The components of a network make up the backbone of the logical infrastructure for an organization. These components are often critical to day-to-day operations, and an outage or security issue can cause millions of dollars in business losses. Here are issues to pay attention to:
- Operation of hardware. Modems are a type of Channel Service Unit/Data Service Unit (CSU/DSU) typically used for converting analog signals into digital. In this scenario, the CSU handles communication to the provider network, while the DSU handles communication with the internal digital equipment (in most cases, a router). Modems typically operate on Layer 2 of the OSI model. Routers operate on Layer 3 of the OSI model, and make the connection from a modem available to multiple devices in a network topology, including switches, access points and endpoint devices. Switches are typically connected to a router to enable multiple devices to use the connection. Switches help provide internal connectivity, as well as create separate broadcast domains when configured with VLANs. Switches typically operate at Layer 2 of the OSI model, but many switches can operate at both Layer 2 and Layer 3. Access points can be configured in the network topology to provide wireless access using one of the protocols and encryption algorithms discussed in https://cybertechpros.net/2021/01/28/how-to-implement-secure-design-principles-in-network-architecture/
- Transmission media. Wired transmission media can typically be described in three categories: coaxial, Ethernet and fiber. Coaxial is typically used with cable modem installations to provide connectivity to an ISP, and requires a modem to convert the analog signals to digital. While Ethernet can be used to describe many mediums, it is typically associated with Category 5 and Category 6 unshielded twisted-pair (UTP) or shielded twisted pair (STP), and can be plenum-rated for certain installations. Fiber typically comes in two options, single-mode or multi-mode. Singlemode is typically used for long-distance communication, over several kilometers or miles. Multi-mode fiber is typically used for faster transmission, but with a distance limit depending on the desired speed. Fiber is most often used in the datacenter for backend components.
- Network access control (NAC) devices. Much as you need to control physical access to equipment and wiring, you need to use logical controls to protect a network. There are a variety of devices that provide this type of protection, including the following:
- Stateful and stateless firewalls can perform inspection of the network packets that traverse it and use
rules, signatures and patterns to determine whether the packet should be delivered. Reasons for dropping a packet could include addresses that don’t exist on the network, ports or addresses that are blocked, or the content of the packet (such as malicious packets that have been blocked by administrative policy).
- Intrusion detection and prevention devices. These devices monitor the network for unusual network
traffic and MAC or IP address spoofing, and then either alert on or actively stop this type of traffic. Proxy or reverse proxy servers. Proxy servers can be used to proxy internet-bound traffic to the internet, instead of having clients going directly to the internet. Reverse proxies are often deployed to a perimeter network. They proxy communication from the internet to an internal server, such as a web server. Like a firewall, a reverse proxy can have rules and policies to block certain types of communication.
- Endpoint security. The saying “a chain is only as strong as its weakest link” can also apply to your network.
Endpoint security can be the most difficult to manage and maintain, but also the most important part of securing a network. It can include authentication on endpoint devices, multifactor authentication, volume encryption, VPN tunnels and network encryption, remote access, anti-virus and anti-malware software, and more. Unauthorized access to an endpoint device is one of the easiest backdoor methods into a network because the attack surface is so large. Attackers often target endpoint devices hoping to use the compromised device as a launching spot for lateral movement and privilege escalation. Beyond the traditional endpoint protection methods, there are others that provide additional security:
- Application whitelisting. Only applications on the whitelist can run on the endpoint. This can minimize
the chances of malicious applications being installed or run.
- Restricting the use of removable media. In a high-security organization, you should minimize or eliminate the use of removable media, including any removable storage devices that rely on USB or other connection methods. This can minimize malicious files coming into the network from the outside, as well as data leaving the company on tiny storage mechanisms.
- Automated patch management. Patch management is the most critical task for maintaining endpoints. You must patch the operating system as well as all third-party applications. Beyond patching, staying up to date on the latest versions can bring enhanced security.
- Content-distribution networks (CDNs). CDNs are used to distribute content globally. They are typically used for downloading large files from a repository. The repositories are synchronized globally, and then each incoming request for a file or service is directed to the nearest service location. For example, if a request comes from Asia, a local repository in Asia, rather than one in the United States. would provide the file access. This reduces the latency of the request and typically uses less bandwidth. CDNs are often more resistant to denial of service (DoS) attacks than typical corporate networks, and they are often more resilient.
- Physical devices. Physical security is one of the most important aspects of securing a network. Most network devices require physical access to perform a reset, which can cause configurations to be deleted and grant the person full access to the device and an easy path to any devices attached to it. The most common methods for physical access control are code-based or card-based access. Unique codes or cards are assigned to individuals to identify who accessed which physical doors or locks in the secure environment. Secure building access can also involve video cameras, security personnel, reception desks and more. In some high-security organizations, it isn’t uncommon to physically lock computing devices to a desk. In the case of mobile devices, it is often best to have encryption and strong security policies to reduce the impact of stolen devices because physically protecting them is difficult.