Security 101:: Network Security:: What Why and How?
What is Network Security?
Let's explore network security. 1st thing we need to understand is that Network security is NOT a single product. It is a set of technologies and products that prevent attack and intrusion of the network infrastructure–both physical and virtual components–as well as the applications that reside on it.
Product and technologies like SSL Proxy, SSL encryption-decryption, DPI Engine (deep application recognition engine to recognize applications), IDS/IPS, URL Filtering, Sandboxing, Threat Intelligence learning database and Machine learning for Anomaly detection, User identification, Network access control and the list goes on. All these features and product are part of the next generation firewall.
How Does Network Security Work?
Network security seeks to keep bad actors out of a network, prevent lateral movement when the network has been breached, and isolate any issue prior to its remediation.
Best practices for network security employ multiple products coordinated through centralized management and automation to ensure consistent policy application and enforcement. In addition to looking for threats coming from outside the enterprise, these systems also protect against traffic flows between the data center and other parts of the enterprise (i.e., north/south traffic) and between devices within an individual data center (i.e., east/west traffic).
Why is Network Security Important?
If intruders have compromised one part of the corporate environment, these efforts can prevent the infiltration of additional, more sensitive resources. As on the perimeter, individual products and point solutions target different technologies and layers. Solutions such as next-generation firewalls combine many services across multiple layers — packet filtering, stateful inspection, Active Directory authentication, antivirus, URL filtering, threat detection and prevention, SSL encrypt/decrypt, etc.
Common network security components include:
- Firewall: Inside of the corporate perimeter, firewalls create zones (inside, Outside, DMZ etc) of trust within the network. They are commonly placed at locations where traffic inspection and filtering are performed based on policy and organizational access rights. Examples include data center ingress/egress access rights.
- Load Balancer: Load balancers are proxies that distribute traffic to multiple systems based on policies and metrics. These systems provide resiliency against individual component failures as well as protection for the distinct systems behind the load balancer.
- IDS/IPS: IDS/IPS systems are deployed in conjunction with network firewalls to provide additional analysis of packet details and payload signatures. Signature matching examines the content of the payload data itself to identify known attacks (e.g., SQL injection) or infer malicious intent. Modern systems can also enhance deep packet inspection capabilities with the ability to evaluate the content or intent of encrypted traffic or zero-day attacks. The inspection of encrypted traffic requires a TLS proxy and for combating zero-day attacks, while an IDS/IPS needs a connection to a threat intelligence database and artificial intelligence/machine learning (AI/ML) resources.
- NAC: Network Access Control (NAC) ensures only authorized users and devices are allowed to connect to the corporate network. Controls can enforce a range of technical compliance policies, including connection location, resource access, device type, security profile, or time-of-day restrictions.
- URL Content Filtering: Content filtering secures web access by comparing web requests and results against block/allow lists and known malicious patterns. It can prevent active harm by blocking access to known malware/phishing URLs and permit access to only work-related websites. Today, URL filtering has expanded with threat intelligence and analytics.
- Messaging Security/Antivirus: Messaging Security provides content filtering and security for an enterprise messaging infrastructure (e.g., e-mail, chat). Similar to URL controls, these services eliminate spam and malicious content with a variety of block/allow list, network, reputation, and pattern-based techniques.
- Wireless Security: Wireless security is an implementation of network access control for devices not physically connected to the network. This traditionally involves IP-based devices and Wi-Fi protocols such as WPA2 and WPA3 (Wireless Protected Access), 802.1x, and Rogue Access Point (RAP) detection.
- Sandbox: A sandbox environment disconnects a program from the rest of the infrastructure, providing another layer of protection against new security threats. It offloads the object into a controlled area (e.g., a virtual emulation of a target system) to evaluate its actions or traffic flow before allowing it to proceed within the network. Sandbox testing proactively detects malware by executing or detonating code in a safe and isolated environment to observe that code’s behavior and output activity.
Difference Between IDS/IPS and Sandboxing?
Unlike an IDS/IPS, it is not signature-based, instead of relying on actual observation of behavior in a controlled environment.
- VPN: A virtual private network (VPN) is a networking construct that connects two disparate parts of a single network. VPNs usually consist of an encrypted session or tunnel that is intended to provide users privacy and anonymity. They are used to hide both connectivity information (e.g., source IP address) and user data.
- SSL: Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are protocols for establishing authenticated and encrypted links between networked computers. SSL is used for servers and web browsers to make the communication private. SSL certificates are used to secure the connection by using encrypted communication that connects the server and the browser.
