Network Security Basics

Ever since the creation of the internet with all of the good that it has brought to the table came the bad as well. In the age of information technology, an unsecured product is a surefire way to numerous issues. A company, which creates a product has to make sure both the software and the network security features of it are as robust as possible. In the previous article we discussed application security, however, it is never complete without a clear network safeguards to serve as a frontline against malicious users trying to exploit the system. But what is network security and what are some of the methods used to protect systems?

Network security is a practice of prevention and protection against unauthorized intrusions into any large corporate or smaller home network. It is complimentary to endpoint security, which focuses on individual devices rather than on their interaction with each other. The SysAdmin, Audit, Network and Security Insitute, or SANS is a private U.S. for-profit company founded in 1989, which specializes in information security, cybersecurity training and certificates and it describes network security as:

“Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, destruction, or improper disclosure, thereby creating a secure platform for computers, users, and programs to perform their permitted critical functions within a secure environment.”

To rephrase it the network security consists of methods of preventing unauthorized users from accessing your hardware. Ideally, someone cannot hack into your computer remotely if they can’t connect to it using a network.

Network Security Basics

Definitions are easy to understand as a starting point, however, how does one implement the vision into practice? Let’s discuss some of the network security basics. There are numerous different perspectives on this however three major aspects always stick out of the bunch. These are:

Protection, which involves the correct configuration of the system as well as the network.
Detection, which involves the ability to identify the changes in the configuration or when to notice when something sketchy happens in the network traffic.
Reaction, which involves identifying and responding to the problem as quickly as possible to return to the safe state and continue running the service.

It is universally accepted that all three of these basic bits have to be covered when securing the network, otherwise, overreliance on one of these will lead to weaker implementation of the others and thus the system, which can still be exploited more or less with ease. The best way to view the network security is not as one line of defense, which if broken everything gets compromised but as a field of battle, which even if invaded the threat can still be responded to, isolated, and then expunged from the system without letting them compromise the whole field.

Cloud Service and Network Security

Cybersecurity is expensive. It requires a lot of funds, a trained team of professionals, licenses, and whatnot. Due to this, a lot of companies started outsourcing their computing to cloud service providers creating a hybrid infrastructure. Even this is no easy task though. Keeping in mind that these infrastructures in themselves are self-contained networks, which can be either physical or multiple virtual machines running on the same server.

To tackle the security issues many cloud service providers have created a centralized security control policies on their own platforms. However, these systems do not always match up with the policies of the company hiring their services and this mismatch can cause additional workload for network security professionals.

Common Methodology

Network security combines a multitude of layers of defences. Each of these layers implement policies and controls. These in term regulate who gets access and who gets blocked from being able to exploit vulnerabilities and threats.

A Computer Information System COmpany, or CISCO, an American multinational technology conglomerate, which specializes in IT, networking, and cybersecurity solutions lists the types of network security as follows:

Firewalls are basically a barrier between your trusted internal network and the outside world, such as the internet. Firewalls have a set of defined rules, which regulate what application has the right to access and what does not. This can be done using both hardware and software. Firewalls can also be divided into smaller categories:

Network firewalls
Next-generation firewalls
Web application firewalls
Database firewalls
Unified threat management
Cloud firewalls
Container firewalls
Network Segregation firewalls

Email security is one of the most important factors of today’s network security as statistically, it is a gateway to a huge number of security breaches. Attackers usually use social engineering to manufacture a very well developed phishing campaigns to deceive the recipients and send them to their bogus websites, designated to steal personal information or to infect the accessing computer with malicious software. Email security applications block incoming attacks and control outbound messages to control what the in and outflow of sensitive information.

Anti-virus and anti-malware software protects the system from malicious software including viruses, worms, Trojans, ransomware, spyware, and etc. Malware usually has payload dropping timers where they will invade the system and sit dormant until a specific event happens to trigger the payload. Malware may take days, weeks, months, or even years to activate depending on the expected outcome of the hacker.

