What Is Network Security?

Network security is any activity designed to protect the usability and integrity of your
network and data.
 It includes both hardware and software technologies

 It targets a variety of threats

 It stops them from entering or spreading on your network

 Effective network security manages access to the network

Secure your remote
How does network security work?
Network security combines multiple layers of defenses at the edge and in the network. Each
network security layer implements policies and controls. Authorized users gain access to
network resources, but malicious actors are blocked from carrying out exploits and threats.
How do I benefit from network security?
Digitization has transformed our world. How we live, work, play, and learn have all changed.
Every organization that wants to deliver the services that customers and employees demand
must protect its network. Network security also helps you protect proprietary information
from attack. Ultimately it protects your reputation.
Types of network security

Firewalls

Firewalls put up a barrier between your trusted internal network and untrusted outside
networks, such as the Internet. They use a set of defined rules to allow or block traffic. A
firewall can be hardware, software, or both.
Email security

Email gateways are the number one threat vector for a security breach. Attackers use personal
information and social engineering tactics to build sophisticated phishing campaigns to
deceive recipients and send them to sites serving up malware. An email security application
blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data.

Anti-virus and anti-malware software

"Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware,
and spyware. Sometimes malware will infect a network but lie dormant for days or even
weeks. The best antimalware programs not only scan for malware upon entry, but also
continuously track files afterward to find anomalies, remove malware, and fix damage.

Network segmentation

Software-defined segmentation puts network traffic into different classifications and

makes enforcing security policies easier. Ideally, the classifications are based on endpoint
identity, not mere IP addresses. You can assign access rights based on role, location, and
more so that the right level of access is given to the right people and suspicious devices are
contained and remediated.

Access control

Not every user should have access to your network. To keep out potential attackers, you need
to recognize each user and each device. Then you can enforce your security policies. You can
block noncompliant endpoint devices or give them only limited access. This process is
network access control (NAC).

Application security

Any software you use to run your business needs to be protected, whether your IT staff builds
it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities,
that attackers can use to infiltrate your network. Application security encompasses the
hardware, software, and processes you use to close those holes.

Behavioral analytics

To detect abnormal network behavior, you must know what normal behavior looks like.
Behavioral analytics tools automatically discern activities that deviate from the norm. Your
security team can then better identify indicators of compromise that pose a potential problem
and quickly remediate threats.
Data loss prevention

Organizations must make sure that their staff does not send sensitive information outside the
network. Data loss prevention, technologies can stop people from uploading, forwarding, or
even printing critical information in an unsafe manner.
Intrusion prevention systems

An intrusion prevention system (IPS) scans network traffic to actively block attacks.
Cisco Next-Generation IPS (NGIPS) appliances do this by correlating huge amounts of
global threat intelligence to not only block malicious activity but also track the progression of
suspect files and malware across the network to prevent the spread of outbreaks and
reinfection.

Mobile device security

Cybercriminals are increasingly targeting mobile devices and apps. Within the next 3 years,
90 percent of IT organizations may support corporate applications on personal mobile
devices. Of course, you need to control which devices can access your network. You will also
need to configure their connections to keep network traffic private.
Security information and event management

SIEM products pull together the information that your security staff needs to identify and
respond to threats. These products come in various forms, including physical and virtual
appliances and server software.
VPN

A virtual private network encrypts the connection from an endpoint to a network, often over
the Internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to
authenticate the communication between device and network.
Web security

A web security solution will control your staff’s web use, block web-based threats, and deny
access to malicious websites. It will protect your web gateway on site or in the cloud. "Web
security" also refers to the steps you take to protect your own website.
Wireless security
Wireless networks are not as secure as wired ones. Without stringent security measures,
installing a wireless LAN can be like putting Ethernet ports everywhere, including the
parking lot. To prevent an exploit from taking hold, you need products specifically designed
to protect a wireless network.

What Is Access Control?

