The components of a network make up the backbone of the logical infrastructure for an organization. These components are often critical to day-to-day operations, and an outage or security issue can cause millions of dollars in business losses. Here are issues to pay attention to:
- Operation of hardware. Modems are a type of Channel Service Unit/Data Service Unit (CSU/DSU) typically used for converting analog signals into digital. In this scenario, the CSU handles communication to the provider network, while the DSU handles communication with the internal digital equipment (in most cases, a router). Modems typically operate on Layer 2 of the OSI model. Routers operate on Layer 3 of the OSI model, and make the connection from a modem available to multiple devices in a network topology, including switches, access points and endpoint devices. Switches are typically connected to a router to enable multiple devices to use the connection. Switches help provide internal connectivity, as well as create separate broadcast domains when configured with VLANs. Switches typically operate at Layer 2 of the OSI model, but many switches can operate at both Layer 2 and Layer 3. Access points can be configured in the network topology to provide wireless access using one of the protocols and encryption algorithms discussed in section 4.1.
- Transmission media. Wired transmission media can typically be described in three categories: coaxial, Ethernet and fiber. Coaxial is typically used with cable modem installations to provide connectivity to an ISP, and requires a modem to convert the analog signals to digital. While Ethernet can be used to describe many mediums, it is typically associated with Category 5 and Category 6 unshielded twisted-pair (UTP) or shielded twisted pair (STP), and can be plenum-rated for certain installations. Fiber typically comes in two options, single-mode or multi-mode. Singlemode is typically used for long-distance communication, over several kilometers or miles. Multi-mode fiber is typically used for faster transmission, but with a distance limit depending on the desired speed. Fiber is most often used in the datacenter for backend components.
- Network access control (NAC) devices. Much as you need to control physical access to equipment and wiring, you need to use logical controls to protect a network. There are a variety of devices that provide this type of protection, including the following:
- Stateful and stateless firewalls can perform inspection of the network packets that traverse it and use rules, signatures and patterns to determine whether the packet should be delivered. Reasons for dropping a packet could include addresses that don’t exist on the network, ports or addresses that are blocked, or the content of the packet (such as malicious packets that have been blocked by administrative policy).
- Intrusion detection and prevention devices. These devices monitor the network for unusual network traffic and MAC or IP address spoofing, and then either alert on or actively stop this type of traffic. Proxy or reverse proxy servers. Proxy servers can be used to proxy internet-bound traffic to the internet, instead of having clients going directly to the internet. Reverse proxies are often deployed to a perimeter network. They proxy communication from the internet to an internal server, such as a web server. Like a firewall, a reverse proxy can have rules and policies to block certain types of communication.
- Endpoint security. The saying “a chain is only as strong as its weakest link” can also apply to your network. Endpoint security can be the most difficult to manage and maintain, but also the most important part of securing a network. It can include authentication on endpoint devices, multifactor authentication, volume encryption, VPN tunnels and network encryption, remote access, anti-virus and anti-malware software, and more. Unauthorized access to an endpoint device is one of the easiest backdoor methods into a network because the attack surface is so large. Attackers often target endpoint devices hoping to use the compromised device as a launching spot for lateral movement and privilege escalation. Beyond the traditional endpoint protection methods, there are others that provide additional security:
- Application whitelisting. Only applications on the whitelist can run on the endpoint. This can minimize the chances of malicious applications being installed or run.
- Restricting the use of removable media. In a high-security organization, you should minimize or eliminate the use of removable media, including any removable storage devices that rely on USB or other connection methods. This can minimize malicious files coming into the network from the outside, as well as data leaving the company on tiny storage mechanisms.
- Automated patch management. Patch management is the most critical task for maintaining endpoints. You must patch the operating system as well as all third-party applications. Beyond patching, staying up to date on the latest versions can bring enhanced security.
- Content-distribution networks (CDNs). CDNs are used to distribute content globally. They are typically used for downloading large files from a repository. The repositories are synchronized globally, and then each incoming request for a file or service is directed to the nearest service location. For example, if a request comes from Asia, a local repository in Asia, rather than one in the United States. would provide the file access. This reduces the latency of the request and typically uses less bandwidth. CDNs are often more resistant to denial of service (DoS) attacks than typical corporate networks, and they are often more resilient.
- Physical devices. Physical security is one of the most important aspects of securing a network. Most network devices require physical access to perform a reset, which can cause configurations to be deleted and grant the person full access to the device and an easy path to any devices attached to it. The most common methods for physical access control are code-based or card-based access. Unique codes or cards are assigned to individuals to identify who accessed which physical doors or locks in the secure environment. Secure building access can also involve video cameras, security personnel, reception desks and more. In some high-security organizations, it isn’t uncommon to physically lock computing devices to a desk. In the case of mobile devices, it is often best to have encryption and strong security policies to reduce the impact of stolen devices because physically protecting them is difficult.
Learn More:
Good post. I learn something new and challenging on sites I stumbleupon on a daily basis. It will always be interesting to read content from other writers and use a little something from other websites. Eileen Filberte Abana
Howdy! This blog post could not be written any better! Reading through this post reminds me of my previous roommate! He always kept preaching about this. I am going to send this information to him. Fairly certain he will have a very good read. Many thanks for sharing! Elnore Allan Colvert
The next time I learn a blog, I hope that it doesnt disappoint me as much as this one. I imply, I do know it was my choice to read, however I truly thought youd have something fascinating to say. All I hear is a bunch of whining about something that you might repair should you werent too busy on the lookout for attention. Anny My Melva
Wow! This may be one of the most beneficial websites we have ever come across regarding web hosting coupons. Actually great. We are also experts in this field, so we can understand the hard work that goes into a website like this. Modesty Orland Lynch
This piece of writing will assist the internet users for setting up new website or even a weblog from start to end. Kippie Aguistin Nutter
Very nice post. I just stumbled upon your weblog and wished to say that I have truly enjoyed browsing your blog posts. Josepha Thorny Estey Elie Jo Aluin
i tried many,but its toe only one that;s working for me!!! Norma Rafaello Rodrique
Hi there. I discovered your blog by the use of Google whilst searching for a comparable topic, your website came up. It appears good. I have bookmarked it in my google bookmarks to come back then. Sabra Waverley Sylvia
You completed several nice points there. I did a search on the theme and found most people will agree with your blog. Evaleen Tobias Stevy
I have to voice my admiration for your generosity giving support to people that really need help on this subject matter. Your personal commitment to getting the message along was really powerful and have really allowed employees like me to achieve their goals. Your amazing insightful recommendations indicates so much a person like me and especially to my colleagues. Thanks a lot; from each one of us. Henrietta Reuben Freida
Really appreciate you sharing this post. Really thank you! Much obliged. Ardene Thibaut Sophi
What is the difference between the cryptomoneda and trader? Aubrey Niccolo Florri
Crypto Trader is an automated trading software that makes it easier for investors to invest in Cryptocurrency,
cryptomoneda is referring to that cryptocurrency is a digital or virtual currency that is secured by cryptography, which makes it nearly impossible to counterfeit or double-spend. Many cryptocurrencies are decentralized networks based on blockchain technology—a distributed ledger enforced by a disparate network of computers
I’m no longer sure the place you are getting your information, however
great topic. I needs to spend some time learning more
or figuring out more. Thanks for great info I was looking
for this
information for my mission.