Network Segmentation is a software-defined methodology, which puts network traffic into different categories, which makes enforcement of security policies much easier. Divide and conquer.

Access Control is a very common method to separate user privileges to access only specific parts of the network. The process is called Network Access Control and it regulates which devices have what type of access rights. These may be limited, full-on the administrator with access to everything, and blocking the malicious or noncompliant users.

Application Security is a big part of network security as well as one operates in conjunction with the other. Any software created has some vulnerabilities or contains holes. The attackers will use these to infringe on your network and cause havoc.

Behavioural Analysis is one of the best ways to detect malicious activity over the network. However, to be able to do this one must first know what normal behavior is. This is done via extensive logging and monitoring of usual activities and then spotting anything out of usual.

Data Loss Prevention (DLP) is a method of making sure that the members of the organization do not send out sensitive information outside of the network. DLP is a technology that can prevent people from uploading, forwarding, or even printing critical data.

Intrusion Prevention Systems (IPS) scans network traffic for an attacker and blocks their access upon detection. Cisco has a cutting edge software called Next-Generation IPS (NGIPS) which do this by crosschecking with huge amounts of global threat intelligence and not only blocks the malicious attackers but also pays attention to the progression of hacker inside of the system to prevent further outbreaks and reinfections.

Mobile Device Security is becoming more and more important day by day since the world has now gone almost fully handheld. As of today, losing your mobile phone may cause much more trouble than losing your wallet. Because of this cybercriminals are targeting our smartphones and applications. This is even more reinforced by the fact that loads of banking, shopping, and etc. activities are also done solely on the mobile devices. It is estimated that within the next 3 years, 90 percent of the IT organizations will have support for smartphone users. Due to this, MDS is becoming a vital part of network security.

Security Information and Event Management (SIEM) products are tools, which help security staff in identifying and responding to threats. SIEMs may come in different shapes and forms including physical and virtual appliances.

Virtual Private Network (VPN) is a piece of software, which encrypts the connecting from an endpoint to a network. This means that even if the attacker somehow comes by the information in the middle of the transfer they won’t be able to utilize it since it will all be encrypted by some VPN standard. Apart from this, tracking individual network connections is also becoming harder due to the fact that VPN providers have their own servers which help spread out the connection making geolocating the user harder.

Web Security Solutions control corporate staff’s internet access. This method can be used to block malicious websites and web-based threats. Note: Web Security also refers to the steps one takes to protect their website.

Wireless Security is a must-have in the 21st century as wireless networks are nowhere near as secure as wired ones. Since tapping into the wired network is almost impossible without a landline connection to the device, the wireless networks can be accessed using a device somewhere in the vicinity of the router making it that much more dangerous to use unprotected networks. This is why it is always recommended not to do banking or any other sensitive work on a public WiFi network.

In addition to all of this, network security professionals will also utilize specific tools to keep track of what’s happening inside of the network. This may include stuff like:

Packet sniffers, which give deep insight into data traffic. This means that it shows information about connections and whats and wheres about every individual node.
Vulnerability scanners like Nessus
Intrusion detection and prevention software, like Snort
Penetration testing software, which attempts to penetrate your own network to see how robust the security standards are. The best way to understand the vulnerabilities is to try and crack it open.

Conclusion

Network Security is an integral part of the scheme to protect the system. As expensive and intensive as it may get the issues will always come up as you go. However, there are multiple tools that security professionals utilize to keep the system protected from malicious attacks. It is also important to note that not everyone needs to have a network security of the Pentagon. If someone is running a small business that does not keep personal information of customers or other highly sensitive data - there's no point in having 10 guards with watchdogs surrounding server room with blastproof door and a group of another 10 cybersecurity experts monitoring systems day and night.

Everything is heavily dependant on what type of service one is providing and correct assessment of the damage control mechanisms. Apart from all of this, the security budget is usually set up after extensive research into possible threats to the company.