I am 6 years into the tech world – the last two have been on the networking side of things. It’s useful to see, in a granular way, how and when to architect the flow of traffic. The principles of least privilege I used previously with something like shared folders (equally important). Now it is applied differently with routing, segmentation and access control on a firewall. Who needs to initiate the traffic and what type of traffic is it? Anything else should be blocked or dropped. If it is WAN-initiated and the source can’t be strictly defined, can we apply Geo-IP blocking and IP reputation lists? A full security service suite at the gateway helps too.
The challenge I’ve noticed isn’t that it prevents user workflow or that customers won’t allow improvements to a security posture, but that these best practices be communicated to a customer well. Relating the benefits and limitations of these recommendations, the cost in their time spent or downtime to the business (most often it is very little, if any), what fine-tuning they might expect after the initial work – all of these things can be introduced pretty quickly and removes the unknown factor from a project and ultimately empowers their use of digital space. I’m writing about small-medium businesses mostly. An enterprise has internal IT staff with a primary role of appreciating, planning and implementing these things with you, the networking vendor maintaining the gateway appliance. Small-medium businesses, in particular, benefit quite a bit by having this resource and I enjoy finding, communicating and implementing the most effective ways to decrease an attack surface.
It’s a pretty great thing to be able to enjoy looking forward to work. I feel grateful to have that in my position.
There’s more for me to learn and I’ll get back to that just as soon as I convince myself I’ve fine-tuned my last home lab project enough!