Access control is a data security process that enables organizations to manage who is authorized
to access corporate data and resources. Secure access control uses policies that verify users are
who they claim to be and ensures appropriate control access levels are granted to users.
Implementing access control is a crucial component of web application security, ensuring only
the right users have the right level of access to the right resources. The process is critical to
helping organizations avoid data breaches and fighting attack vectors, such as a buffer
overflow attack, KRACK attack, on-path attack, or phishing attack.

What are the Components of Access Control?

At a high level, access control is about restricting access to a resource. Any access
control system, whether physical or logical, has five main components:

1. Authentication: The act of proving an assertion, such as the identity of a person or

computer user. It might involve validating personal identity documents, verifying
the authenticity of a website with a digital certificate, or checking login credentials
against stored details.
2. Authorization: The function of specifying access rights or privileges to resources.
For example, human resources staff are normally authorized to access employee
records and this policy is usually formalized as access control rules in a computer
system.
3. Access: Once authenticated and authorized, the person or computer can access the
resource.
4. Manage: Managing an access control system includes adding and removing
authentication and authorization of users or systems. Some systems will sync with G
Suite or Azure Active Directory, streamlining the management process.
5. Audit: Frequently used as part of access control to enforce the principle of least
privilege. Over time, users can end up with access they no longer need, e.g. when
they change roles. Regular audits minimize this risk.

How Does Access Control Work?

Access control can be split into two groups designed to improve physical security
or cybersecurity:

 Physical access control: limits access to campuses, building and other physical
assets, e.g. a proximity card to unlock a door.
 Logical access control: limits access to computers, networks, files and
other sensitive data, e.g. a username and password.

For example, an organization may employ an electronic control system that relies on
user credentials, access card readers, intercom, auditing and reporting to track
which employees have access and have accessed a restricted data center. This
system may incorporate an access control panel that can restrict entry to individual
rooms and buildings, as well as sound alarms, initiate lockdown procedures and
prevent unauthorized access.

This access control system could authenticate the person's identity

with biometrics and check if they are authorized by checking against an access
control policy or with a key fob, password or personal identification number (PIN)
entered on a keypad.
Another access control solution may employ multi factor authentication, an example
of a defense in depth security system, where a person is required to know something
(a password), be something (biometrics) and have something (a two-factor
authentication code from smartphone mobile apps).

In general, access control software works by identifying an individual (or computer),

verifying they are who they claim to be, authorizing they have the required access
level and then storing their actions against a username, IP address or other audit
system to help with digital forensics if needed.

What are the Types of Access Control?

The main types of access control are:

 Attribute-based access control (ABAC): Access management systems were

access is granted not on the rights of a user after authentication but based on
attributes. The end user has to prove so-called claims about their attributes to the
access control engine. An attribute-based access control policy specifies which
claims need to be satisfied to grant access to the resource. For example, the claim
may be the user's age is older than 18 and any user who can prove this claim will be
granted access. In ABAC, it's not always necessary to authenticate or identify the
user, just that they have the attribute.
 Discretionary access control (DAC): Access management where owners or
administrators of the protected system, data or resource set the policies defining who
or what is authorized to access the resource. These systems rely on administrators
to limit the propagation of access rights. DAC systems are criticized for their lack of
centralized control.
 Mandatory access control (MAC): Access rights are regulated by a central
authority based on multiple levels of security. MAC is common in government and
military environments where classifications are assigned to system resources and the
operating system or security kernel will grant or deny access based on the user's or
the device's security clearance. It is difficult to manage but its use is justified when
used to protected highly sensitive data.
 Role-based access control (RBAC): In RBAC, an access system determines who
can access a resource rather than an owner. RBAC is common in commercial and
military systems, where multi-level security requirements may exist. RBAC can be
distinguished from MAC primarily by the way it handles permissions. MAC controls
read and write permissions based on a user/device's clearance level while RBAC
controls collections of permissions that may include complex operations such as
credit card transactions or may be as simple as read or write. Commonly, RBAC is
used to restrict access based on business functions, e.g. engineers, human
resources.
 Rule-based access control: A security model where an administrator defines rules
that govern access to the resource. These rules may be based on conditions, such
as time of day and location. It's not uncommon to have some form of rule-based
access control and role-based access control working together.
What is a firewall? And what isn’t a firewall?
A firewall is a network security perimeter device that inspects traffic entering
and leaving the network. Depending on the security rules assigned specifically
to it, the firewall either permits safe traffic or denies traffic it deems as
dangerous.

