Topic 2.

Network Security

What is Network Security?

Network security refers to the various countermeasures put in place to protect the network and data stored on
or passing through it. Network security works to keep the network safe from cyberattacks, hacking attempts,
and employee negligence.

There are three components of network security:

1. hardware,
2. software, and
3. cloud services.

Hardware appliances are servers or devices that perform certain security functions within the networking
environment. Hardware can be installed out of the path of network traffic, or “out-of-line,” but it’s more
commonly installed in the path of traffic, or “in-line.” The advantage of this is that in-line security
appliances are able to stop data packets that have been flagged as potential threats, whereas out-of-line
appliances simply monitor traffic and send alerts when they detect something malicious.

Network security software, which includes antivirus applications, can be installed on devices and nodes
across the network to provide added detection and threat remediation.

Cloud services refer to offloading the infrastructure to a cloud provider. The set-up is generally similar to
how network traffic passes through in-line hardware appliances, but incoming network traffic is redirected to
the cloud service instead. The cloud service does the work of scanning and blocking potential threats for you
before the traffic is allowed onto your network.

Every good network security system uses a combination of different types of network security tools to create
a layered defense system. The theory behind this strategy is that if a threat manages to slip past one security
countermeasure, the other layers will prevent it from gaining entry to the network. Each layer provides
active monitoring, identification, and threat remediation capabilities in order to keep the network as secure
as possible. Ref: https://www.n-able.com/blog/types-of-network-security#:

Network Security protects your network and data from breaches, intrusions and other threats. This is a vast
and overarching term that describes hardware and software solutions as well as processes or rules and
configurations relating to network use, accessibility, and overall threat protection.

Network Security involves access control, virus and antivirus software, application security, network
analytics, types of network-related security (endpoint, web, wireless), firewalls, VPN encryption and more.

Benefits of Network Security

Network Security is vital in protecting client data and information, keeping shared data secure and ensuring
reliable access and network performance as well as protection from cyber threats. A well designed network
security solution reduces overhead expenses and safeguards organizations from costly losses that occur from
a data breach or other security incident. Ensuring legitimate access to systems, applications and data enables
business operations and delivery of services and products to customers.

Top benefits of Network security

1. Builds trust
Security for large systems translates to security for everyone. Network security boosts client and consumer
confidence, and it protects your business from the reputational and legal fallout of a security breach.

2. Mitigates risk
The right network security solution will help your business stay compliant with business and government
regulations, and it will minimize the business and financial impact of a breach if it does occur.

1
3. Protects proprietary information
Your clients and customers rely on you to protect their sensitive information. Your business relies on that
same protection, too. Network security ensures the protection of information and data shared across the
network.

4. Enables a more modern workplace

From allowing employees to work securely from any location using VPN to encouraging collaboration with
secure network access, network security provides options to enable the future of work. Effective network
security also provides many levels of security to scale with your growing business.

Types of Network Security Protections

A. Firewall
Firewalls control incoming and outgoing traffic on networks, with predetermined security rules. Firewalls
keep out unfriendly traffic and are a necessary part of daily computing. Network Security relies heavily on
Firewalls, and especially Next Generation Firewalls, which focus on blocking malware and application-layer
attacks.

B. Network Segmentation
Network segmentation defines boundaries between network segments where assets within the group have a
common function, risk or role within an organization. For instance, the perimeter gateway segments a
company network from the Internet. Potential threats outside the network are prevented, ensuring that an
organization’s sensitive data remains inside. Organizations can go further by defining additional internal
boundaries within their network, which can provide improved security and access control.

What is Access Control?

Access control defines the people or groups and the devices that have access to network applications and
systems thereby denying unsanctioned access, and maybe threats. Integrations with Identity and Access
Management (IAM) products can strongly identify the user and Role-based Access Control (RBAC) policies
ensure the person and device are authorized access to the asset.

C. Remote Access VPN

Remote access VPN provides remote and secure access to a company network to individual hosts or clients,
such as telecommuters, mobile users, and extranet consumers. Each host typically has VPN client software
loaded or uses a web-based client. Privacy and integrity of sensitive information is ensured through multi-
factor authentication, endpoint compliance scanning, and encryption of all transmitted data.

D. Zero Trust Network Access (ZTNA)

The zero trust security model states that a user should only have the access and permissions that they require
to fulfill their role. This is a very different approach from that provided by traditional security solutions, like
VPNs, that grant a user full access to the target network. Zero trust network access (ZTNA) also known
as software-defined perimeter (SDP) solutions permits granular access to an organization’s applications
from users who require that access to perform their duties.

E. Email Security
Email security refers to any processes, products, and services designed to protect your email accounts and
email content safe from external threats. Most email service providers have built-in email security features
designed to keep you secure, but these may not be enough to stop cybercriminals from accessing your
information.

F. Data Loss Prevention (DLP)

Data loss prevention (DLP) is a cybersecurity methodology that combines technology and best practices to
prevent the exposure of sensitive information outside of an organization, especially regulated data such as
personally identifiable information (PII) and compliance related data: HIPAA, SOX, PCI DSS, etc.

2
G. Intrusion Prevention Systems (IPS)
IPS technologies can detect or prevent network security attacks such as brute force attacks, Denial of Service
(DoS) attacks and exploits of known vulnerabilities. A vulnerability is a weakness for instance in a software
system and an exploit is an attack that leverages that vulnerability to gain control of that system. When an
exploit is announced, there is often a window of opportunity for attackers to exploit that vulnerability before
the security patch is applied. An Intrusion Prevention System can be used in these cases to quickly block
these attacks.

H. Sandboxing
Sandboxing is a cybersecurity practice where you run code or open files in a safe, isolated environment on a
host machine that mimics end-user operating environments. Sandboxing observes the files or code as they
are opened and looks for malicious behavior to prevent threats from getting on the network. For example
malware in files such as PDF, Microsoft Word, Excel and PowerPoint can be safely detected and blocked
before the files reach an unsuspecting end user.

I. Hyperscale Network Security

Hyperscale is the ability of an architecture to scale appropriately, as increased demand is added to the
system. This solution includes rapid deployment and scaling up or down to meet changes in network security
demands. By tightly integrating networking and compute resources in a software-defined system, it is
possible to fully utilize all hardware resources available in a clustering solution.

J. Cloud Network Security

Applications and workloads are no longer exclusively hosted on-premises in a local data center. Protecting
the modern data center requires greater flexibility and innovation to keep pace with the migration of
application workloads to the cloud. Software-defined Networking (SDN) and Software-defined Wide Area
Network (SD-WAN) solutions enable network security solutions in private, public, hybrid and cloud-
hosted Firewall-as-a-Service (FWaaS) deployments.

Robust Network Security Will Protect Against

 Virus: A virus is a malicious, downloadable file that can lay dormant that replicates itself by changing
other computer programs with its own code. Once it spreads those files are infected and can spread from
one computer to another, and/or corrupt or destroy network data.
 Worms: Can slow down computer networks by eating up bandwidth as well as the slow the efficiency
of your computer to process data. A worm is a standalone malware that can propagate and work
independently of other files, where a virus needs a host program to spread.
 Trojan: A trojan is a backdoor program that creates an entryway for malicious users to access the
computer system by using what looks like a real program, but quickly turns out to be harmful. A trojan
virus can delete files, activate other malware hidden on your computer network, such as a virus and steal
valuable data.
 Spyware: Much like its name, spyware is a computer virus that gathers information about a person or
organization without their express knowledge and may send the information gathered to a third party
without the consumer’s consent.
 Adware: Can redirect your search requests to advertising websites and collect marketing data about you
in the process so that customized advertisements will be displayed based on your search and buying
history.
 Ransomware: This is a type of trojan cyberware that is designed to gain money from the person or
organization’s computer on which it is installed by encrypting data so that it is unusable, blocking access
to the user’s system.

