There is a wide variety of network security hardware, software, and methods that can be combined to protect sensitive data against external attacks and insider threats.
This article outlines network security core principles and the most popular technologies used by cybersecurity professionals to reduce network vulnerabilities.
What is Network Security?
Network security is any practice or tool designed and implemented to secure a network and its data. It includes software, hardware, and cloud solutions. Effective network security tools stop a wide range of cyberattacks, and prevent attacks spreading throughout the network in case of a data breach.
In today’s cyber environment, every organization must implement network security processes and solutions to maintain the uptime of their online resources. All network security solutions are implemented in accordance with the core principles of network security.
Understanding the Principles of Network Security
The CIA Triad
The CIA triad consists of three core principles that work together to ensure network security. Any network security solution can be categorized as supporting one of the following principles:
Confidentiality: Data is kept protected against threats and unauthorized access.
Integrity: Data is kept accurate and trustworthy by preventing accidental or intentional alterations or deletion.
Availability: Data is kept accessible to those who are authorized to have access.
Network Security Components
To deter cyberattacks and hacking attempts, a total of three types of network security components can be called upon – hardware, software, and cloud security components.
Hardware components include servers and devices that perform an array of security operations within a network. Hardware components can be set up in two ways:
Out of the path of network traffic (“out-of-line”): Operating as a separate entity from network traffic, out-of-line security appliances are tasked with monitoring traffic and raising alerts when they detect malicious data.
In the path of network traffic (“in-line”): A more popular option of the two, in-line hardware appliances are tasked with directly blocking data packets the moment they run into potential threats.
Security software components are installed on devices across the network, providing added detection capabilities and threat remediation. The far most common form of software network security components are antivirus applications.
Finally, cloud services entail offloading the security infrastructure onto a cloud provider. The protection strategy is similar to in-line hardware appliances as all the network traffic goes through the cloud provider. While there, the traffic gets scanned for potential threats before either being blocked or allowed into the network.
Sound networks usually rely on a combination of several security components working at once. This kind of a multi-layered defense system ensures that even if a threat manages to slip through the cracks of one component, another layer of protection will keep it from gaining access to the network.
Layered security is a network security practice that combines multiple security controls to protect networks against threats. By using a layered security approach, a network has the greatest amount of coverage possible to address the wide variety of security threats that could infiltrate the network. A layered security approach also provides added opportunities for threat detection and response in the event that a threat bypasses one of the security layers.
For example, in an effort to secure a house against outside intruders a homeowner may use a fence, locks on the doors, security cameras, and a guard dog. Each added layer of security increases the overall effectiveness of the defense strategy while simultaneously adding unique threat detection and prevention capabilities that complement and supplement the other security measures.
The Zero-Trust Framework
Zero-trust is a cybersecurity framework that emphasizes that organizations should not automatically allow traffic throughout the network, even if it comes from an internal source. This differs from the castle-and-moat framework, where network security is achieved by creating a hardened perimeter of security that is focused on addressing external threats.
The core concept of zero-trust is that traffic cannot be trusted until it is properly verified as being legitimate. This protects networks against insider threats and compromised credentials within the internal perimeter that would normally provide threat actors with minimal resistance as they spread throughout the network.
Verification is achieved through a variety of methods and technologies, including multi-factor authentication (MFA), identity and access management (IAM), and data analytics. In a segmented network, the verification systems that are in place continue to verify traffic as it passes along each of the segments to ensure that the user activity is legitimate throughout the entire session.
Types of Network Security, Tools, & Methods
Access Control & Authentication
Access control and authentication measures protect networks and data by validating user credentials and ensuring that those users are only permitted to access the data that is necessary for their role. Tools that aid access control and authentication include privileged access management (PAM), Identity as a Service (IaaS) providers, and network access control (NAC) solutions.
Access control and authentication solutions are also used to verify that valid users are accessing the network from secured endpoints. To verify, it performs a ‘health check’ that ensures the latest security updates and prerequisite software are installed on the endpoint device.
Anti-Virus & Anti-Malware
Anti-virus and anti-malware protect networks from malicious software that is used by threat actors to create a backdoor that they can use to further infiltrate the network. It’s important to note that while there are similarities between anti-virus and anti-malware programs, they are not exactly the same.
Anti-Virus: Prevention-based, protects networks by proactively stopping endpoint devices from becoming infected.
Anti-Malware: Treatment-based, protects networks by detecting and destroying malicious programs that have infiltrated the network.
As the nature of malicious software is continually evolving, implementing both network security options in conjunction is the best method for ensuring network security.
Application security ensures that the software used throughout the network is secure. Application security is ensured by limiting the amount of software that is used, ensuring that software is kept up-to-date with the latest security patches and that applications developed for use in the network are appropriately hardened against potential exploits.
Behavioral analytics is an advanced threat detection method that compares historical network activity data to current events in an effort to detect anomalous behavior. An example of this would be if a user typically uses a given endpoint device to access a specific database somewhere between 3-4 times per day on average, an instance where that user instead uses a new endpoint device to access a different database several times would be flagged for review.