A firewall’s main objective is to establish a barrier (or “wall”) that separates an

internal network from incoming external traffic (such as the internet) for the purpose
of blocking malicious network packets like malware and hacking.

When discussing firewalls, it is critical to clear up any confusion regarding what

constitutes a firewall and what does not. For instance, intrusion detection systems,
routers, proxy servers, VPNs and antivirus solutions are not firewalls. Many firewall
architectures are built into other security solutions, and many security solutions are
built into firewalls.

How does firewall technology work?

Firewalls carefully analyze incoming traffic arriving on a computer’s entry point,
called a port, which determines how external devices communicate with each other
and exchange information.

Firewalls operate using specific firewall rules. A firewall rule will typically include a
source address, a protocol, a port number and a destination address.

Here’s an analogy to explain the components of a firewall rule. Instead of protecting

a network, think of a giant castle. The source address represents a person wishing to
enter the castle. The port represents a room in the castle. The protocol represents a
mode of transportation, and the destination address represents the castle.

Only trusted people (source addresses) may enter the castle (destination address) at
all. Or perhaps only people that arrive on foot (protocol). Once inside, only people
within the house are permitted to enter certain rooms (destination ports), depending
on who they are. The king may be allowed in any room (any port), while guests and
servants may only access a certain number of rooms (specific ports).

In this analogy, the firewall would act like an elaborate alarm system.

Types of firewalls and deployment options

Adding to the confusion of what constitutes a firewall, there are numerous firewall
types to be aware of.
First, firewalls are classified by what they are and where they reside. For example,
firewalls can either be hardware or software, cloud-based or on-premises.

A software firewall resides on an endpoint (like a computer or mobile device) and

regulates traffic directly from that device. Hardware firewalls are physical pieces of
equipment that reside between your gateway and network. Cloud-based firewalls,
also known as Firewall-as-a-service (FaaS), act like any other internet-based SaaS
solutions, performing their work in the cloud.

Next, and this is the most common distinction between types, firewalls are classified
by functionality.

The most common firewall types based on methods of operation are:

 Packet-filtering firewalls
 Proxy firewalls
 NAT firewalls
 Web application firewalls
 Next-gen firewalls (NGFW)
Packet-filtering firewalls

Packet-filtering firewalls, the most basic firewall type, examine packets and prevent
them from moving on if the specific security rule is not met. This firewall's function is
to perform a simple check of all data packets arriving from the network router and
inspecting the specifics like source and destination IP address, port number,
protocol, and other surface-level data.

Packet filtering firewalls don’t open data packets to inspect their contents. Any data
packet that fails the simple inspection is dropped.

Their main drawback is that they provide only basic protection and are therefore
more vulnerable to being bypassed.

Packet-filtering firewalls can either be stateful and stateless. Stateless firewalls only
analyze each packet individually, whereas stateful firewalls — the more secure
option — take previously inspected packets into consideration.

Proxy firewalls

Proxy firewalls, also known as application-level firewalls, filter network traffic at

the application layer of the OSI network model. As an intermediary between two
systems, proxy firewalls monitor traffic at the application layer (protocols at this layer
include HTTP and FTP). To detect malicious traffic, both stateful and deep packet
inspection are leveraged.
Proxy firewalls typically operate in the cloud or through another proxy device. Instead
of allowing traffic to connect directly, a connection to the traffic’s source is
established and the data packet is inspected.

NAT firewalls

Network address translation (NAT) firewalls work by assigning a public address to a

group of devices inside a private network. With NAT, individual IP addresses are
hidden. Therefore, attackers scanning for IP addresses on a network are prevented
from discovering specific details.

NAT firewalls and proxy firewalls both act as a go-between connecting groups of
devices with outside traffic.

