Network security is the process of using physical and software security solutions to protect the underlying network infrastructure from unauthorized access, misuse, malfunction, modification, destruction or improper disclosure, creating a secure platform for computers, users and programs to perform their functions in a secure environment.
Overall, network security is concerned with implementing security policies, procedures and tools to prevent unauthorized people or programs from accessing your network, connected devices and network traffic data.
Network security covers a variety of public and private computer networks that are used every day. From conducting transactions, communicating in and outside of your organization, government agencies and individuals all rely on some form of network security each day.
Table of contents
- What are the basics of network security?
- How to implement network security
- How is cloud computing affecting network security?
- What are the different types of network security software?
- What jobs are in network security?
- What are useful network security certifications?
- How UpGuard can improve your network security
Network security starts with authentication, commonly with a username and password. This is known as one-factor authentication. More secure networks may use two-factor authentication, where a user has to "have" something like a security token or mobile phone, other networks may use three-factor authentication that requires a user "is" something such as a fingerprint or retinal scan.
Once a user has authenticated, a firewall enforces policies to determine what is allowed to be accessed by network users. Though authentication is great at preventing unauthorized access, it can fail to check for worms and trojans being transmitted over the network.
This is why it is common for network security to have three stages that work together in tiered defense, namely:
- Protection: Configuration of systems and networks to function correctly with access control
- Detection: Ability to identify when configuration has changed or suspicious network traffic
- Reaction: Once identified, you can respond to cyber threats and return the network to a safe state quickly
Cyber criminals will use multiple attack vectors to gain access to your network, so defense in depth is important. You need security measures that protect against different types of malicious software (malware), phishing, spyware, trojans, ransomware and a multitude of other cyber attacks.
With good network security, you can protect your sensitive data and block attacks remove potential attackers even after they gain access to part of your network.
To implement a defense in depth network security strategy, you will need to use a range of security controls to mitigate cybersecurity risk such as:
- Administrative network protection: A security method that controls a user's network behavior and access. While providing standard operating procedures for IT officers to execute changes in infrastructure.
- Anti-malware and antivirus software: Anti-malware and antivirus software is designed to prevent, detect and remove malicious software (malware) from computers. Viruses, worms and trojans attempt to spread across networks and can lay dormant on infected machines.
- Application security: Insecure applications a common security threat that allow attackers to gain access to your network. A known vulnerability in an application or operating system like EternalBlue, the one the WannaCry ransomware cryptoworm used to spread, can be used by attackers to enter your network. Application security thus encompasses software, hardware and processes required to keep applications secure.
- Behavioral analytics: To detect suspicious behavior, you need to know what normal behavior looks like. Behavioral analytics tools automatically flag suspicious activities allowing your cybersecurity team to better respond to possible cyber attacks and then remediate the issue. This is a form of live digital forensics.
- Data loss prevention (DLP): Data loss prevention and information security teams are concerned with ensuring staff are not intentionally or unintentionally leaking sensitive data or personally identifiable information (PII) outside the network, resulting in data breaches or data leaks. DLP software and network security measures can prevent people from uploading, forwarding or even printing sensitive information.
- Email security: Email is one of the largest cybersecurity risks to any organization. Attackers can use social engineering tactics and personal information to run sophisticated phishing campaigns to receive victims and sent them to sites designed to steal login credentials or install different types of malware. Email security can block incoming attacks and control outbound messages to prevent loss of sensitive data.
- Endpoint security: Endpoint security is a methodology used to protect corporate networks when accessed through remote devices such as laptops or mobile phones.
- Firewalls: Firewalls place a barrier between your internal network and untrusted networks like the Internet. They do this through a set of defined rules that block or allow traffic. Firewalls can be software, hardware or both.
- Honeypots: Honeypots are decoy network-accessible resources that can be deployed in a network as surveillance and early-warning tools. Honeypots are not typically accessed for legitimate purposes, so access to one is generally a sign of a potential threat. A honeynet is a group of honeypots.
- Intrusion detection systems (IDS): An intrusion detection system (IDS) is a network security tool designed to detect vulnerabilities exploits, malicious activity or policy violations.
- Intrusion prevention systems (IPS): An intrusion prevention systems (IPS) monitor networks for malicious activities such as security threats or policy violations. IPSs identify suspicious activity, log information (such as host name and IP address), attempt to block the activity and report it.
