Identify Network Access
Learning Objectives
After completing this unit, you’ll be able to:
- Identify the different ways assets can access a network.
- Explain the types of access people have to a network.
- Describe the importance of automatically tracking network access.
Learn About Assets and Their Network Access
- $1,000 in a checking account
- A national ID number
- A ring from a grandmother
- A laptop
- A mobile phone
What is this random list? Believe it or not, these are all assets. Assets are anything of value that a bad actor may steal, damage, or improperly access. Just like you need to be aware of the assets you have, network security engineers need to be aware of the assets on the network in order to protect them. In terms of information technology (IT), assets are usually hardware and software devices, such as laptops, mobile phones, routers and switches, and word processing software or the data created and stored with these tools.
Each asset has associated vulnerabilities, threats, and risks it is important for network security engineers to be aware of. What type of assets would a hacker want and why? What are the consequences if an unauthorized user gains access to a valuable asset? How likely is this to happen? A cybercriminal may be interested in stealing the money in a customer’s checking account. If the customer uses a weak password, such as 12345 or something a hacker can easily figure out about them from their online presence (like their birthday), then the customer’s account is left vulnerable to attacks. Network security engineers need to put themselves into the mind of a hacker to understand not only how networks work but also how networks can be compromised.
Think about how Jim protects his dream house. Does he leave the doors and windows unlocked? Does he have an alarm system? Does he keep jewelry, his passport, extra cash, and other valuables laying on the table by the front door, or does he put them in a lock box under his bed, or in a bank vault? Where he stores his valuable assets is similar to the concept of network topology, a fancy word meaning how networks are architected and where valuable assets are stored within them.
Examples of network topology include mapping how laptops connect to the network, architecting where users save data, or understanding the protections (like firewalls) that connect two locations in the network. Understanding where assets live and what they can access allows items with similar risk to be grouped together, and the connectivity and workflow of shared resources to be monitored.
How People Access the Network
Just as network security engineers understand the assets on the network, they also identify the people who access the network and what they have access to. Think about the physical security at a workplace. There may be a security guard who checks each employee’s company badge before allowing access to the building. Visitors may need to sign in and provide a driver’s license or other ID, or go through a metal detector prior to entering the building. The elevator may require a badge scan to go to a designated floor. Employees sign in to their computer with a username and password, or maybe even an authentication token on their phone or another device. There may also be a separate sign-in required to access a company database.
In the same way a company verifies who accesses the building with physical security guards, ID checks, and badge swipes, it’s also crucial that network security engineers know which users access their network and regulate those people’s access to the computing environment. Depending on the size of the organization, a network security engineer may work with an Identity and Access Management team to define and administer network access accounts (like the username and password used to log on to a computer, Wi-Fi, or VPN). They may also work with this team to ensure strong authentication measures are used (like a separate verification code from a mobile device) and help define who has privileged access to network accounts (such as network or database administrators).
It’s important to also understand the vulnerabilities, threats, and risks posed by network users. Threats can come from cybercriminals and hackers or from malicious insiders, such as a disgruntled employee, a concept known as “insider threat.” Vulnerabilities associated with users can take the form of an employee who clicks a phishing email because they have not been trained to recognize such attacks, or a system administrator who was just fired and is angry but has not had their credentials revoked. The more sensitive resources that these users can access, the greater potential risk they pose to a company’s security.
Some of the basic precautions that security professionals can take to reduce this risk include implementing the concepts of need to know and least privilege. This means ensuring that users are granted access only to the resources they need to do their jobs, and that they are given the least amount of privileges necessary.
If someone works in the Human Resources department and their job involves recruiting new employees, they probably don’t need access to change device configurations on a router. It’s also equally important to revoke credentials and access when necessary. This means there should be processes in place to terminate access when someone leaves the company or moves to a different role. Network security engineers maintain awareness of the assets and data flows on the network and understand, manage, and secure user access to those resources.
Knowledge Check
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the function in the left column to the matching category on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.
Great job! Now that we've learned how assets and people access the network, let's learn about tracking network access.
Track Network Access
Keeping track of all these assets and users is a tough job, but there are ways to make it more manageable. A network security engineer at a small organization may use manual tracking mechanisms like spreadsheets, or maybe even some free tools with basic functionality, to help identify all the users and assets on the network.
Many of these tools are mentioned in the Cyber Hygiene module on Trailhead. But as companies get larger and more complex, it’s important to automate these processes and ensure they are integrated with other tools. Doing so helps security professionals ensure that only authorized devices and users gain access to the network and necessary resources.
Organizations can manage network access through a variety of tools.
- Active discovery tools scan a network to find devices and update an organization’s hardware asset inventory with information about those devices.
- Passive discovery tools, on the other hand, scan network traffic logs to find new devices. In this way, they may discover assets later than an active discovery tool, which scans devices upon connection.
- Network Access Control (NAC) tools control access to a network with policies including pre-admission and security policy checks. A NAC may be configured to allow only company-issued laptops on the network. If someone tries to plug a personal laptop into an Ethernet port on their workstation, the NAC does not allow them to connect. In another example, a company may allow people to connect personal laptops to the network but may require that devices be up to date with all current security patches before connecting. If a laptop has updates pending, it must complete those before it can connect. Learn more about NAC and how it can help detect and block unwanted devices from accessing the network in a later unit.
Sum It Up
You've reviewed the important task of identifying all of the assets and users that have access to a network. Now it’s time to learn how to protect the network to minimize the risk posed by these assets and users.