Ref: https://www.checkpoint.com/cyber-hub/network-security/what-is-network-security/

3
What are the principles of network security?
There are three principles within the concept of network security:
1. confidentiality
2. integrity, and
3. availability

Together are sometimes referred to as the “CIA triad.” A network can only be considered secure when it has
all three elements in play simultaneously.

Confidentiality works to keep sensitive data protected and sequestered away from where it can be accessed
by the average user. This goes hand-in-hand with the principle of availability, which seeks to ensure that
data and resources are kept accessible for those who are authorized to access them. Challenges to availability
can include DDoS attacks or equipment failure. The principle of integrity seeks to protect information from
intentional or accidental changes in order to keep the data reliable, accurate, and trustworthy.

Addressing Security Vulnerabilities in a Network

Vulnerability management defined

Vulnerability management is a continuous, proactive, and often automated process that keeps your computer
systems, networks, and enterprise applications safe from cyberattacks and data breaches. As such, it is an
important part of an overall security program. By identifying, assessing, and addressing potential security
weaknesses, organizations can help prevent attacks and minimize damage if one does occur.

The goal of vulnerability management is to reduce the organization's overall risk exposure by mitigating as
much vulnerability as possible. This can be a challenging task, given the number of potential vulnerabilities
and the limited resources available for remediation. Vulnerability management should be a continuous
process to keep up with new and emerging threats and changing environments.

How vulnerability management works

Threat and vulnerability management uses a variety of tools and solutions to prevent and address
cyberthreats. An effective vulnerability management program typically includes the following components:

1. Asset discovery and inventory

IT is responsible for tracking and maintaining records of all devices, software, servers, and more across the
company’s digital environment, but this can be extremely complex since many organizations have thousands
of assets across multiple locations. That’s why IT professionals turn to asset inventory management systems,
which help provide visibility into what assets a company has, where they’re located, and how they’re being
used.

2. Vulnerability scanning
Vulnerability scanners usually work by conducting a series of tests against systems and networks, looking
for common weaknesses or flaws. These tests can include attempting to exploit known vulnerabilities,
guessing default passwords or user accounts, or simply trying to gain access to restricted areas.

3. Patch management
Patch management software is a tool that helps organizations keep their computer systems up to date with
the latest security patches. Most patch management solutions will automatically check for updates and
prompt the user when new ones are available. Some patch management systems also allow for deployment
of patches across multiple computers in an organization, making it easier to keep large fleets of machines
secure.

4. Configuration management
Security Configuration Management (SCM) software helps to ensure that devices are configured in a secure
manner, that changes to device security settings are tracked and approved, and that systems are compliant
with security policies. Many SCM tools include features that allow organizations to scan devices and

4
networks for vulnerabilities, track remediation actions, and generate reports on security policy compliance.

5. Security incident and event management (SIEM)

SIEM software consolidates an organization's security information and events in real time. SIEM solutions
are designed to give organizations visibility into everything that's happening across their IT infrastructure.
This includes monitoring network traffic, identifying devices that are trying to connect to internal systems,
keeping track of user activity, and more.

6. Penetration testing
Penetration testing software is designed to help IT professionals find and exploit vulnerabilities in computer
systems. Typically, penetration testing software provides a graphical user interface (GUI) that makes it easy
to launch attacks and see the results. Some products also offer automation features to help speed up the
testing process. By simulating attacks, testers can identify weak spots in systems that could be exploited by
real-world attackers.

7. Threat intelligence
Threat protection software provides organizations with the ability to track, monitor, analyze, and prioritize
potential threats to better protect themselves. By collecting data from a variety of sources—such as exploit
databases and security advisories—these solutions help companies identify trends and patterns that could
indicate a future security breach or attack.

8. Remediating vulnerabilities
Remediation involves prioritizing vulnerabilities, identifying appropriate next steps, and generating
remediation tickets so that IT teams can execute on them. Finally, remediation tracking is an important tool
for ensuring that the vulnerability or misconfiguration is properly addressed.

Ref: https://www.microsoft.com/en-ww/security/business/security-101/what-is-vulnerability-management