those CVEs to the role and status of the devices in IP Fabric's model.
Example
There is an example script in IP Fabric's #CommunityFabric on GitHub repo that makes these calls into IP Fabric and the NIST database for you. It makes use of a very basic API Client to keep the code readable and easy to change.
Kirey Group and IP Fabric: a winning partnership
Building on the expertise that Kirey Group has developed in the field over the years, the partnership with IP Fabric aims to integrate network assurance capabilities that create a complete and reliable model of the network and facilitate data sharing through integration and the use of APIs, with all the other components of the Group's offerings such as ticketing systems, governance, security and more.
Autonomously retrieving information from the field and integrating with the people performing the processes will allow optimization to be taken to the highest levels, achieving that goal we outlined at the beginning: gaining a deep understanding of the relationship between all the various elements that make up the network and customer systems. A compression that for Kirey Group will translate into the ability to support companies in an even more complete and timely way in the face of new growth and transformation projects.
👉Click here to learn more about our
Network Governance System offering!
Source of the article: https://ipfabric.io/blog/network-infrastructure-security/