Why Network Security is Important
Computer systems and networks tend to be heterogeneous in the constitution which means they come in different forms, use different mediums of communication, and are available from different vendors. These vendors may specialize in one or more aspects such as services, hardware, software, wired, or wireless. As a result, computer and network systems must comply with certain standards and protocols for interoperability especially interoperability of the Internet. A fundamental problem is that some of the core standards and protocols in use today were developed at a time when computer systems and networks were in their infancy and network security was not a crucial consideration.
As time went on the adoption of computing became widespread and moved from the realm of mainly governments and large organizations down to consumer level, rapidly enhanced by the introduction of the personal computer. At around the same time organizations also began to store and transport more sensitive data using computer systems and networks. It then became clear the network security was to be a core fixture in the use and maintenance of computer networks.
Another problem stems from the network design. Traditionally most networks were designed as flat layouts in terms of communication and so any computer could communicate with any other computer. There was very little effective segmentation and indeed protocols like Dynamic Host Configuration Protocol (DHCP) and Windows networking in general work easiest in such network designs. However, in terms of security, this is far from ideal as an attack or infection is capable of spreading easily through the network – the problem of lateral movement.
Where to begin with Network Security
Network security is about much more than just the deployment of tools and technologies. As a starting point, some considerations of importance should be that the right strategies, policies, and procedures are put in place before any corresponding technologies are diligently selected to facilitate and automate the strategies, policies, and procedures. A good way of looking at this as a starting point will be the following:
- Policies and Compliance
- Knowledge of the Network
- Training – Technical and User Awareness
- Tools & Technology
A well-defined security policy that prescribes the use of computer systems and resources is a good starting point. This policy ideally should sit in line with any compliance obligations that must be met. Then an accurate baseline of the network and network systems should be available so that what is normal is known for the network including assets, devices, user access rights, and communication mapping.
Adequate and timely training for both technical administrators and end-users should be conducted frequently so that configuration and end-user side vulnerabilities are eliminated. And finally, all this must be underpinned by the right tools and technologies with automation and orchestration capabilities where necessary. These concepts are elaborated on later in this article.
Network Security Threats
Today, network security is an integral part of the cyber strategy of many organizations especially for those where compliance with certain security and regulatory standards is mandatory. It is important because cyber threats have grown in sophistication and efficiency over the years just as the importance and value of data has grown. Any combination of threat actors can pose a threat to network security:
- Ransom Seekers
- Nation States
- Cyber Espionage
- Organized Crime
- Insiders (Malicious & Accidental)
- Script Kiddies
The corresponding network security threats may also come in any combination of the following:
- Social Engineering
- Malware (Commodity)
- Advanced Persistent Threats (APT)
- Denial of Service (DOS & DDOS)
- Side-Channel Attacks
- Physical Intrusion
- Criminal Damage
These network security challenges appear to only grow more and more as users and organizations continue to do and expect more and more from the cyber realm in day to day activities from work, play, entertainment services, and commerce.
Network Security Protections
In response to the problem of network security, there have been a plethora of technologies that attempt to provide various solutions especially with the current expansion in Internet usage and cloud computing. This then leads on to an important question that continues to linger in the minds of those who are tasked with ensuring network security.
Are we properly protected?
To be effectively answered, this question requires a continuous assessment of network security posture for on-premise, cloud and remote user and network locations.
- Policies & Compliance
Policies and compliance comprise the strategies and tactics which define how the organization is to deal with network security and they can measure compliance. In this case, the policies will most likely be tailored to a particular organization in line with various compliance directives but the compliance directives themselves tend to be organization agnostic but likely to be industry or vertical-specific.
- Knowledge of the Environment
Network security involves different parts and components of a computer network. As a result of this, the first and foremost point of importance is to know what these parts and components are and where they are located. An up to date inventory of the current state of your network will go a long way to a useful judgment on where the organization is in its protection regime. It goes without saying that you cannot really protect what you do not know. Network security is further compounded by the speed and agility that have become available with mobile computing and public clouds. These technologies have further extended the traditional network perimeter, so network security is no longer concentrated on the traditional network perimeter. To this end, continuous visibility is also very important. Effective protection must begin with the ability to visualize device and application information and communication dependencies in real-time or at least near real-time. This paves the way for network security baselining so that anomalies clearly stand out from established and expected norms.
- Training – Technical & User Awareness
Training should be focussed on both the technical and non-technical administrators and users of the network, network systems and applications. Some of the following questions must be adequately answered:
Do we have the required technical knowledge to configure and maintain our security technologies now as well as for the future?
Are our users adequately trained on cybersecurity awareness?
Do our people have the right detection and reporting knowledge to adequately respond to an incident and maintain compliance?
Technical IT training for IT and security administrators and cybersecurity Awareness Training for all staff. This includes practical hands-on training of IT administrators on using the security systems acquired.
