November 17, 2020

Network Security Controls


We all live in a digitalised era where every organization has their identity on the internet. They must focus on protecting the identity because it reflects your company reputation. Network security is any activity that is designed to protect the integrity and usability of your network and data. In simple terms,

“Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users, and programs to perform their permitted critical functions within a secure environment.”

It should focus on both software and hardware technologies, protection from a variety of threats and effective secured access to the network. Network security uses multiple layers of defences in the network. It will implement policies and controls to secure the network. Authorized users will get the access to the network while blocking the malicious threats or exploits to the network. Some of the network security measures are,

·       Network architecture

·       Encryption/ cryptography

·       Content integrity

·       Strong authentication

·       Firewalls

·       Intrusion Detection Systems

Your organizational network architecture should be carefully planned for network security. Segmentation of internal and internet facing application are segmented. For example, DMZ (demilitarised zones) are involved in providing services that extend to users outside the local network. Redundancy is used to provide the services even when one node on the network fails. Another problem to investigate is the Single Point of Failures which could also be minimised by using redundancy.

Another important measure is using encryption and cryptography. We can use open SSL, SSL, TLS encryption when communication over networks to establish an encrypted link between the server and the client. Suppose you get a ransomware attack, but if you kept your files encrypted, the attackers may not be able to decrypt them to access sensitive data and further you need not to pay a ransom if you kept a backup of your data.

When communication over a network content integrity is also an important factor. Error checking codes such as parity check (a check bit added to the end of the bit string) or checksums (receiver checks whether all the bits are received by comparing with the bit count received) are used to the integrity of the transmitted messages.

Having strong authentication protocols in a network is important. You can use different password policies to request users to have strong password, change them periodically, have complex combinations etc. Another authentication mechanism is to use Challenge Response Systems where the user is required to provide a valid answer when the system prompts a question to get authentication access to the network.

Firewalls are used to put a barrier between a trusted internal network and untrusted external network like the internet. Firewall can be hardware or software. We can define rules to block or allow traffic based on the company security policy measures. We can remove unused networking protocols, remove unused network services/ applications, remove unused system or user accounts, disable unused ports and apply all relevant patches to secure the firewall.

An Intrusion Detection System (IPS) will scan network traffic to identify and actively block attacks. They use their threat intelligence ability to block malicious activity and track the progression of suspect files and malware in the network to prevent incidents and reinfection.

These are some of the security mechanisms that we can follow to make our network more secure. Today organizations are facing various treats and attackers are using very advanced technologies to exploit network vulnerabilities. The vulnerabilities can exist in various areas like devices, data, applications, users, network, and locations. Because of that network security controls must be given priority because a simple exploit in the network can cause a widespread disruption and massive damage to the organization reputation.

References

·https://www.cisco.com/c/en/us/products/security/what-is-network-security.html#~types

·https://www.forcepoint.com/cyber-edu/network-security

·https://www.csoonline.com/article/3285651/what-is-network-security-definition-methods-jobs-and-salaries.html

By at
Labels: ,

7 comments:

  1. Pramodi HerathNovember 20, 2020 at 9:14 AM

    Good read Prabod. Can you explain a use case of DMZ please?

    ReplyDelete
    Replies
    1. Prabod_DunuwilaNovember 22, 2020 at 12:01 AM

      Sure Pramodi. One problem for organizations is to provide access to services for the public through the internet such as web, FTP, email while maintaining tight security of the internal network. The approach used to address such an issue is to use a DMZ (demilitarized zone). DMZ is a network area that sits between an internal network and an external network. It allows DMZ hosts to provide services to external network while protecting the internal network in case an intruder compromises a host in DMZ.

      Delete
    2. Pramodi HerathNovember 25, 2020 at 4:00 AM

      Thank you for the clarification Prabod.

      Delete
  2. Ruvy RathnayakeDecember 4, 2020 at 10:20 PM

    Very informative article Probod! You have mentioned some encryption types like SSL, SSL, TLS in this post. What exactly are they? Can you please recommend any article for further reading?

    ReplyDelete
    Replies
    1. Prabod_DunuwilaDecember 4, 2020 at 10:46 PM

      SSL/TLS is a protocol for secure transmission and helps to achieve,
      -Confidentiality: hides the content of the messages
      -Integrity: detects when the messages have been tampered with
      -Authentication: ensures that whoever is sending them is who he says he is.

      SSL(which now called as TLS) stands for Secure Sockets Layer, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. TLS (Transport Layer Security) is just an updated, more secure, version of SSL. Open SSL is a cryptography library that offers open-source application of the TLS protocol. (If you are more interested, you can refer to the RFC specification)

      Delete
  3. Thidasala RathnayakeDecember 5, 2020 at 7:17 PM

    Great blog prabod, Can you please mention the major differences between a firewall and a Intrusion Detection System?

    ReplyDelete
    Replies
    1. Prabod_DunuwilaDecember 5, 2020 at 9:26 PM

      A firewall is a device installed between the internal network of an organization and the rest of the network. It is designed to forward some packets and filter others. IDS is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Though they both relate to network security, an intrusion detection system differs from a firewall. Firewall looks outwardly for intrusions in order to stop them from happening. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

      Delete

Subscribe to: Post Comments (Atom)