Chapter 7
Network Security Fundamentals

Network Security Posture

Network Security Fundamentals

  • Once information security and network security were virtually synonymous
  • The network was viewed as the protecting wall around which client computers could be kept safe
  • Not all applications are designed and written with security and reliability in mind, so falls to network to provide protection
  • Network-delivered services can scale better for larger environments and can complement server and application functionality

Network Security Strategy

  • Organizations should make network defenses one of first priorities in protecting information

Design of the network

Network technologies

Load Balancing

  • Technology to help evenly distribute work across network
  • Allocate requests among multiple devices

Advantages of load-balancing technology

Reduces probability of overloading a single server

Optimizes bandwidth of network computers

Reduces network downtime

Load Balancer Techniques

Layer 4 and Layer 7 load balancers can distribute work in different ways:

Based on a “round-robin” rotation to all devices equally

To devices that have the least number of connections

Proxies

  • Person who authorized to act as substitute or agent on behalf of another human
  • Proxy server - Computer or application that intercepts and processes user requests:
  • If previous request has been fulfilled a copy of Web page may reside in proxy server’s cache
  • If not, proxy server requests item from external Web server using its own IP address

Reverse Proxies

Does not serve clients but routes incoming requests to correct server

Reverse proxy’s IP address visible to outside users

Internal server’s IP address hidden

Network Security Hardware

  • Specifically designed security hardware devices
  • Greater protection than standard networking devices

Network Firewalls

Host-based application software firewall runs as program on one client

Hardware-based network firewall designed to protected an entire network

Both essentially same: to inspect packets and either accept or deny entry

Spam Filters

  • Enterprise-wide spam filters block spam before it reaches the host

Email systems use two protocols:

Simple Mail Transfer Protocol (SMTP) - Handles outgoing mail

Post Office Protocol (POP) - Handles incoming mail

Virtual Private Network Concentrators

Virtual private network (VPN) - Uses unsecured network as if were secure

  • All data transmitted between remote device and network is encrypted

Types of VPNs:

Remote-access VPN - User to LAN connection

Site-to-site VPN - Multiple sites can connect to other sites over the Internet

Internet Content Filters

Monitor Internet traffic and block access to preselected Web sites and files

Unapproved sites can be restricted based on:

Uniform Resource Locator (URL filtering)

Searching for and matching keywords such as sex or hate (content inspection)

Looking for malware (malware inspection)

Host-Based Intrusion Detection System (HIDS)

  • Software-based application that runs on local host computer that can detect an attack as occurs
  • HIDS relies on agents installed directly on system being protected

Disadvantages of HIDS:

Cannot monitor network traffic that does not reach local system

All log data is stored locally

Resource-intensive and can slow system

Network Intrusion Detection System (NIDS)

  • Network intrusion detection system (NIDS) - Watches for attacks on network.
  • NIDS sensors installed on firewalls and routers to gather information and report back to central device