Web application firewalls

Web application firewalls (WAF) are responsible for filtering, monitoring, and
blocking data packets as they travel in and out of websites or web applications. A
WAF can either reside on the network, at the host or in the cloud and is typically
placed in front of one or many websites or applications. WAFs are available as
server plugins, cloud services, or network appliances.

A WAF is most similar to the proxy firewall, but has a more specific focus on
defending against application layer web-based attackers.

NGFW firewalls

As the threat landscape intensifies, the Next-generation firewall (NGFW) is the most
popular firewall type available today.

Thanks to the major improvements in storage space, memory, and processing

speeds, NGFWs build upon traditional firewalls' features and add other critical
security functions like intrusion prevention, VPN, anti-malware, and even encrypted
traffic inspection. NGFW’s ability to handle deep packet inspection means that the
firewall can unpack the packet's data to prevent any packets with malicious data
from moving forward.

Compared to traditional firewalls, these firewalls provide extensive application control

and visibility, distinguish between safe and dangerous applications, and block
malware from entering a network.
Network Device Security:
Guide and Best Practices

What is network device security?

Network device security is the use of policies and configurations that a network
administrator sets to monitor and protect the network devices from any
unwanted or unauthorized access, changes, or use. It is vital for any organization
to have secure network infrastructure devices in order to limit disruptions or
data loss. Network device security enables organizations to better control access
to their network devices, and in turn better control access to their network.

What are the types of network security

devices?
There are many types of network devices, but these are some of the most
commonly used ones for securing a network.

Firewalls
For most networks, the firewall is one of the first lines of defense. Firewalls act to
isolate your network and protect it from unwanted network traffic. Depending
on your network, firewalls can be built into devices such as routers and switches
or implemented as standalone protection.
Firewalls can operate in two ways:

1. Whitelisting: The firewall blocks everything except specifically listed network

traffic.
2. Blacklisting: The firewall only blocks suspicious traffic from the network.

Deciding which of these policies to choose is part of determining how to manage

a network, but more often than not, you’ll want to take a Whitelisting approach.

Network access control (NAC)

Network access control (NAC) is a network security device that checks the
security settings of any devices trying to enter the network and either denying
entry if settings do not meet predefined policy requirements or allowing entry to
the network if settings match access requirements.
What is Multi-Factor Authentication
(MFA)?
Multi-factor Authentication (MFA) is an authentication method
that requires the user to provide two or more verification
factors to gain access to a resource such as an application,
online account, or a VPN. MFA is a core component of a
strong identity and access management (IAM) policy. Rather
than just asking for a username and password, MFA requires
one or more additional verification factors, which decreases the
likelihood of a successful cyber attack.

Why is MFA Important?

The main benefit of MFA is it will enhance your organization's
security by requiring your users to identify themselves by more
than a username and password. While important, usernames
and passwords are vulnerable to brute force attacks and can be
stolen by third parties. Enforcing the use of an MFA factor like a
thumbprint or physical hardware key means increased
confidence that your organization will stay safe from cyber
criminals.
How Does MFA work?
MFA works by requiring additional verification information
(factors). One of the most common MFA factors that users
encounter are one-time passwords (OTP). OTPs are those 4-8
digit codes that you often receive via email, SMS or some sort of
mobile app. With OTPs a new code is generated periodically or
each time an authentication request is submitted. The code is
generated based upon a seed value that is assigned to the user
when they first register and some other factor which could
simply be a counter that is incremented or a time value.
Three Main Types of MFA
Authentication Methods
Most MFA authentication methodology is based on one of three
types of additional information:

 Things you know (knowledge), such as a password or PIN

 Things you have (possession), such as a badge or smartphone
 Things you are (inherence), such as a biometric like fingerprints or voice
recognition

MFA Examples
Examples of Multi-Factor Authentication include using a
combination of these elements to authenticate:

Knowledge

 Answers to personal security questions

 Password
 OTPs (Can be both Knowledge and Possession - You know the OTP and you have
to have something in your Possession to get it like your phone)

