When it comes to network security, most people think of the obvious. Typically that includes firewalls, intrusion detection and prevention systems, and identity and access management. While these components and practices are helpful, they should be considered baseline security. Beyond these, there are a lot of things most people do not think about that can dramatically increase the level of security on a network. Increasing network security through microsegmentation Implementing is one way to take network security to the next level. Microsegmentation basically involves keeping systems separated from each other and filtering the traffic between them to make sure that they are secure and isolated from each. This allows you to police and shape what happens in the network, keeping a breach or attack that takes place in one system from affecting other systems. microsegmentation Admission control is one of the benefits of microsegmentation. When someone has physical access to the network, it is easy for that person to plug into the system and take it down. By using to control access to the system’s media access control (MAC) address — which is the hardware address of the Ethernet card — you can prevent unauthorized users from plugging into the system. 802.1X authentication Segmenting users is another strategy for adding a layer of security to networks. With network switching, you can create something called a virtual LAN, or VLAN, which is basically a virtual switch inside of the network switch. By creating VLANs, you can isolate users that don't need to talk to each other. For example, VLANs allow you to create a network specifically for the HR team, another for the accounting team, and another for system administrators, all on the same system. In order to go outside of their dedicated VLAN, users need to go through a router. Once a router is involved, you can utilize access control lists and other security filtering. VLANs allow you to microsegment your systems with the goal of making sure that one system can't attach to another system. To implement even more control, private VLANs can be set up. While VLANs keep networks separate, each VLAN may have a number of servers on it. If there are 15 servers plugged into a VLAN, all of those servers can talk to each other. If one gets a worm or a virus, the other servers on the VLAN can be infected. Establishing a private VLAN keeps those servers from communicating, thus keeping the attack from spreading. Increasing network security at the IP level Moving up the TCP IP stack to the IP level provides other opportunities for increasing network security. For example, by creating an just like a firewall rule, which will look at the source address, destination address, protocol, and port number, you can create filters that limit the traffic that can move between subnets. Adding that control list to the router limits users that are sitting on different subnets from having unlimited access to the network. access control list Rate limiting is another security tool that can be implemented at this level. Imagine, for example, that you have a system with a 100GB network that gets infected with a worm. That worm could literally spew 100GB in network traffic into the network, which could wreak havoc and cause the system to crash. Rate limiting keeps traffic from exceeding a predefined amount. In the example of the worm, the increased traffic would violate the network’s standards and be dropped, avoiding a crisis and a costly crash. Finally, quality of service (QoS) or traffic prioritization can be used to bolster security on a network. If a system gets hacked or has a worm or virus, theoretically the attack could overwhelm the network with traffic and disable critical network functions. This can be prevented on the networking side by enabling QoS, sometimes referred to as a queuing mechanism, to prioritize one type of traffic over another. For example, it can ensure that network availability is prioritized for voice traffic and certain critical application traffic while deprioritizing everything else. In essence QoS defeats the worm by making sure critical traffic continues to get through. When it comes to network attacks, companies must be asking, “When will it happen?” rather than “Will it happen?” show that a company falls victim to a cyberattack every 39 seconds. Repelling attacks and limiting their damage demands more than baseline security. Applying safeguards that most companies do not think about might be the step that keeps your company safe. Statistics for 2021

Different

Keep

What is BGP Hijacking and How Do You Prevent It?

Cloud Architects Need More than Certifications

Nominated for 2022 - HackerNoon Contributor of the Year - Software Architecture

Nominated for 2022 - HackerNoon Contributor of the Year - Cloud Computing

Nominated for 2022 - HackerNoon Contributor of the Year - Google Cloud Platform

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Network Security: Things Most People Don’t Think About

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

BGP – What It Is and Why People are So Consumed with this Protocol

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

BGP – What It Is and Why People are So Consumed with this Protocol

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps