NETWORK SECURITY SYSTEM 2020
Networking
The current networks differ from the classic networks we all know. Nowadays, they not only interconnect computers, and antivirus and firewalls are not enough to detect and stop intrusions.
A contemporary business network connects remote devices like smartphones, laptops, notebooks, tablets, or other wireless devices through different environments: on-premises, cloud, or hybrid.
The mobile devices contain valuable information that should be protected. A lost or stolen phone could turn into a critical security breach. These devices are commonly positioned outside of the firewalls, on the edge of the network, and are called endpoints.
A computer network is like a highway. It conducts a high volume of traffic; it is fast and secure and connects people. In the same way, a highway does, a computer network must implement protection measures to keep the traffic safe. Network security consists of policies, technologies, and procedures adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and its accessible resources.
Cybersecurity can significantly improve network security. To learn more about this topic visit our blog at https://utmstack.com/
NETWORK STANDARDS
As a concept, a computer network is the interconnection of two or more computers for information and resource sharing. There are two major types of systems, Wide Area Network (WAN) and Local Area Network (LAN).
In the last years, the networks have been frequently classified by their dimension, and now we can read about Metropolitan Area Network (MAN), Storage Area Network (SAN), or Campus Area Network (CAN). Systems can also be private, such as within a company, and others may be open to the public.
The physical or logical network layout is called Network Topology. The basic types of network topology are Star, Bus, and Ring. The Star layout is the most common and widely used in offices and houses. The security is one of the four core network capabilities; the other three are Routing, Network management, and Throughput.
NETWORK PROTECTION
A little office, a house, or an elementary school don’t need advanced protection, only underlying security. Still, big enterprises with a large workforce require constant efforts, advanced security tools, and competent staff to prevent security breaches and stop malicious attacks of piracy, and spam.
There are two ways to link into a network: through a wired technology and a wireless connection. The communication between two hosts in a network can be encrypted to ensure privacy. Even if an unauthorized user accesses data, he would not be able to decode it. An algorithm like AES 256 hasn’t been cracked so far. The computing power of actual supercomputers is not enough to decipher them in a reasonable time.
Networks are subject to attacks from different sources. The intrusions are divided into two categories: “passive” when an intruder captures data traveling through the web, and “active” when an intruder initiates commands to interrupt the regular operation of the network or to find and get access to available assets through the web.
It is necessary to implement several techniques and procedures to guarantee network security successfully.
AUTHENTICATION
The authentication is the initial step, habitually with a unique username and password. The authentication has advanced in the last years, and now are available the double and triple authentication factor.
A double authentication factor requires not only a username and password but another factor controlled by the user, such as a security token, a credit card, or a cell phone.
A triple authentication factor requires, consequently, the joint of three factors:
· Username and password
· A security token, a credit card or a cell phone.
· Fingerprint or iris recognition
A secure authentication verifies that only authorized users access the network, which is controlled by the network administrator. The users have access to information and programs within their access level.
According to the 2019 Lastpass Password Security Report, 57% of businesses worldwide currently use multi-factor authentication, compared to 45% of companies last year. This form of identity and data protection is one of the world’s fastest-growing cybersecurity trends.
NETWORK BORDER AND NETWORK ADDRESS TRANSLATION
The first component of the network border or network perimeter is the border router. These routers do not act as a firewall but help to guard the network. The border router links the network directly to the Internet. It directs the traffic in or out of the network and blocks the transfer of unauthorized data. This device employs NAT (Network Address Translation) to provide two different functions: security and Ipv4 addresses saving.
The NAT hides a complete internal network behind a unique address: multiple computers in a network can be connected to the Internet using only one address. This feature also simplifies maintenance tasks.
The Rate-Limiting NAT Translation feature can also be practical in mitigating the effects of viruses, worms, and denial-of-service attacks. It restricts the maximum number of simultaneous NAT operations on a router.
DMZ
The DeMilitarized Zone or DMZ is an additional network placed between the external network and the trusted internal network. Two routers manage the connection between DMZ and the external and internal networks. This layout makes the internal network invisible to the external network because the routers and the firewalls restrict the traffic.
They are configured to allow links just until the perimeter, avoiding potential threats coming from the outside. Inside DMZ are placed the Web and email servers. This area is considered the most sensitive and secure.
FIREWALLS
After the authentication, the firewalls act as the second barrier. A conventional firewall inspects only packet headers. Deep packet inspection (DPI) is the latest method of managing network traffic used by modern firewalls. It functions at the application layer of the Open Systems Interconnection (OSI).
The DPI technique filters the content of data packets and can locate, identify, and block packets with specific data or code payloads. It can inspect the content of messages, and identify the specific application or service it comes from. It is effective against buffer overflow attacks, denial-of-service (DoS) attacks, and certain types of malware.
The firewalls can be implemented as software or hardware, or a combination of both methods to control the network traffic. The perimeter firewall is the center point of defense against the threats coming to the internal network. DPIs can also be exploited, and the deployment of an Intruder Prevention System (IPS) contributes to overcoming this problem.
INTRUSION PREVENTION SYSTEM (IPS)
An Intrusion Prevention System (IPS) helps detect and inhibit the action of malware, worms, exploits, and Denial of Service (DoS) attacks. It uninterruptedly monitors the network, looking for potential malicious events or violations.
The IPS alerts system administrators and can take preventive actions, such as closing access points, removing infected attachments from file or email servers, and configuring firewalls to avoid similar future attacks. They can also identify problems related to security policies, preventing inner breaches.
The use of advanced Artificial Intelligence (AI) and Machine Learning reduces the response time to security incidents. UBA stands for User Behavior Analytics, and it’s the most innovative threat detection technology. It analyzes how network users (humans) normally behave, creates a behavioral profile, and looks for any abnormal event that diverges from the ordinary behavior and might indicate a threat.
A user’s behavioral model includes several attributes that describe its interaction with an IT environment. An Intrusion Prevention System (IPS) using UBA could track the sessions start and end times, the IP addresses the user connects from, or what country the user logs in from.
INTRUSION DETECTION SYSTEMS (IDS)
The perimeter security can be a combination of multiple security tools: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Virtual Private Network (VPN).
Intrusion Detection Systems monitor the network and send alerts to systems administrators if a potential threat is detected. They don’t perform any action to respond to potential security violations, and that is the difference between IDS and IPS. They are not designed to block attacks. An IDS detects an intrusion once it has happened, and then signals the alarms.
These tools use two different procedures for identifying a suspected intrusion. Signature-based detection looks for signs of known exploits, and the statistical anomaly-based detection compares current network activity with a normal baseline.
ANTIVIRUS
The primary tool for network and computing systems security. It is a software that analyzes in real-time a computing system to detect and eliminate malicious programs. An antivirus utility works in the background and should be updated daily. Modern antivirus provides: malware-blocking, malicious URL blocking tests, online backup, firewall, exploit protection, password management, and VPN.
HONEYPOTS
Honeypots are accessible resources on the network that act as decoys. The techniques used by attackers trying to compromise these decoys are studied to detect new intrusion techniques. The results of the studies are useful to bolster network security. A honeypot can also direct an attacker’s attention away from legitimate servers, protecting and isolating the most valuable assets.
ENDPOINT SECURITY
Endpoint security focuses on safeguarding the endpoints. The endpoint protection software is installed on all network servers and all endpoint devices. The servers manage the analysis and response, and the clients (endpoints) have agents installed within them. These agents collect data about the respective devices’ activities and send them to the server.
Unlike firewalls and antivirus, endpoint security tools perform tasks like patching, logging, device management, application security, and monitoring.
The actual solutions include also Host intrusion prevention, Personal packet filtering firewall, and Antivirus Scanning.
CONCLUSION
In 2019, the most common cyberattacks were Denial-of-service (DoS), Man-in-the-Middle (MitM), SQL Injection, Malware, and Phishing. In the UK, for instance, 32% of businesses have identified cybersecurity breaches or attacks in the past 12 months. It is not official but, some researches suggest that 41% of the world’s cyber-attacks have their origin in China.
