Leave a comment

Network Security: How it Works

Written by:  • Edited by: Lamar Stonecypher
Updated Mar 7, 2010

How does network security work? This is a complicated question, but in this article I break the concept of network security into its major components. By the time you finish reading, you will have a high-level understanding of the what's and how's of network security.

Network security, as defined in the first article in this series, is a critical component of business operations. However, implementing it can be overwhelming for someone not familiar with the terminology and concepts. This is true even if an organization decides to work with a security vendor instead of designing and implementing controls in-house. You want to know what you are purchasing, why you care, and how each control fits into the overall network protection strategy. The rest of this article helps reach those goals.

Before diving in to the technical discussion, I recommend printing Figure 1. I use this diagram to discuss network security terms and concepts.

Figure 1: Network Security
click to enlarge

Types of Controls

Like end-user device security, network security consists of three primary types of controls: administrative, physical, and technical. Administrative controls consist of security policies and supporting procedures used to control user behavior, including how your IT staff implements new technology.

Physical security controls include locks, fences and other devices used to delay the progress of someone attempting to gain physical access to network components.

Technical controls, the subject of this article, are devices, configurations, etc. used to protect data stored on or moving through your network.

Technical Controls - Basic Concepts

The first concept to understand is defense in depth or layered security. Figure 2 depicts a network-level layered security model.

Figure 2: Layered Security
click to enlarge

There are two paths to sensitive data: from the outside and from the inside. When we think of network security, we usually think about non-employee attackers stealing our data or disrupting computer services. However, most problems are caused by employee behavior- intentional or unintentional. So technical controls have two purposes.

First, we need to keep unauthorized personnel from getting to sensitive information. Second, we have to help good employees do the right thing while thwarting malicious activities of other employees.

We accomplish both objectives with layers of controls which support each other. In other words, if a control fails to work as expected, other controls should step up and fill the gap. This is why control implementation must consider both prevention and detection.

At a high level, controls protecting data and critical systems from both internal and external access must:

  • control access to the company network;
  • place the most sensitive information on servers with "special" security;
  • control malware and intrusive activities;
  • control access to devices;
  • harden devices with secure configurations; and
  • control physical access to critical infrastructure.

Perimeter Defense

Often, managers typically think setting up a secure perimeter around the network is "network security." While it is an important component, it should only be the first layer of defense between an external entity and sensitive data.

I define perimeter security as any control or set of controls which:

  • controls which computers gain access to the network;
  • controls which users gain remote or local access to the network; and
  • monitors for anomalous network behavior.

Referring to Figure 1, the firewall and IPS (Intrusion Prevention System) fulfill these requirements. The firewall contains rules which determine the types of network traffic allowed to pass from the Internet to the company network. These rules are usually based on IP address ranges, ports and protocols.

The IPS filters permitted traffic looking for signs of malicious intent, including:

  • malformed network data;
  • files matching the characteristics of known malware;
  • repeated attempts to reach protected devices; and
  • evidence of port scanning, a tell-tale sign that someone is trying to map the network prior to an attack.

An IPS device can block questionable traffic, alert security, or both.

Another perimeter security device in our example is the Wireless AP (Access Point). Laptops, handheld devices and some desktops attach to the company network via wireless technology. While wireless is a great technology for connecting mobile devices, it can also be a gaping hole in your perimeter defense.

To ensure your APs don't allow unauthorized access, make sure wireless traffic is encrypted and requires strong keys. For more information on wireless security, see Introduction to Wireless Security.

Firewalls and IPS devices are not the only controls to secure your network perimeter, but they are the most common. Regardless of the technology deployed, the outcomes should match those described above.

Perimeter controls are important for keeping unwanted stuff- and people- off your network. The remaining control layers discussed in this article are required to protect against inside as well as outside threats.

Showing page 1 of 2
1
Understanding Network Security
In this series, we explore the definition of network security, what it means to secure a network and the types of controls available, and necessary, for basic protection.
 
blog comments powered by Disqus
Enterprise Security
FEATURED AUTHORS
Chris Orr DonC Steven Bowcut, CPP Jeremy Bost
Bruce Tyson Arun Kumar, MVP Mojave Media Group Lee Clemmer
Most Popular Articles
Email to a friend