Network Security Protection

What is a network? 

Network security refers to technologies, processes, and policies used to defend any network, traffic, and network-accessible assets in case of cyber-attacks, unauthorized access, and data loss. All organizations, from small to large venture and service providers in all industries, require network security to secure critical assets and infrastructure from a rapidly expanding attack surface.

Network Security Protection
Network Security Protection | Image by Gerd Altmann from Pixabay

Types of network security 

  • The threat landscape

Threats are potential breaches that affect the resource’s confidentiality, availability, or integrity. Threats can include disclosing sensitive data, altering data, or denying access to a service.

The threat landscape includes information about threats, actors, and the threat vector that allows an attack to occur. A threat player is a person or group who intends to cause damage using existing threats.

For instance, in the case of a stolen laptop, the threat agent is the thief. The threat vector is the attack path, such as an unlocked door and a computer that is not adequately secured to a table.

  • Vulnerabilities

For a threat to be perceived there must be a usable vulnerability. Vulnerability is a weakness or fault threat actors can use to breach security strategy.

Continuing our example, lightweight design, portability, and convenience are attributes that appeal to many customers. At the same time, these same features are weaknesses that increase the likelihood of theft. Security controls, such as a door or cable locks, slow down the threat actor and reduce the possibility of theft, which lowers the overall risk.

  • Prevent, detect, and respond

Confidentiality, integrity, and availability (CIA) is the significant attributes that define the objective of any information security process. Many strategies and activities are included in the process, and each falls into three stages: response, detection, and prevention.

The pillars of the prevention stage are as follows and are implemented through a well-documented policy:

  • Define what to protect
  • Determining organizational responsibilities
  • Establish implementation procedures
  • Application of details
  • Create a security awareness program by educating all employees
  • Create access control to manage how employees access and use organizational resources
  • Detection is about employing features that monitor and record system activity. In case of a potential breach or malicious activity, detection systems must notify the responsible party or person. The detection process is only of value when followed by a planned and timely response.

The answer is a well-planned fix for an incident that spans stopping an attack in progress, updating a system with the new patch, or changing the arrangement of a firewall.

Network security types

Security added to a network environment must be based on the present threat landscape and will live tomorrow—this register to home, business, or service provider networks.

Adequate network security considers familiar vulnerabilities, criminals or other attackers, and current attack trends. To properly save your network, you need to understand all of your company’s public assets and how they might be compromised.

  • Threat landscape

The threat landscape or environment involves many essential elements to recognize and understand. This arms you with the understanding to take proper action.

Let’s start with the threat actors. They are the ones who launch attacks and invade systems. Malicious agents are either people or entities, with various goals depending on their agent type.

Cyber terrorists attack essential nation-state assets to cause harm to that country. For example, they can strike a country’s power grid.

State-sponsored agents attack on behalf of their government. They attack another government to advance their country’s agenda.

Organized crime or cybercriminals aim to make money. They consider it a job or source of income. They are criminals who steal business logically rather than physically.

Hacktivists have a message to communicate. They are activists who logically attack companies.

Script kiddies use someone else’s attack tools. They don’t have the knowledge to launch the attack without these tools.

Insiders are those who work for the company and are intent on causing harm to the employer.

  • Threat Vectors

A threat vector is a path an attack takes. It could be as simple as an attacker asking someone to physically open up the door to the building, which is fundamental to social engineering. However, it can also be much more complicated and require a lot of skill.

For example, it is usual for an attack to start with a social engineering attack known as phishing:

  • First, a user opens a phishing email.
  • It installs the software on the system, and the software opens a back door to the system.
  • The criminal exploits the back door to access the system and navigate, or move laterally, through the network.

 

  • Vulnerabilities

Vulnerabilities are weaknesses or flaws that exist in the technology. This includes security products like firewalls, antivirus, and anti-malware. It also includes everyday terminal devices such as servers, workstations, laptops, cameras, thermostats, and refrigerators. Finally, it also provides network equipment such as routers and switches.

Vulnerabilities fall into three categories:

  • We know about it, and we have a fix or patch. (N-days)
  • We know this, but we don’t have a spot or patch. (N-days)
  • We still don’t know if it exists. (0-days)

Sites like Miter We document the first two types, collectively known as the Common Vulnerabilities and Exposures (CVE) list.

You discover vulnerabilities by running vulnerability scans on your network. Good tools like Tenable’s Nessus automatically link found software to databases of known vulnerabilities. Vulnerability scans report suspected vulnerabilities but do not confirm that they can be exploited. The next step is to validate that they can be used on a network and take steps to secure the systems.

For instance, if a Microsoft Windows Server 2019 is on your network, the vulnerability scanner must discover Zerologon, an issue that could affect this server. Therefore, the scanner first finds that a Windows 2019 server exists and then searches the database for known vulnerabilities.

This scan should discover a CVE on the NIST called Zerologon that allows inappropriate advantage. This has a Common Vulnerability Severity Score (CVSS) of ten, which means it is the worst possible and should be addressed immediately. The CVE page contains links to recommendations, solutions, and tools. It also tips the Common Weakness Enumeration (CWE) page, which provides even more information about an attack.

  • Red teams, blue teams

There are many different tools and approaches that a company can use to test for security vulnerabilities on a network. One method is duplicating an attack on the company, a penetration test or pen test. Companies employ ethical hackers for this reason.

When ethical hackers attack a network, they discover vulnerabilities certain to that network. What makes these hackers moral is they are allowed to attack a system. They can prove that the vulnerabilities listed in the CVEs exist on the web, or they can reveal misconfigurations or unknown vulnerabilities.

One way to run a pen test is with red teams and blue teams. The red team uses fundamental hacking tools and tries to violate the existing network security. The blue team is an incident reply team that uses current, manual, and incident response plans to respond to the active attack.

When these two teams work together on a pen test, the benefits are more significant than on a standard pen test. The red team discovers the vulnerabilities, and the blue team begins to implement replying. Real hackers will pounce on networks, so the incident response team must be ready. Practice is key to this end.

Prevent, detect, and respond

The aim of network security is, first and foremost, to prevent attacks. When an attack happens, the first step is to detect it. Once the spell is known, it is vital to respond. Triage and assess the damage and understand the scope and vulnerabilities of the patch or the path used to execute the attack. This process is commonly described as prevent, detect and respond (PDR).

  • Prevention

Prevention involves strengthening systems and defending them with security controls. Hardening a method includes the following:

  • Perform system patching
  • Remove the default account if possible
  • Change the default password if it cannot be removed
  • Close unnecessary ports
  • Terminate or remove unnecessary services
  • Add controls such as anti-malware software and firewalls

 

  • Detection

Detection is done primarily through logs. For example, intrusion detection systems (IDS) observe traffic and record suspicious activity. The system logs the activity and sends it to a Syslog server. A security information event manager (SIEM) correlates and analyzes logs that alert security staff to compromise (IoC) indications. The security department or incident response team then takes steps to prove it is a real compromise and corrects the environment to prevent it from happening again.

  • Response

The answer can be as simple as downloading a patch for a system, but it can also be a lot of work. For example, it may be necessary to analyze existing configurations in firewalls, intrusion prevention systems (IPS), routers, and all other security and network software and devices to discover what is misconfigured.

An answer could also be to add new or different security tools to the network. This can be an extensive process that includes building a business plan.

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.