The practice of preventing and safeguarding against unauthorized intrusion into corporate networks is network security. As a theory, it complements endpoint protection that focuses on individual devices; instead, network security concentrates on how they communicate and interact with the connective tissue.
The venerable SANS Institute goes a little further with the concept of network security.
Network security is the process of taking physical and software preventive measures to avoid unauthorized access, misuse, failure, alteration, degradation, or inappropriate disclosure of the underlying network infrastructure, thereby providing a protected platform for machines, users, and programs to perform their permitted critical functions in a secure setting.
But the overall thrust is the same: the tasks and resources you use to prevent unauthorized entities or systems from accessing the networks and the devices linked to them enforce network security. In essence, if hackers can not get to it over the web, the computer can’t be hacked.
Like top-level statements of purpose, definitions are perfect. But how do you set out a roadmap for the vision to be implemented? About a decade ago, Stephen Northcutt wrote a primer for CSOonline on the fundamentals of network security. However, we firmly believe that his vision of the three stages of network security is still essential and should be the fundamental foundation for your approach. Network security in his story consists of:
- Protection: You should configure your networks and systems as correctly as possible.
- Detection: You must detect when the configuration has changed or an issue with any network traffic.
- Response: After quickly recognizing problems, you must respond to them and return to a safe state as soon as possible.
This, in short, is a technique for defence in depth. If security experts have one common theme, relying on a single defence line is risky since a determined adversary can destroy any defence instrument. Your network is not a line or a point: it’s a territory, and even though an enemy has invaded part of it, if you’ve coordinated your security correctly, you still have the resources to regroup and expel them.
There are several advanced strategies and forms of network security you would want to roll out to incorporate this kind of defence in depth. The following schema is used by Cisco, a network infrastructure firm, to break down the various forms of network security. Although some of it is told by their product categories, it helps think about the different ways to protect a network.
Access control: You should be able to prevent your network from being accessed by unauthorized users and devices. Users who are given access to the network should only function with the limited set of resources they have been permitted.
Anti-malware: By definition, viruses, worms, and trojans try to spread across a network and can lie dormant for days or weeks on infected computers. To avoid initial infection and root out malware that finds its way into your network, your security effort should do its utmost.
- Protection of applications: Vulnerable applications are often the vectors by which attackers access the network. To lock down those applications, you need to employ hardware, software, and security processes.
- Behavioural analytics: To detect anomalies or violations as they arise, you should know what typical network behaviour looks like.
- Data loss Prevention: Human beings are ultimately the weakest link in defence. To ensure that workers do not intentionally or unintentionally transfer confidential data outside the network, you need to incorporate technologies and processes.
- Email security: One of the most known ways attackers gain access to a network is phishing. With sensitive data, email protection tools can block both incoming attacks and outbound messages.
- Firewalls: Perhaps the grandfather of the world of network security, they obey the rules you establish to allow or reject traffic at the boundary between your network and the internet, providing a firewall between your trusted region and the outside of the wild west. The need for a defence-in-depth plan does not preclude them, but they are still a must-have.
- Intrusion detection and prevention: These systems scan the network traffic, often by correlating network activity signatures with databases of established attack techniques, to identify and block attacks.
- Mobile devices and wireless protection: Wireless devices have all the possible security vulnerabilities like any other networked system but can also connect anywhere to almost any wireless network, requiring additional inspection.
- Segmentation of the network: Software-defined segmentation places network traffic into various classifications and makes it easier to implement security policies.
- Security Information and Event Management (SIEM): These products seek to automatically capture data from various network tools to provide information security you need to identify and respond to threats.
- VPN: A tool authenticates contact between a computer and a protected network, generating a secure, encrypted “tunnel” through the open internet (typically based on IPsec or SSL).
Online security: To block web-based threats from using browsers as a vector to infect your network, you need to be able to monitor web usage by internal employees.
Cloud and the Network Security
More and more businesses are discharging some of their computing needs to cloud service providers, creating hybrid infrastructures where their internal network has to connect with third-party hosted servers seamlessly and safely. This infrastructure itself is often a self-contained network that can be physical (many cloud servers work together) or virtual (multiple VM instances running together and “networking” with each other on a single physical server).
Many cloud providers set up centralized security management policies on their platforms to manage the security aspects. However, the trick here is that such security systems will not always fit your internal network policies and procedures. This mismatch will add to the workload for network security pros. There is a range of resources and strategies available to you that can help mitigate some of this concern, but the fact is that this region is still in flux. The ease of the Cloud can mean headaches for you regarding network security.
You’ll need a range of software and hardware resources in your toolkit to cover all those foundations. The firewall, as we’ve noted, is the most venerable. The drumbeat suggested that your network security is long going when a firewall is your total security, with comprehensive protection needed behind (and even in front of) the firewall to combat threats. Indeed, one of the most extraordinary things you can claim about a firewall product in a review seems to be that calling it a firewall sells it short.
Yet firewalls can’t be scrapped entirely. They’re precisely one aspect of your hybrid defence-in-depth approach. And there are a variety of different firewall types, as eSecurity Planet describes, many of which map the different kinds of network security we discussed earlier:
- Network firewalls
- Next-generation firewalls
- Web application firewalls
- Database firewalls
- Unified threat management
- Cloud firewalls
- Container firewalls
- Network segmentation firewalls
A network security specialist will install a range of instruments outside the firewall to track what’s going on on their networks. Some of these tools are significant vendors’ corporate products, while others come in the form of free open source utilities that sysadmins have used since the early days of Unix. A great resource is SecTools.org, which maintains a charmingly Web 1.0 website that keeps constant track of the most common network security tools, as voted on by users. Among the top groups are:
- Packet sniffers
- Vulnerability scanners such as “Nessus.”
- Intrusion detection and prevention software, Such as legendary Snort
- Penetration testing software
After all, what is penetration testing, if not an attempt to hack into a network? The last category might raise some eyebrows. But part of ensuring that you’re locked down means seeing how hard or easy it is to break in, and pros know it; an essential part of network security is ethical hacking. That is why, alongside staid corporate offerings that cost tens of thousands of dollars on the SecTools.org list, you can see resources such as Aircrack, which exists to sniff out wireless network security keys.
You may also want to deploy SIEM software, which we touched on above, in an environment where you need to get several instruments to work together. From logging applications, SIEM products have evolved and analyzed network data gathered by various tools to detect suspicious activity on your network.
You are in luck if you are looking for a job: These positions are in high demand, and they pay well. As one of the six highest-paid cybersecurity positions, staffing agency Mondo pegged network security analysts, claiming that they could receive between $90,000 and $150,000 a year.
Precisely what does a network security analyst do? And is that different from a security engineer on a network? There is still minor clarification than you would like regarding work names, as the professionals hashing stuff out and talking about their career paths on this Reddit thread demonstrates beautifully.
Theoretically, an engineer is more likely to develop security systems. In contrast, an analyst is more likely to be charged with detecting trouble by integrating data from network security software. But the fact is that many individuals do a little bit of both of the two names, and what you do will depend more on your job role than your two-word title. Glassdoor gears analysts at around $80K a year rather than $82K for engineers as marginally lower paying. But your mileage can vary greatly, and with a grain of salt, you can take any salary numbers.)
One thing you should be optimistic about is that any role is a potential career direction. Alissa Johnson Xerox’s CISO was a Northrup Grumman network security engineer before finally ascending the ladder into her new executive position.
Although there are few certifications focused on network security alone, a variety will help you prove your bona fides, either because they are network component security certificates or a network certification containing security content. Many of the most respectable include: