The widespread impact of the SolarWinds (Sunburst and Supernova) security hacks sent network teams scrambling to react, assess the impact and mitigate any potential damage. Organizations needed to conduct a forensic assessment phase to determine if they were affected then follow the Cybersecurity and Infrastructure Security Agency (CISA) emergency directive 21-01 to take steps to address a possible breach.
CISA has released an alert (CISA Alert AA20-352A) that recommends mitigation steps to take for SolarWinds Orion and to address potential vulnerabilities left in the network infrastructure by the threat actors. Organizations that have network automation in place are equipped to automate many of the CISA recommended mitigation actions for all network devices (router, switches, firewalls, etc.). An intent-based network automation software solution can aid an organization in quickly implementing these actions.
CISA Recommendation: Device configurations
How Intent-based Network Automation Helps
CISA Recommendation: Credential and security information reset
Change all credentials being used to manage network devices, to include keys and strings used to secure network device functions (SNMP strings/user credentials, IPsec/IKE pre-shared keys, routing secrets, TACACS/RADIUS secrets, RSA keys/certificates, etc.).
How Intent-based Network Automation Helps
A configuration modeling application can be used to automate (at a minimum) configuration modeling policies for an intent-based, declarative method to intelligently implement any network configuration change, feature by feature. Identify your own policy (intended state) and the solution should be able to implement the changes to the network layer reliably and at scale. It should also be able to remove old/incorrect policies instead of just adding more and increasing the technical debt. In this example, network automation software is used to control and automate the maintenance of:
CISA Recommendation: Firmware and software validation
Validate all network device firmware/software which was stored or managed on the SolarWinds monitoring server. Cryptographic hash verification should be performed on such firmware/software and matched against known good hash values from the network vendor. CISA recommends that, if possible, organizations download known good versions of firmware.
How Intent-based Network Automation Can Help:
These are just a few examples of how having network automation in place will help organizations assess and take action to mitigate any risk to their network and in turn protect their infrastructure and data. The above recommendations from CISA, while specific to a specific cybersecurity threat, are actually best practices that should be part of any IT security system.
References: