Discover Network Security Safeguards
After completing this unit, you’ll be able to:
- Explain typical network security strategies.
- Describe common network protection methods.
In order to secure a computer network, you need a network security strategy. Network security professionals must identify security objectives, assess security risks, and determine how to mitigate these risks. An organization should define a security strategy with associated policies and procedures that secures the network while providing sufficient performance and ease of use. Everybody is responsible for security, so it’s important to train your entire organization, from the CEO to the receptionist to vendors, on your security plan.
There are three aspects of a security strategy: policy, enforcement, and audit/assessment. A security policy provides the framework that defines who and what can access an organization’s technology and information assets. The security policy also determines each person’s security responsibilities. After a security policy is defined, it’s not set in stone. Since assets, requirements, technology, and risks change over time, a security policy should be updated on a regular basis.
Beyond having security procedures that define how a security policy should be implemented, you need to understand how it is enforced. Firewalls, user authentication, network segmentation, virtual private networks (VPNs), and encryption are all methods commonly used to enforce a security policy.
After a security policy is implemented and enforced, the task of auditing and assessing the systems begins. An audit/assessment plan defines what needs to be monitored and how it should be monitored to determine whether the network has been compromised or is currently under attack. The plan also needs to provide appropriate responses and remediation if a breach occurs.
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag a word from the word bank at the bottom to the appropriate place in the paragraph. When you finish placing all the words, click Submit to check your work. If you’d like to start over, click Reset.
Great job! Developing a network security strategy requires a lot of planning, but it is worth the time and effort involved. Next, let’s look at ways to protect networks.
The more safeguards that are put in place, the less likely an intruder is able to breach a network’s defenses. Let’s review multiple options for keeping attackers out of computer systems.
Set appropriate account privileges so users, devices, and software can access only those network assets that are relevant to their jobs and needs. This is known as the least privilege principle which allows access only on a need-to-know basis. After all, people who work in the sales department don’t need access to payroll records.
Never use default passwords since these are the low-hanging fruit of network vulnerabilities. Many systems have been compromised because default passwords were left in place. Require users to change their passwords at regular intervals, prevent them from reusing passwords, and require them to create strong passwords (long passwords that contain a mixture of letters, numbers, special characters, and so on). Also, train network users to create unique passwords for each of their accounts. That way, if one account is hacked, the attacker cannot use the same password to access the user’s other accounts.
Install and enable firewalls, which are protective devices designed to prevent unauthorized entry to computer networks while permitting legitimate access. Implement physical barriers, hardware devices, and software that combine to form protective firewall layers.
Remember that encryption is our friend because it protects our data. Encrypt data in transit to avoid potential eavesdroppers from obtaining sensitive information. In addition, encrypt stored data (also known as data at rest). Then if attackers breach the system, they cannot extract any useful information since they won’t know how to decrypt the data.
Use a VPN (virtual private network) as an added layer of protection. A VPN is a secure, private network that transmits data across a public network, but lets computing devices act as if they are connected directly to a private network. VPN encrypts a network connection to protect network data.
Implement network segmentation that partitions the network so assets with similar values and risks are protected separately. This way, if any segment of the network is breached, the attacker cannot reach other segments of the network.
Run antimalware software that provides real-time systems analysis to prevent, detect, and remove malware.
Knowledge of Security Breaches
Be aware of major security breaches and keep software and firmware updated so malware and attackers cannot exploit existing known vulnerabilities. Many data breaches could have been prevented if only the computer systems had been properly patched.
Use security information and event management (SIEM) software as a centralized solution for managing computer systems. SIEM software can monitor systems for unusual activity and alert you about possible attacks.
Back up data on a regular schedule, and test that the data stored on backups is good. That way, if ransomware damages the data, you can restore the data without having to pay a ransom.
We’re building network security knowledge and providing a sense of what network security engineers think about and tackle in their daily roles. Let’s dig into their work in more detail in the next module, Network Security in Practice.