By Lori Kleckner
This installment of our security series focuses on section 9 of NENA Security for Next-Generation 9-1-1 Standard (NG-SEC), designed to be used by public safety agencies as a guideline for securing their systems. As today’s emergency services networks are implemented, it is important to identify, document and protect them. Solutions should also be in place to address equipment and circuit fail-over. Network and remote access security addresses several security issues and strategies for mitigation.
As part of this series, L.R. Kimball has been sharing some common findings of non-compliance with NG-SEC as observed during our PSAP assessments. In the area of network and remote access it is prevalent to find both the absence of firewalls and firewalls that are not properly configured. Accurate network diagrams are generally not made available to the PSAPs. Network redundancy is minimal. This is obviously problematic.
It is difficult to protect the network and associated assets without first defining the network. Once the boundaries of the network are understood (and documented), actions should be taken to secure those boundaries. Firewalls should be in place at each boundary of the network. Firewalls should be configured based on business need of traffic, minimizing the number of ports open and protocols permitted to ingress and egress the network. Following a defined process for maintaining the firewall to assure only appropriate network traffic is entering or leaving the network, is a defense against issues arising from both known and emerging threats.
Remote access to the network is an area requiring close scrutiny to determine the business need. Any access to the network has the potential to introduce malicious activity both intentional and unintentional. Remote access, whether for third-party maintenance access or remote employees, must adhere to polices and the intent of the firewall must not be circumvented.
Network redundancy and diversity often requires consideration of the options available to the PSAP. Redundancy includes duplication of equipment and circuits. Advantages of redundancy are realized during maintenance of equipment and in the event of an unforeseen failure. Redundancy will provide the resources to remain operational while repairs are enacted. In the same manner, the ability to provide an alternate route for network circuits to achieve diversity in the event of an outage, supports maintaining high availability needed to provide emergency call services.
The importance of network and remote access, as well as addressing availability through redundancy and diversity are issues facing today’s IP-connected PSAPs. With strong policies in place and the commitment to follow through, the availability of emergency call services is greatly increased.
Visit our blog next month to gain an overview of change control and documentation.