Possession

 OTPs generated by smartphone apps

 OTPs sent via text or email
 Access badges, USB devices, Smart Cards or fobs or security keys
 Software tokens and certificates

Inherence

 Fingerprints, facial recognition, voice, retina or iris scanning or other Biometrics

 Behavioral analysis

Other Types of Multi-Factor

Authentication
As MFA integrates machine learning and artificial intelligence
(AI), authentication methods become more sophisticated,
including:

Location-based
Location-based MFA usually looks at a user’s IP address and, if
possible, their geo location. This information can be used to
simply block a user’s access if their location information does
not match what is specified on a whitelist or it might be used as
an additional form of authentication in addition to other factors
such as a password or OTP to confirm that user’s identity.

Adaptive Authentication or Risk-based Authentication

Another subset of MFA is Adaptive Authentication also referred
to as Risk-based Authentication. Adaptive Authentication
analyzes additional factors by considering context and behavior
when authenticating and often uses these values to assign a
level of risk associated with the login attempt. For example:

 From where is the user when trying to access information?

 When you are trying to access company information? During your normal hours
or during "off hours"?
 What kind of device is used? Is it the same one used yesterday?
 Is the connection via private network or a public network?

The risk level is calculated based upon how these questions are
answered and can be used to determine whether or not a user
will be prompted for an additional authentication factor or
whether or not they will even be allowed to log in. Thus another
term used to describe this type of authentication is risk-based
authentication.

With Adaptive Authentication in place, a user logging in from a

cafe late at night, an activity they do not normally do, might be
required to enter a code texted to the user’s phone in addition
to providing their username and password. Whereas, when
they log in from the office every day at 9 am they are simply
prompted to provide their username and password.

Cyber criminals spend their lives trying to steal your

information and an effective and enforced MFA strategy is your
first line of defense against them. An effective data security
plan will save your organization time and money in the future.

What Does Wireless Local Area Network Security (WLAN

Security) Mean?
Wireless local are network security (WLAN security) is a security system
designed to protect networks from the security breaches to which wireless
transmissions are susceptible. This type of security is necessary because
WLAN signals have no physical boundary limitations, and are prone to
illegitimate access over network resources, resulting in the vulnerability of
private and confidential data. Network operations and availability can also
be compromised in case of a WLAN security breech. To address these
issues, various authentication, encryption, invisibility and other
administrative controlling techniques are used in WLANs. Business and
corporate WLANs in particular require adequate security measures to
detect, prevent and block piggybackers, eavesdroppers and other
intruders.

Wireless Local Area Network Security (WLAN Security)

Security has remained a major concern in WLANs around the globe. While
wireless networks provide convenience and flexibility, they also increase
network vulnerability. Security threats such as unauthorized access,
denial of service attacks, IP and MAC spoofing, session hijacking and
eavesdropping can all be problems for WLANs. To counter these threats,
various standard authentication and encryption techniques are combined
with other access control mechanisms. These protocols, devices and
techniques collectively secure the WLAN a level that equals and even
exceeds wired LAN security.

Some of the technologies employed in WLAN security include:

 Wired Equivalent Privacy (WEP): An old encryption standard used to

overcome security threats. WEP provides security to WLAN by
encrypting the information transmitted over the air so that only the
receivers with the correct encryption key can decrypt the
information.
 WPA/WPA2 (WI-FI Protected Access): Improved on WEP by
introducing Temporal Key Integrity Protocol (TKIP). While still using
RC4 encryption, TKIP uses a temporal encryption key that is
regularly renewed, making it more difficult to steal. In addition,
data integrity was improved through the use of a more robust
hashing mechanism.
 Wireless Intrusion Prevention Systems/Intrusion Detection
Systems: Intrusion detection and prevention focuses on radio
frequency (RF) levels. This involves radio scanning to detect rogue
access points or ad hoc networks to regulate network access.
Advanced implementations are able to visually represent the
network area along with potential threats, and have automatic
classification capabilities so that threats can be easily identified.