- Mobile device and wireless security: Wireless devices, like any device, can have vulnerabilities and security flaws. This paired with the ability to connect to insecure networks outside of the office when on the go or sitting in a coffee shop greatly increase the risk of man-in-the-middle attacks. It's essential to train staff to only connect to trusted networks.
- Network access control (NAC): The selective restriction of a computer network or wireless network. This network security process helps control who has access to your network. When a user has permission to access the network, they are an authorized user. With proper access control, you can prevent unauthorized access while allowing authorized users to access the network as normal.
- Network segmentation: Software or hardware-defined network segmentation can reduce the risk of network based attacks spreading across the network. One common use of network segmentation is to have an internal wireless network for staff and an external wireless network for guests to limit the ability for attackers to gain access to sensitive information. Networks can be split up based on location, roles and more so the right people have access to the right networks.
- Security information and event management (SIEM): SIEM products bring together the information your cybersecurity staff need to identify and respond to potential cyber threats. These products can be physical or virtual and exist on computers and servers alike.
- Technical network protection: Technical network protection is used to protect data within a network by guarding stored and in-transit data from malicious software and unauthorized access.
- Physical network protection: Physical network protection is designed to stop attackers from physically interfering with network components. Door locks, swipe cards and IDs are essential to any physical network protection.
- Virtual private networks (VPNs): A VPN can encrypt the connection from an endpoint to a network over the Internet. This ensures staff working remotely can securely connect to internal resources while outside the office. Remote-access VPNs typically use IPsec or Secure Sockets Layer (SSL) to authenticate the connection between a network and a device.
- Web security: Web security solutions can control your staff's web use and deny access to malicious websites. You can use UpGuard's free website security scan to gain a free risk assessment on your website.
The rise of cloud computing means many organizations are outsourcing their computing needs to cloud services providers like Amazon Web Services, Google Cloud Platform and Microsoft Azure. Other organizations are using a hybrid approach where some of their infrastructure is in-house and other parts are managed by a cloud provider.
Cloud services are a great way to increase the productivity of organizations of any size but they do come with third-party risks and fourth-party risks. This is why vendor risk management and third-party risk assessment frameworks are foundational to any cybersecurity strategy.
When using cloud services, you must ensure that their security control policies match up with your internal policies and procedures, otherwise you could join the list of the biggest data breaches. Check your S3 security or someone else will, the default S3 security settings aren't great.
To cover all aspects of network security, your organization needs to use a combination of software and hardware including:
- Cloud firewalls
- Database firewalls
- Exploit software
- Intrusion detection software
- Intrusion prevention software
- Network firewalls
- Network segmentation firewalls
- Next-generation firewalls
- Packet sniffers
- Penetration testing software
- Unified threat management solutions
- Vulnerability scanners
- Web application firewalls
- Web scanners
It's no longer enough to have a firewall and call it a day. Network security relies on defense in depth and needs to be able to identify and stop threats behind the firewall and in front of the firewall. You need to have software that is automatically detecting vulnerabilities, data leaks, identity breaches and at risk vendors.
Careers in network security are in high demand and pay well. According to PayScale, the average network security engineer makes $85,000 with range from $65,000 to $127,000. Whereas the average network security analyst makes $67,000 with a range from $44,000 to $102,000.
In general, a network security engineer's job is to build out the security systems and procedures while a network security analyst is concerned with combing through data from the systems and tools set up by the engineer. That said, in many roles will be a combination of the two roles.
There aren't a lot of network security certifications but many security certifications have a network component or network certification including:
- The Certified Information Systems Security Professional (CISSP) from the International Information System Security Certification Consortium or (ISC)².
- CompTIA's Network+ which focuses on developing skills in troubleshooting, configuring and managing networks.
- Cisco's CCNA Routing and Switching certification
- EC Council's Certified Ethical Hacker Certification
UpGuard BreachSight's typosquatting module can reduce the cyber risks related to typosquatting and vulnerabilities, along with preventing breaches, avoiding regulatory fines and protecting your customer's trust through cyber security ratings and continuous exposure detection.
We can also help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and improve your security posture, as well as automatically create an inventory, enforce policies, and detect unexpected changes to your IT infrastructure.