Securing the network v2

First let’s start with a diagram of possible IO threats.

 

threats

 

Securing a network involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Many external network security threats today are spread over the Internet. The most common external threats to networks include:

  • Viruses, worms, and Trojan horses – malicious software and arbitrary code running on a user device
  • Spyware and adware – software installed on a user device that secretly collects information about the user
  • Zero-day attacks, also called zero-hour attacks – an attack that occurs on the first day that a vulnerability becomes known
  • Hacker attacks – an attack by a knowledgeable person to user devices or network resources
  • Denial of service attacks – attacks designed to slow or crash applications and processes on a network device
  • Data interception and theft – an attack to capture private information from an organization’s network
  • Identity theft – an attack to steal the login credentials of a user in order to access private data 

    It is equally important to consider internal threats. There have been many studies that show that the most common data breaches happen because of internal users of the network. This can be attributed to lost or stolen devices, accidental misuse by employees, and in the business environment, even malicious employees. With the evolving BYOD strategies, corporate data is much more vulnerable. Therefore, when developing a security policy, it is important to address both external and internal security threats.

So .. What are the security solutions to all these threats?

No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution. If one security component fails to identify and protect the network, others still stand.

A home network security implementation is usually rather basic. It is generally implemented on the connecting host devices, as well as at the point of connection to the Internet, and can even rely on contracted services from the ISP.

In contrast the network security implementation for a corporate network usually consists of many components built into the network to monitor and filter traffic. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components for a home or small office network should include, at a minimum:

  • Antivirus and antispyware – to protect user devices from malicious software
  • Firewall filtering – to block unauthorized access to the network. This may include a host-based firewall system that is implemented to prevent unauthorized access to the host device, or a basic filtering service on the home router to prevent unauthorized access from the outside world into the network.

In addition to the above, larger networks and corporate networks often have other security requirements:

  • Dedicated firewall systems – to provide more advanced firewall capability that can filter large amounts of traffic with more granularity
  • Access control lists (ACL) – to further filter access and traffic forwarding
  • Intrusion prevention systems (IPS) – to identify fast-spreading threats, such as zero-day or zero-hour attacks
  • Virtual private networks (VPN) – to provide secure access to remote workersSo let’s summarize ..Networks must be reliable. This means the network must be fault tolerant, scalable, provide quality of service, and ensure security of the information and resources on the network. Network security is an integral part of computer networking, regardless of whether the network is limited to a home environment with a single connection to the Internet, or as large as a corporation with thousands of users. No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution.

    The network infrastructure can vary greatly in terms of size, number of users, and number and types of services that are supported on it. The network infrastructure must grow and adjust to support the way the network is used. The routing and switching platform is the foundation of any network infrastructure.

Securing the network v1

The Internet has evolved from a tightly controlled internetwork of educational and government organizations to a widely accessible means for transmission of business and personal communications. As a result, the security requirements of the network have changed. The network infrastructure, services, and the data contained on network attached devices are crucial personal and business assets. Compromising the integrity of these assets could have serious consequences, such as:

  • Network outages that prevent communications and transactions from occurring, with consequent loss of business
  • Intellectual property (research ideas, patents, or designs) that is stolen and used by a competitor
  • Personal or private information that is compromised or made public without the users consent
  • Misdirection and loss of personal or business funds
  • Loss of important data that takes a significant labor to replace, or is irreplaceable
  • There are two types of network security concerns that must be addressed: network infrastructure security and information security.

Securing a network infrastructure includes the physical securing of devices that provide network connectivity, and preventing unauthorized access to the management software that resides on them.

Information security refers to protecting the information contained within the packets being transmitted over the network and the information stored on network attached devices. Security measures taken in a network should:

  • Prevent unauthorized disclosure
  • Prevent theft of information
  • Prevent unauthorized modification of information
  • Prevent Denial of Service (DoS)

In order to achieve the goals of network security, there are three primary requirements:

  • Ensuring confidentiality – Data confidentiality means that only the intended and authorized recipients – individuals, processes, or devices – can access and read data. This is accomplished by having a strong system for user authentication, enforcing passwords that are difficult to guess, and requiring users to change them frequently. Encrypting data, so that only the intended recipient can read it, is also part of confidentiality.
  • Maintaining communication integrity – Data integrity means having the assurance that the information has not been altered in transmission, from origin to destination. Data integrity can be compromised when information has been corrupted – willfully or accidentally. Data integrity is made possible by requiring validation of the sender as well as using mechanisms to validate that the packet has not changed during transmission.
  • Ensuring availability – Availability means having the assurance of timely and reliable access to data services for authorized users. Network firewall devices, along with desktop and server antivirus software can ensure system reliability and the robustness to detect, repel, and cope with such attacks. Building fully redundant network infrastructures, with few single points of failure, can reduce the impact of these threats.

    In the v2 article we will review the most used cyber attacks and how to defense our network and computer.