There’s an article out there in the aether (OK, by “aether” I really mean it’s Ars) about why merging your networks may not be such a good idea. Essentially, the article addresses “network convergence” — i.e., the merging of different currently-disparate networks because you can (i.e. because the underlying substrate is the same.) The TLDR version (though I do, in fact, encourage folks to actually go read it) is that just because various stuff might happen to be IP, there are good practical reasons why maybe having it be segmented is a good idea after all.
What kind of networks is this referring to? Think:
- Broadcast networks (Media and Broadcasting)
- Imaging and biomed networks (Healthcare)
- Plant networks (ICS)
- VOIP
- SAN/Storage
Now, the author of this (the “Strominator”) makes an excellent argument about anti-convergence (i.e. having this stuff stay on different network) based on the time and effort required to converge carefully in a way that won’t make everyone suffer. If you have separate networks now, merging them might be premature (at least for most folks) based on this. His argument is mostly focused on QoS rather than security per se, but it’s a great argument nevertheless — and security implications of willy-nilly merging networks also aren’t non-trivial.
Now, the reason I’m bringing it up is not just to point out that this is an excellent article (which it is) or to argue that they should converge (which without all kinds of due care they probably shouldn’t), but instead to point out that as a practical reality, many so-called “separate” networks already are converged. Not officially… but really they are.
In past lives, you probably know I’ve done some pen testing… You know how many times I’ve found a “segmented” production network that really is? Not often. Maybe (stretching my memory here) not ever – depending on how you define “segmented”. It’s like a narwhal: I’m sure it exists, but am I likely to actually see one?
You see — without intervention and vigilance, it’s only a matter of time in a network large enough until somebody, somewhere breaks the separation… until something that shouldn’t be accessible is. Rogue AP on a telco’s plant network? Check. Bridging turned on for the dual-homed workstation in the power plant’s ICS network? Why not? Live network jacks on the clinical network? Don’t mind if I do.
Point is, the anti-convergence argument is a good one… but there’s a corollary. Which is, if you have a network that’s supposed to have an air gap, check to make sure that gap is actual fact. If you’re not explicitly testing it, you might be surprised what you find.
<Note: the views presented are my own and do not necessarily reflect those of my employer.>