What is a network security threat?

A network security threat is exactly that: a threat to your network and data systems. Any
attempt to breach your network and obtain access to your data is a network threat.
There are different kinds of network threats, and each has different goals. Some,
like distributed denial-of-service (DDoS) attacks, seek to shut down your network or
servers by overwhelming it with requests. Other threats, like malware or credential theft, are
aimed at stealing your data. Still others, like spyware, will insert themselves into your
organization’s network, where they’ll lie in wait, collecting information about your
organization.
There are four main kinds of network threats:
1. External threats: Threats made by outside organizations or individuals, attempting to
get into your network.
2. Internal threats: These are threats from malicious insiders, such as disgruntled or
improperly vetted employees who are working for someone else. These are common.
According to Forrester, 46% of breaches in 2019 involved insiders like employees
and third-party partners.
3. Structured threats: Organized attacks by attackers who know what they’re doing
and have a clear aim or goal in mind. State-sponsored attacks, for example, fall into
this category.
4. Unstructured attacks: Disorganized attacks, often by amateurs with no concrete goal
in mind.
What is the difference between a threat and a
vulnerability?
If threats are attackers throwing rocks at a wall, a vulnerability is a weak spot in the wall —
a place where attackers can break a window, or pull out a loose rock and let themselves in.
Put simply, vulnerabilities are flaws in your systems that can be exploited by attackers. These
are often not malicious errors, but simply mistakes or things that have been overlooked.
Rabi

What are common network threats?

Network threats come in a variety of forms and are constantly evolving and changing. The
most common threats are likely familiar to you already.
1. Phishing:Phishing attacks are attempts to trick people into opening suspicious links
or downloading malicious programs. They range from the easily-spotted to
sophisticated cons targeting a specific individual. Phishing campaigns are currently
one of the most popular methods of attack, according to Microsoft.
2. Ransomware: Often delivered via successful phishing campaigns, ransomware enters
your systems, encrypts your data, and holds it hostage until you pay the attackers’
ransom. Once the ransom is paid, the attackers will allegedly give you control of your
data, but criminals don’t always keep their word.
3. Malware: Any malicious program that enters your system, malware can be
ransomware, a virus, or a worm that infects first a device, then the whole network.
4. DDoS attacks: DDoS attacks overwhelm your servers with requests for information,
forcing sites, servers, and applications to shut down.
 5. Advanced Persistent Threats (APTs): During an APT attack, an unauthorized
attacker codes into a system network and stays there quietly, collecting information.
6. SQL Injection: SQL injection attacks inject malicious code into a site or application
using SQL queries in order to exploit security vulnerabilities and obtain or destroy
private data.
How can you identify threats and vulnerabilities?
1. Watch your own network: The most important way to identify threats and
vulnerabilities is to make sure you can see them. You want to be able to look at your
defenses the way an attacker would, understanding the weaknesses in your network
and the threats most likely to affect your organization.
2. Use threat intelligence: What sort of attacks are being launched, and which threats
might your organization attract? By understanding the threat landscape, you can
protect your organization against threats before they happen.
3. Penetration testing: Where do your defenses buckle under pressure? Which
employee is likely to click a bad link in a suspicious email. You can’t know until you
test your defenses, and penetration testing is the best way to do that.
4. Manage permissions: By segmenting your network and managing permissions so
that not every employee can access every part of your network, you can control who
sees what — and also protect your network against data breaches and malicious
insiders.
5. Use a firewall: there’s no reason not to use firewalls, internally and externally.
Firewalls keep unauthorized users from getting access to your network. They also
keep tabs on the traffic throughout your network.
6. Constantly monitor your network. Security needs to be constantly monitored to be
effective. Once you’ve set your controls, make sure they’re checked regularly and
updated often so that they can catch any new vulnerabilities or threats that may target
your network.

The most common network security threats

Here are the most common security threats examples:
1. Computer virus

We’ve all heard about them, and we all have our fears. For everyday Internet
users, computer viruses are one of the most common network threats in
cybersecurity. Statistics show that approximately 33% of household
computers are affected with some type of malware, more than half of which
are viruses.
Computer viruses are pieces of software that are designed to be spread from
one computer to another. They’re often sent as email attachments or
downloaded from specific websites with the intent to infect your computer —
and other computers on your contact list — by using systems on your network.
Viruses are known to send spam, disable your security settings, corrupt and
steal data from your computer including personal information such as
passwords, even going as far as to delete everything on your hard drive.
2. Rogue security software
Leveraging the fear of computer viruses, scammers have a found a new way
to commit Internet fraud.
Rogue security software is malicious software that mislead users to believe
that they have network security issues, most commonly a computer virus
installed on their computer or that their security measures are not up to date.
Then they offer to install or update users’ security settings. They’ll either ask
you to download their program to remove the alleged viruses, or to pay for a
tool. Both cases lead to actual malware being installed on your computer.
3. Trojan horse

Metaphorically, a “Trojan horse” refers to tricking someone into inviting an

attacker into a securely protected area. In computing, it holds a very similar
meaning — a Trojan horse, or “Trojan,” is a malicious bit of attacking code or
software that tricks users into running it willingly, by hiding behind a legitimate
program.
They spread often by email; it may appear as an email from someone you
know, and when you click on the email and its included attachment, you’ve
immediately downloaded malware to your computer. Trojans also spread
when you click on a false advertisement.
Once inside your computer, a Trojan horse can record your passwords by
logging keystrokes, hijacking your webcam, and stealing any sensitive data
you may have on your computer.

4. Adware and spyware

By “adware” we consider any software that is designed to track data of your

browsing habits and, based on that, show you advertisements and pop-ups.
Adware collects data with your consent — and is even a legitimate source of
income for companies that allow users to try their software for free, but with
advertisements showing while using the software. The adware clause is often
hidden in related User Agreement docs, but it can be checked by carefully
reading anything you accept while installing software. The presence of adware
on your computer is noticeable only in those pop-ups, and sometimes it can
slow down your computer’s processor and internet connection speed.
When adware is downloaded without consent, it is considered malicious.
Spyware works similarly to adware, but is installed on your computer without
your knowledge. It can contain keyloggers that record personal information
including email addresses, passwords, even credit card numbers, making it
dangerous because of the high risk of identity theft.
5. Computer worm

Computer worms are pieces of malware programs that replicate quickly and
spread from one computer to another. A worm spreads from an infected
computer by sending itself to all of the computer’s contacts, then immediately
to the contacts of the other computers.
A worm spreads from an infected computer by sending itself to all of the
computer’s contacts,, then immediately to the contacts of the other computers
Interestingly, they are not always designed to cause harm; there are worms
that are made just to spread. Transmission of worms is also often done by
exploiting software vulnerabilities. While we don’t hear about them much
today, computer worm are one of the most common computer network
threats.
6. DOS and DDOS attack

Have you ever found yourself waiting impatiently for the online release of a
product, one that you’re eagerly waiting to purchase? You keep refreshing the
page, waiting for that moment when the product will go live. Then, as you
press F5 for the last time, the page shows an error: “Service Unavailable.” The
server must be overloaded!
There are indeed cases like these where a website’s server gets overloaded
with traffic and simply crashes, sometimes when a news story breaks. But
more commonly, this is what happens to a website during a DoS attack, or
denial-of-service, a malicious traffic overload that occurs when attackers
overflood a website with traffic. When a website has too much traffic, it’s
unable to serve its content to visitors.
A DoS attack is performed by one machine and its internet connection, by
flooding a website with packets and making it impossible for legitimate users
to access the content of flooded website. Fortunately, you can’t really overload
a server with a single other server or a PC anymore. In the past years it hasn’t
been that common if anything, then by flaws in the protocol.
A DDoS attack, or distributed denial-of-service attack, is similar to DoS, but is
more forceful. It’s harder to overcome a DDoS attack. It’s launched from
several computers, and the number of computers involved can range from just
a couple of them to thousands or even more.
Since it’s likely that not all of those machines belong to the attacker, they are
compromised and added to the attacker’s network by malware. These
computers can be distributed around the entire globe, and that network of
compromised computers is called botnet.
Since the attack comes from so many different IP addresses simultaneously, a
DDoS attack is much more difficult for the victim to locate and defend against.
7. Phishing

Phishing is a method of a social engineering with the goal of obtaining

sensitive data such as passwords, usernames, credit card numbers.
The attacks often come in the form of instant messages or phishing emails
designed to appear legitimate. The recipient of the email is then tricked into
opening a malicious link, which leads to the installation of malware on the
recipient’s computer. It can also obtain personal information by sending an
email that appears to be sent from a bank, asking to verify your identity by
giving away your private information.
9. SQL Injection attack

We know today that many servers storing data for websites use SQL. As
technology has progressed, network security threats have advanced, leading
us to the threat of SQL injection attacks.
SQL injection attacks are designed to target data-driven applications by
exploiting security vulnerabilities in the application’s software. They use
malicious code to obtain private data, change and even destroy that data, and
can go as far as to void transactions on websites. It has quickly become one
of the most dangerous privacy issues for data confidentiality. You can read
more on the history of SQL injection attacks to better understand the threat it
poses to cybersecurity.

10. MIM attacks

Man-in-the-middle attacks are cybersecurity attacks that allow the attacker to

eavesdrop on communication between two targets. It can listen to a
communication which should, in normal settings, be private.
As an example, a man-in-the-middle attack happens when the attacker wants
to intercept a communication between person A and person B. Person A
sends their public key to person B, but the attacker intercepts it and sends a
forged message to person B, representing themselves as A, but instead it has
the attackers public key. B believes that the message comes from person A
and encrypts the message with the attackers public key, sends it back to A,
but attacker again intercepts this message, opens the message with private
key, possibly alters it, and re-encrypts it using the public key that was firstly
provided by person A. Again, when the message is transferred back to person
A, they believe it comes from person B, and this way, we have an attacker in
the middle that eavesdrops the communication between two targets.
Here are just some of the types of MITM attacks:
 DNS spoofing
 HTTPS spoofing
 IP spoofing
 ARP spoofing
 SSL hijacking
 Wi-Fi hacking

Most Common Application Attacks in

Action
Nowadays, application development is moving more and more onto the Web. The
Web hosts entire productivity suites such as Google Docs, calculators, email,
storage, maps, weather and news — everything we need in our daily lives. Our
mobile phones are useless without the Internet since nearly all mobile applications
connect to the cloud, storing our pictures, usernames and passwords and private
information. Even our home devices are now connecting to the Web, with Internet
of Things platforms such as Wink that allow users to dim their house lights right
from their mobile phone.

Application Attacks
The application layer is the hardest to defend. The vulnerabilities encountered here
often rely on complex user input scenarios that are hard to define with an intrusion
detection signature. This layer is also the most accessible and the most exposed to
the outside world. For the application to function, it must be accessible over Port
80 (HTTP) or Port 443 (HTTPS).
In the diagram below, the Web application is completely exposed to the outside
world in spite of network defenses such as firewalls and intrusion prevention
systems:

In 2014, SQL injections, a type of application attack, were responsible for 8.1
percent of all data breaches. That makes it the third most used type of attack,
behind malware and distributed denial-of-service attacks. You will also find on the
list other common application attacks such as security misconfiguration, using
components with known vulnerabilities and cross-site scripting. Attackers were
able to manipulate application input and obtain confidential data without being
detected by network defense systems.
Most vulnerabilities found in the proprietary code of Web applications are
unknown to security defense systems; these are called zero-day vulnerabilities.
This is because these vulnerabilities are specific to each application and have never
been known before. A skilled attacker can easily find these vulnerabilities and
exploit the issue without being detected.
The best defense against these attacks is to develop secure applications. Developers
must be aware of how application attacks work and build software defenses right
into their applications.
1. Unvalidated Redirects and Forwards
This category of vulnerabilities is used in phishing attacks in which the victim is
tricked into navigating to a malicious site. Attackers can manipulate the URLs of a
trusted site to redirect to an unwanted location.

2. Using Components With Known

Vulnerabilities
This category is about using unpatched third-party components. Attackers can
easily exploit old third-party components because their vulnerabilities have been
publicized, and tools and proof of concepts often allow cybercriminals to take
advantage of these flaws with ease. Any script kiddie can conduct an exploit.

3. Cross-Site Request Forgery

This type of attack is used in conjunction with social engineering. It allows
attackers to trick users into performing actions without their knowledge. how an
attacker can steal money from a victim’s banking account by leveraging social
media — and pictures of cats:

4. Missing Function Level Access Control

This category covers situations in which higher-privilege functionality is hidden
from a lower-privilege or unauthenticated user rather than being enforced through
access controls. an attack in which a lower-privilege user gains access to the
administration interface or a Web application:

5. Sensitive Data Exposure

This category deals with a lack of data encryption in transport and at rest. If your
Web applications do not properly protect sensitive data, such as credit cards or
authentication credentials, attackers can steal or modify the data to conduct credit
card fraud, identity theft or other crimes.

6. Insecure Direct Object References

This type of insecure direct object reference allows attackers to obtain data from
the server by manipulating file names. You’ll see how Fitz-Gerald patiently
downloads file by file until the gets the whole database.

7. Cross-Site Scripting
Cross-site scripting is a type of vulnerability that lets attackers insert Javascript in
the pages of a trusted site. By doing so, they can completely alter the contents of
the site to do their bidding — for example, they could send the user’s credentials to
some evil server.
8. Injection
As the all-time favorite category of application attacks, injections let attackers
modify a back-end statement of command through unsanitized user input.This
takes us through several examples of SQL injections, and he ends up making the
application spit out the entire user table, including passwords.

What is network security?

Network security
technologies explained
The modern-day organization is under constant pressure to remain operational and
profitable. Both of these pressures are put to the test by cybercriminals daily, who
attempt to infiltrate, compromise, navigate, and ultimately act in a threatening
manner that can have negative repercussions to productivity, ability to transact,
customer privacy, brand reputation and bottom-line revenue.

So, it’s necessary that organizations look to have proper network security in place to
address the looming threat of cyberattacks in an effort to maintain and protect the
access to and confidentiality of, your organization’s network and data.

What is network security?

Network security is a combination of people, process, policy, and technology used in
in a layered approach to create a network environment that allows for organizational
productivity while simultaneously minimizing the ability for misuse by both external
and internal threat actors.

How is network security implemented?

The people, process, and policy previously mentioned are a key part of the
implementation of network security. They work together to take the security goals
and create various types of security controls that are used to help establish how
network security technologies will be implemented.

The three most common types of network security controls are:

 Physical controls – These controls are used to prevent someone from physically
gaining access to any of your organization’s network components. Your data center
 or server room likely has a keycard system to limit access. That’s a great example of
a physical control. Security guards, video surveillance, picture IDs, and biometrics
are other types of physical controls.

 Data and access controls – These controls are the process and policy that define
how employees can and should act when working with sensitive data, applications,
and systems. Password requirements, mobile device usage, and incident response
are just a few examples of administrative controls.

 Technical controls – Acting as a safeguard or countermeasure when interacting

with critical parts of your network environment, these controls are typically
implemented via network security technologies. The remainder of this article will
focus on these technologies.

Primary network security technologies

A successful layered approach to network security requires a number of
technologies be put in place that each attempt to address the problem of malicious
attacks from a different perspective. Some of the more common network security
technologies include:

 Secure remote access – Access is the one thing every cybercriminal must have to
successfully attack your organization. Access controls limit which users and devices
are able to access specific internal or cloud-based resources. Modern
implementations of access controls include zero trust network access (which
facilitates access to internal and cloud-based resources without logically placing the
user or their device on the corporate network), and secure remote access (a mix of
technologies that can address endpoint security, authentication, secure remote
connections, and elevation of privileges).

 Firewall – Firewalls sit at the logical perimeter of your organization’s network acting
as a network security guard, inspecting inbound and outbound traffic and determining
whether to allow or deny it in real-time.

 Virtual Private Network (VPN) – VPNs encrypt the connection between a remote
endpoint (e.g., your user working from home) and the internal corporate network.

 DDoS prevention / mitigation – Distributed denial of service (DDoS) attacks are

designed to overwhelm firewalls, web application servers and other Internet-facing
systems by saturating the network connection or consuming system resources with
requests. DDoS prevention/mitigation technologies seek to block these types of
attacks while allowing legitimate traffic to continue to flow to their intended application
or system.

 Application security – Many applications and the hardware and OS they run on
have vulnerabilities that need to be secured. Application security technologies seek
to identify and remediate those vulnerabilities. While application security can
encompass many technologies, here we’re referencing those that are considered
true network security technologies, such as web application firewalls.
  Cloud access security broker (CASB) – CASB is comprised of a number of
technologies designed to protect online services, applications, and environments
from threats that take advantage of the anytime, from anywhere, from any device
nature of the cloud.

 Intrusion Prevention System (IPS) – Unlike a firewall that uses simple protocol
rules to allow and deny traffic, IPS scans network traffic and leverages threat
intelligence to identify and block potentially malicious traffic.

 Web security – Outbound use of the Internet by your employees can equally result
in malicious access. Web security technologies focus on blocking malicious websites
and threats found on the Internet.

Common strategies for securing the network

Your organization shouldn’t simply go out and purchase a number of the network
security technologies listed above and implement them; there needs to be a strategy
around why each is implemented, how they interact, how they support the
overarching network security goals, etc.

Many organizations create their strategy using well-accepted security frameworks

and principles. A few examples include:

 NIST Cybersecurity Framework – The U.S. government’s National Institute for

Standards and Technology has developed a cybersecurity framework that provides
you with network security functions, outcomes, activities, and references to help
establish and build your network security strategy.

 CIS Security Controls – The Center for Internet Security offers 20 specific
controls designed to create an continually secure network environment.

 MITRE ATT&CK Framework – typically focused on attack activity, this framework

also provides mitigation guidance to stop cyberattacks.

 Zero Trust – The network security principle based on the idea of “never trust, always
verify”, initially coined by a Forrester researcher, has grown into a well-developed
architecture with a framework recently developed by the folks at NIST.

One or more of the frameworks above will provide you with enough direction to begin
building out your network security strategy, assisting in defining the people, process,
policy, and technologies needed to create a proper defense against the ever-
changing face of cyberthreats.

Administering a Secure network :

Securing the network is an important step in thwarting potential cyber
attacks. Installation of software and hardware is not adequate in
keeping your network secure. You need to implement appropriate
configuration and proper maintenance to keep the network secure. It
is an ongoing process and is defined as network principles.
The key aspects of administration principles for network security are
as follows:
Rules-based management
Management of rules is an important concept to control network
communication. It is based on IT and controlled by rule, i.e., filter
driven systems. Routers, proxies, IDS/IPS, firewalls and anti-viruses
are some of the common attributes or the tools used in rule-based
security management. These tools are designed to either allow or
deny data or information packet on the basis of set rules. When any
data packet is found to be not matching the rules then the data
packet is denied by default.
Rules based management is also known as the concept of whitelist
security management. Whenever an activity or security event does
not match the rule, it is denied by default. White list security
management tools are used to block zero-day attacks.
Firewall rules
The rule system followed by a firewall is the first match-apply type. In
this case, the final firewall rule by default is to deny. The principles of
this rule are that if any data packet is not denied or allowed explicitly
by any other rule systems then firewall rules always block that packet
by default. It is a good example of white-list security management
tools having separate rules for inbound (Data Packets coming in) and
outbound (Data Packets going out) data depending on the firewall
types such as stateful inspection firewall. However, it is important to
review each of the rules very carefully before implementing them in
the firewall to avoid blocking useful data packets and the creation of
possible loopholes.
VLAN management
This is a hardware implementation that segregates the LAN with the
help of switches. In Virtual Local Area Network, every port is assigned
to VLAN 1 by default. The network administrator, of course, may
change the assigned VLAN on any of the ports or group together
different ports assigning the same VLAN. The main objective of using
VLAN is to manage traffic on networks. VLAN offers fast
communication within the network without any hindrance. However,
VLAN communication needs to have a routing function which may be
provided either by the routers or through a specialized switch called
the multilayer switch.
The VLAN is utilized primarily to control traffic for enhanced
performance and security of the network. It is also used for isolation
of traffic from the network segment. During communication, certain
VLANs can be avoided by not defining any specific route between
them.
Secure router configuration
Securing the router configuration is essential to prevent any
unauthorized or malicious changes to the router. This can be done by
following the configurations mentioned below:-
 Always use a unique and secret password for router access.
 The router configuration should deny every type 5 redirect
message of Internet Control Message Protocol or ICMP.
 Use data encryption and secure authentication protocols to
protect your router.
 Configure the IP addresses of trusted networks beforehand
through which exchange of data packets will be made.

Access control list

The ACL defines whether one can access or be allowed to carry
forward a particular function. It is applicable mostly to access objects
but can be extended for use in communication as well. ACL is mostly
used in firewalls, switches and routers as a measure for security
management. The ACL rules are known as “Filters” or “Rules of ACL”
where data packets are allowed as an exception and denied by
default.
Port security
Port Security refers to the various attributes in information
technology related to security. It is a security feature which consists of
a layer two traffic control system on Cisco Catalyst switches (like that
of RJ-45 cables used on wall jacks), enabling administrators to
configure switch ports for individuals, thus allowing only some
specific sources to have access. It helps in avoiding unauthorized
access, which is possible through open ports. Unused ports are
thereby blocked or locked with the help of wiring closets and server
vaults. Finally, it is disconnected from the main workstation by
disconnecting from the patch panel.
MAC Address: Port security can also be achieved by installing a smart
patch panel that monitors the MAC address of the system connected
to the empty port. It also detects if a valid device is replaced or
disconnected by any invalid device.
TCP and UDP ports: Checking for TCP and UDP ports is another way of
securing ports in terms of TCP management. A port is active when any
service is assigned to that port. The rest of the TCP or UDP ports
remain closed until they are assigned any services. Hackers perform
port scanning to derive information on which ports are open at any
given time. These scans can be detected by IPS, IDS, firewalls and
other security tools which either block these scans or feed the scans
with false information and reduce the effectiveness of such malicious
port scans.
Flood guards
This mechanism is used to thwart large-scale DDOS attacks. The
primary purpose of using this process is to identify malicious activities
and blocking them automatically. This action prevents cyber attackers
from entering into the network.
Loop Protection
A repeating transmission pathway in the network is known as a loop.
It uses resources from networks, particularly from the network
throughput capacity and usually, it takes place in the 2 nd or 3rd layer
related to the Ethernet and IP, respectively. Looping as Ethernet level
can be overcome through the use of STP protocol that works both at
the bridge and switch level. The STP learns about the path by using
traffic management.
Different techniques are used by IP to resolve looping issues. IP
usually controls packet distance to minimize looping amount instead
of focusing on preventing the data packet pathway. IP packets are
controlled with the help of countdowns in IP packet headers. This is
known as the “Time to Live” or TTL and its initial value is set on the
basis of the OS used. In current Windows versions it is set to 128 but
older Windows versions had it set to 32, while the Linux system had it
set from 64 to 255. Router decreases its value whenever a data packet
is re-transmitted and the packet is discarded if the value reaches 1.
An error message is sent to the sender (“ICMP Type 11—Timeout
Exceeded”).
Network Separation
A desired network design feature is Network Bridging, which has
many good attributes. It maintains the isolation of collision domain
and is inexpensive, transparent to layer. However, it also carries
drawbacks like latency, no option of collision division, not well scaled
and can result in a loop formation. All these problems can be solved
by adding the feature Network Separation.
This can be achieved in two ways, either by implementing IP subnets
and using routers or by physically creating two separate networks
that do not require mutual communication. Another way of achieving
this is to use firewalls through secure filters and management of
traffic.
Unified Threat Management
This is also known as “All in One Security Appliances.” It is hardware
designed specifically to work in between the Internet and private
networks. Undefined threat management is used for filtering the
inbound and outbound traffic that is entering or leaving the network.
Such management is implemented to act more as a firewall, IPS, IDS,
DDOS protection, virus scanning, spam and web filtering, and for
tracking activity. Several unified threat management tools work on the
server end for the maintenance of web applications as well as for the
wireless security features.
Unified threat management is more of a cost saving option for
smaller companies. For bigger companies, it cannot be regarded as an
optimal alternative as it suffers from less specialization, single point-
of-failure and possible performance constraints (although it’s still
better than traditional ones as it provides multiple security functions
within a single system). Bigger companies can afford better options.
Conclusion
Secure Network Administration Principles is essential for ensuring the
security and smooth trafficking of information through systems and
controlling the access of such information. It also helps in tracking the
network resources and their allotment method. You as a security
professional must be committed to understand the importance and
details of how these principles work in the bigger picture of InfoSec
examination.
Secure networks are a primary necessity for organizations nowadays.
However, even strong networks cannot always prevent threats
coming from inside and many other issues related to security.

