Without adequate protection, the routers of the Belnet network would succumb every day to the many attacks they have to deal with. To make our network even more resilient to cybercrime, new protections have recently been installed for both IPv4 and IPv6.
The Belnet routers are a gateway to our network and therefore a target for attackers. As threats are constantly evolving, it is crucial for our teams to continuously arm our infrastructure against new forms of cybercrime.
Best practices
As part of the redesign project, our network team carried out a thorough audit last year to critically examine the existing armaments on the Belnet routers and identify vulnerabilities.
“The close collaboration and knowledge exchange within our team, as well as with colleagues from the research and education community, provided ideas and best practices for the implementation of a new filtering system,” explains Nabil Ben Soltana of the Belnet Networks team.
Besides standard rules, such as blocking packets coming from private addresses, Belnet also applied specific rules. “Tailored security is a must. After all, all the intermediate machines where traffic passes through are also targets for attackers.”
Gradual implementation
The new filters were first extensively examined in a test environment, which included simulating external attacks to verify their effectiveness. Only after an optimum result had been achieved in the test environment did our specialists proceed with the implementation on the Belnet network itself.
This was also done in phases: the routers were divided into different categories, with a verification after each step to check that the traffic was not affected. The whole process was managed remotely via an automated script, with no impact on the Belnet community.
“Of course, the review of our filters is only one aspect in the security of our infrastructure,” Nabil Ben Soltana stresses. “Security evolves at lightning speed, so we must constantly question ourselves and allow our network to evolve along with us.”