Distributed denial-of-service (DDoS) attacks attempt to crash the network by overloading it with a large influx of incoming connection requests. DDoS prevention solutions analyze incoming requests to identify and filter out illegitimate traffic in an effort to maintain the network’s accessibility for legitimate connections.
DDoS attacks are either carried out through a distributed network of attackers that execute scripts to send a large volume of incoming requests to the network or through a widespread series of devices that have been compromised and converted into an orchestrated system known as a botnet.
Data Loss Prevention (DLP)
Data loss prevention (DLP) tools protect the data inside a network by preventing users from sharing sensitive or valuable information outside of the network and ensuring that data is not lost or misused. This can be accomplished by analyzing files that are sent via email, file transfers, and instant messages for data that is considered to be sensitive, such as personally identifiable information (PII).
Email security measures protect networks from phishing attacks that attempt to trick users into clicking links to malicious websites or downloading seemingly innocent attachments that introduce malware into the network. Email security tools proactively fight phishing by identifying suspicious emails and filtering them out before they reach the user’s inbox.
According to the 2019 Verizon Data Breach Investigations Report (DBIR), 94% of malware was discovered to have been delivered via email and 32% of data breaches involved phishing attacks. Email security tools complement anti-phishing training by reducing the volume of malicious emails that pass through the network and into the inboxes of users.
Endpoint security protects networks by ensuring that the devices that will be connected to the network are secured against potential threats. Endpoint security is achieved alongside network security by combining several other network security tools such as network access control, application security, and network monitoring.
An endpoint device is any piece of hardware that is connected to a local area network (LAN) or wide area network (WAN), such as workstations, laptops, smartphones, printers, and mobile kiosks.
Firewalls are hardware appliances and software programs that act as a barrier between incoming traffic and the network. The firewall compares data packets that are sent over the network to predefined policies and rules that indicate whether or not the data should be permitted into the network.
Mobile Device Security
Mobile device security centers around limiting the access that mobile devices have to the network and ensuring that the security vulnerabilities of mobile devices that are permitted on the network are monitored and managed.
Mobile device security measures include mobile device management (MDM) solutions that allow administrators to segment sensitive data on mobile devices, enforce data encryption, determine the applications that are permitted to be installed, locate lost or stolen devices, and remotely wipe sensitive data.
Network Monitoring & Detection Systems
Network monitoring & detection systems include a wide variety of applications that are designed to monitor incoming and outgoing network traffic and respond to anomalous or malicious network activity.
Examples of network monitoring & detection systems:
Intrusion Prevention Systems (IPS) scan network traffic for suspicious activity such as policy violations in an effort to automatically block intrusion attempts.
Intrusion Detection Systems (IDS) work similarly to IPS, with an emphasis on monitoring network packets and flagging suspicious activity for review.
Security Information And Event Management (SIEM) provide a detailed overview of network events using a combination of host-based and network-based intrusion detection methods. SIEM systems provide administrators with valuable log data for investigating security incidents and flagging suspicious behavior.
Network segmentation is a common network security practice for reducing the ease of which network security threats can spread. Network segmentation involves classifying a larger network into multiple subnetworks, with each subnetwork being managed with its own unique access controls. Each subnetwork acts as its own unique network to improve monitoring capabilities, boost network performance, and enhance security.
Virtual Private Networks (VPN)
Virtual private networks provide secure remote access from a given endpoint into a network. A VPN encrypts all network traffic that goes through it to prevent the unauthorized analysis of data sent to and from the network. It is often used by off-site workers that need a secure connection to their company’s network, allowing them to access data and applications that are necessary for their role.
Web security protects networks by proactively protecting endpoint devices against web-based threats. Web security technologies such as a web filter will use a database of known malicious or vulnerable websites to maintain a blacklist, block commonly exploited network ports, and prevent users from engaging in high-risk activities on the internet.
Web filtering solutions can be configured to only allow pre-authorized domains that are on the web filter’s whitelist. When a whitelist is used the web filter will block access to all websites that are not on the whitelist.
Web security products may also include capabilities for analyzing connection requests to a website and determining if the website meets the minimum security requirements of the network before allowing users to access it.
Wireless security measures protect the network against vulnerabilities that are unique to wireless connections. Wi-Fi networks openly broadcast connections to nearby devices, creating added opportunities for nearby threat actors to attempt to access the network. Wireless security is enhanced through methods such as encrypting data passed over wireless networks, filtering MAC addresses to restrict access, and privatizing the network SSID to avoid broadcasting the name of the network.
To truly protect a network, multiple specialized hardware and software need to be installed and managed. By implementing a layered network security approach with tools that support the principles of the CIA triad, a network can be secured against a wide array of vulnerabilities.
Source: This article was written in collaboration with Dale Strickland, Marketing Coordinator at CurrentWare. Click here to see the original