Security: Network Design

Elements and Components:-

Introduction
How you design the network and build its components directly
contributes to the protection of the organization. Understanding the
various elements of network design and knowing their functions is
central to creating an overall security solution that includes multiple
layers of protection.
What network design elements are:-
Perimeter network boundaries, firewalls, and VLANs are just some of
the components of network design that help ensure a secure
network.
Subnetting
A secure network is a divided network. Subnetting divides a network
into smaller, more manageable, components. When creating a
subnet, you take bits from the host node and group them with the
network mask to create a subnet mask. In addition to making the
network more secure by controlling traffic and creating additional
broadcast domains, subnets also increase IP address efficiency.
DMZ
A DMZ (Demilitarized Zone) is a subnet used to keep public
information separate from private information. Any service an
organization wants to make public is placed in a DMZ as an extra layer
of security. Firewalls are used to keep the public from accessing
private areas of the network.
For example, you can create a public server and place it in a DMZ. The
server is accessible to both the private network and the public (such
as the Internet), but a firewall blocks the public’s view of the private
network, making it inaccessible. The best firewall for this purpose
transmits in three directions: internally, externally, and to the DMZ,
which allows you to direct traffic accordingly.
VLAN
Virtual Local Area Networks (VLANs) are groups of segmented hosts
that do not require the network administrator to relocate nodes or
rewire data links. VLANs are simply broadcast domains that are
configured via software, so instead of a physical link between hosts,
there is a virtual link. VLANs have several advantages, including
broadcast scope reduction and improved performance and
manageability. Of course, the most important advantage of a VLAN is
the increased security offered by grouping similar users together into
segments.
NAT
Similar to a firewall, a NAT (Network Address Translation) server hides
a network from outside users by displaying a small amount of IP
addresses for connected computers. The NAT server assigns IP
addresses to network hosts and devices while tracking incoming and
outgoing traffic. Network users connect either through the NAT server
or a router that supports NAT, so unauthorized users will only see one
address rather than all network connections.
The majority of systems that use NAT have private IP addresses for
network hosts and public IP addresses that the NAT uses to translate
and communicate with outside networks; this is called dynamic NAT.
The NAT is thus a proxy between the local network and the Internet.
PAT
Port Address Translation (PAT) is a more limited option form of NAT. A
NAT system can use more than one public IP address, whereas PAT
systems use only one address and share the network port. PAT gives
network hosts access to outside networks using a router’s IP address.
The protocol, either TCP or UDP, and the port can be specified by the
administrator. Because it is such a limited option, PAT is usually
employed on smaller home networks.
Telephony
The merger of telecommunications and networking resulted in
telephony, or Voice over IP (VoIP). This technology allows
communications services like voice calling, SMS, fax and voice
messaging to be provisioned over computer networks. Telephony
uses IP telephones and a network connection to transmit
telecommunications via data packets.
When it comes to security, telephony services have to be protected in
the same way as other network services. VoIP is vulnerable to DOS
attacks, call interception, theft of service and malware embedded in
the session, so it is extremely important that telephony services are
considered when designing network security.
Remote Access
Often referred to as RAS, Remote Access Services allow network
connection via remote systems. Remote access can be established
with a dial-up modem or network systems, like VPNs or DSL. The most
popular remote access service is remote administration, which is used
to take control of another user’s workstation. Depending on the
protocols used, the remote connection can either be in the clear or
secured. Because of the security risks involved with RAS, it is
recommended that network administrators set up remote access via
a manual start service and only launch the application when it is
needed to prevent back-door access to the network.
NAC
In order to ensure operational security of a network, a set of
standards called Network Access Control (NAC) defines the client
requirements before granting access to the network. Typically, NAC
makes sure that clients have no viruses and adhere to the network’s
specific policies before allowing access to the network. NAC protocols
enforce pre-admission and post-admission guidelines, controlling not
only which clients have access to the network but also where those
clients can go and what they can do once access is granted.
Virtualization
In order to make cloud computing possible, hardware virtualization is
necessary. This means that the physical hardware of a device is
abstracted using a hypervisor, also known as a Virtual Machine
Manager, and made available on a virtual machine. The physical
device is known as the host and the virtual devices are guests.
Virtual machines can run several operating systems in parallel from a
single physical computer. Because so many systems use virtualization,
it is important to study several different use examples and have a
general understanding of the implementation of virtual hardware.