The final piece is then to ensure that the right tools and technologies are placed to adequately protect against network security threats both known and unknown. Technology must be in place to prevent network security incidents and to contain network security incidents. That notwithstanding, it is impossible to guarantee complete protection all the time so there must also be adequate detection and response capabilities in place to adequately respond to an incident if one occurs.
Network Security Tools & Technology
These four guiding principles can serve as a useful starting guide to the organization’s security policy in general and the choice of the right technologies to be specific. There is little advantage to be gained by piling on new technologies when there is little knowledge of what requires protection against or why the protection is required in the first place.
Selecting the right tools and technologies can be a daunting task but again this should be approached strategically and systematically using the organization's Policy & Compliance requires, Knowledge of the Network and Training capabilities as a guide. In some cases, aspects of these can be outsourced if internal capability lacking and likely to present a security weakness such as skills or personnel shortage. Tools and technologies can be vetted and selected using the following as a starter guide:
- Perimeter Security
- Communication Security – Email, Messaging, Documents
- Endpoint & Device Security
- Identity & Internal Network Security
- Automation, Continuous Monitoring & Context
1. Perimeter Security
Cloud services, mobile devices and shadow IT have all contributed to moving the network perimeter beyond a fixed physical location. Users may utilize several mobile devices to access both personal and corporate data from different locations and work. However, where the network perimeter needs to be protected, such as the case of a data center or cloud environment, the following protections should be considered in their physical or virtual equivalents:
- Firewall (Stateful, Next Generation, API capable)
- Anti-Botnet and Botnet Activity Detection
- IPS – Intrusion Prevent System
- Encrypted Content Decryption (e.g. HTTPS Inspection)
- Web Security – Web and Application Control
- Sandboxing and Emulation
2. Communication Security – Email, Messaging, Documents
- Anti-Spam & Anti-malware
- Anti-Phishing and Malicious Link detection
- BEC (Business Email Compromise) prevention with Intelligence capability
- Email Security
- Messaging Security
- Document Security
- Physical Filing Systems Security
3. Endpoint & Device Security
In most cases, endpoint protection systems serve as the last line of defense in the network security strategy. The security measures implemented on the endpoint, therefore, need to have context, intelligence, and real-time decision making to deal with known and unknown threats however sophisticated. Some of the most useful capabilities should be:
- Application Control (Default Deny Allow list)
- Detection and Response with AI
- Disk Encryption
- Exploit Prevention
- Firewall (Network layers and Application)
- Forensics Capability
- Port and Media Security
- Heuristics & Sandboxing
- Host-based Micro-segmentation
- Mobile Device Management
- Host Web Security
4. Identity & Internal Network Security
In a lot of cases, breaches begin with some compromised credentials and or vulnerability in a target system. User and Device identity verification and authorization irrespective of the location should be a key component where the user is only allowed if the correct identity is presented and the device is also verified. On top of that, the authorization if not to the whole network but the specific resource requested. An example being Single Packet Authorization (SPA). In the case of vulnerabilities, they can be inherent in the system or misconfiguration from the user of the system. Misconfiguration occurs in situations where best practice has not been followed or administrator knowledge is lacking in using the technology. Some of the protections under the scope of Identity and Internal Network Security will be:
- Asset Inventory and
- Identity and Access Management
- Data Security and Encryption (Data at rest, Data in motion & Data in-use)
- Host-to-Host Context & Communication Mapping System (App Dependency Mapping)
- NAC - Network Access Control
- Threat Hunting (Proactive & Passive)
- Vulnerability and Patch Management
- Physical Security (Swipe Cards, Automatic Locks, Alarm Systems, CCTV)
5. Automation, Continuous Monitoring & Context
The problems facing cybersecurity in the modern day are as much a problem with lack of visualization with context as it is a tool problem. Visibility, continuous monitoring and baselining normal behavior is key if anomalous behavior is to be easily detected.
- Analytics (SIEM & Security Analytics)
- Automation & Orchestration
- Cyber Threat Intelligence
- Asset Inventory visualization
- Application Dependency Mapping
- Risk Scoring
- Threat Mapping
The features and technology examples detailed above are not intended as an exhaustive list but merely a guide in the selection of the right tools and technologies. Where possible and efficient to do so, it is advisable to consolidate features into a single offering. For example, a Host-based segmentation solution should also be able to provide application dependency mapping and third-party integrations into a Security Information and Event Management (SIEM) or Configuration Management Database (CMDB) solution. Another example is that a perimeter firewall should also be able to consolidate IPS, Threat Emulation, Anti-malware, and Botnet prevention capabilities.
Network security must be part of the organizational culture from the board room to the shop floor extending beyond the traditional perimeter to the remote worker. Modern architecture principles like Zero Trust look to bring network security from the legacy perimeter and implicit trust concepts to a more dynamic, automated, and continuous verification and authorization principles. It is important that these principles are not considered in a silo but planned and deployed as a system of related principles involving people, processes, and technology.