Every week, networks seem to grow in size and complexity. New SaaS services come online, while innovative communication tools make remote working easier. Data storage methods shift, with new assets to secure. And new malware threats constantly emerge. In an ever-changing digital world, network security has never been more crucial.
Network security is not a fixed constant. Methods to protect networks change all the time. In this glossary article, we will explain network security basics. We will introduce the CIA concept, and we will also look at contemporary security techniques. This article is an overview of the topic, but you can fine-tune your knowledge with detailed texts about related concepts.
What is a network?
Networks are collections of devices and applications. When linked together, these assets serve core business functions. Network managers can place devices on different network segments, while they may also be geographically distant. But they are all part of the same community of workstations, servers, switches, and SaaS gateways.
Networks meet the internet at the perimeter. This point is the network edge. It could be a web browser, a mobile phone, or the API on a third-party app. Security is a crucial issue wherever internal networks meet the external world. The edge encompasses digital connections. But it also includes physical connectors such as USB ports.
What are the main network types?
Networks come in a variety of types. Security measures required vary depending on network configurations. Common variants include:
LAN – Local Area Networks or intranets are small communities of devices connected via one or more routing nodes. Router tools handle all network traffic and may also include modems to interface with the internet. LAN networks can include many different devices. A LAN could feature computers, smartphones, printers, IoT devices, televisions, and gaming consoles. Routers assign IP addresses to all devices, which identify them on the network.
WAN – Wide Area Networks are more common in modern business. They constitute collections of LANs and cover wide geographical areas. For instance, companies with several branches will usually connect them via WAN technology. The internet itself is defined as a WAN. Every ISP is also technically a WAN.
SD-WAN – Software Defined Wide Area Networks are laid over WAN networks. Agents on connected devices link users to network resources. Managers can control access via secure gateways, and SD-WAN allows in-depth traffic monitoring. Companies also tend to use SD-WAN to secure cloud assets effectively.
How do networks work?
Networks operate at level 3 of the OSI model. The network layer is where data is transmitted. Servers create packets of information, which they send to network devices via routing devices. Packets are then rendered readable at the other end.
Numerical IP addresses usually identify network devices. But more advanced network architecture uses text labels for the same purpose. Systems may also apply encryption to data passing over the network. Encryption conceals the contents of packets, protecting them against external observers.
What are network devices?
Network devices are any items of hardware connected to the network architecture. Every network should be documented and mapped. Mapping enables managers to understand which devices require protection. Company networks generally rely on several device types:
Servers – store information and software.
Hubs – link several devices together within the network.
Routers - communicate information across the network.
Switches – supplement the router and divert traffic efficiently.
Bridges – connect network sections together.
Workstations - connect to router devices and allow staff secure access.
Gateways – connect areas of the network with different protocols or security profiles.
Firewall equipment - guards network edges against malicious traffic.
Access points – provide wireless access for authorized devices.
What is network monitoring?
Monitoring tools track traffic and user behavior inside the network perimeter. It also checks the status of network devices such as servers or switches and informs network managers when faults occur.
Monitoring can be reactive or proactive. Proactive monitoring is preferable, anticipating problems and seeking threats before they cause damage. Monitoring can also be agent-based or agentless:
This form of monitoring installs software agents on every network client. Agents connect to centralized monitoring software. They provide a stream of data about the status of the device. This data could include memory usage and processes running on the device. Agents may track user connections or assess general performance.
Agent-based monitoring delivers granular information and enhances network visibility. But the proliferation of agents poses problems. Security teams must set aside time to update and log agents. Managing large communities of agents can be difficult for smaller organizations.
This type of monitoring focuses on data passing across external and internal network connections. It involves packet inspection to discover information about data and network usage. And it can also involve app monitoring to ensure only authenticated users have access.
Agentless monitoring is non-intrusive and requires few resources. It provides a stream of data that can be used to improve security setups. But this information is generally not granular. Network managers may lack complete awareness of threats.
Monitoring is not always constant. Instead, security managers schedule inspections of digital assets to assess functionality and security status. The gap between security inspections is the monitoring interval.
Intervals vary depending on device type and situation. Technicians schedule constant inspections of the internal network. But general network performance measurements may have longer monitoring intervals. This reduces the load placed on the network.
What is network security and why is it important?
Network security is the process of protecting networks against potential threats. It includes software and hardware designed to detect and block malicious agents. Securing networks also extends to access control, network organization, and security policies.
Networking security is closely related to cybersecurity and information security. Cybersecurity guards against digital threats. InfoSec focuses on data protection. Both feed into protecting network infrastructure against outside threats.
Network security matters because data and apps need protection. Businesses depend on reliable access to workloads and databases. But they must secure confidential data from external observers via information security techniques. A well-thought-out security strategy balances access and protection, while also meeting compliance goals.
The main types of network security
There are several ingredients of networking security policies. Common approaches include:
Access control – access control tools check all entry requests. Access management gateways ensure only users with the correct credentials can access network assets. Security policies define access levels. These policies describe the privileges of each user. They apply automatically when users try to access the system. Firewall protections also prevent illicit access.
Application security – app security ensures the proper configuration of applications running on the network. The code of apps can be vulnerable to external attacks. For example, attackers exploit vulnerabilities in app code to access network resources. Application security tests all apps and applies patches to update code.
Data loss prevention - proactively seeks to protect sensitive data. Data loss prevention tools log the location of critical data. They apply segmentation to guard that data against cybercriminals.
Malware protection – anti-malware tools scan all incoming traffic for malicious code. Scanning can include network threats like spyware and ransomware. Both variants can extract data and lead to significant costs.
Web gateways – Secure Web Gateways filter traffic entering and leaving the network. They use tools like DNS filtering to block unsafe websites and allow access to core web-based resources.
Email security – specialist email security tools scan emails sent from work accounts. This includes emails passing through on-premises workstations as well as remote devices. Email clients also feature tools to filter spam messages from phishers.
Behavior monitoring – security tools can monitor user behavior within the network perimeter. AI-assisted tools scan for abnormal traffic and access requests. Or they may check for access requests from unusual geographical locations.
Virtual private networks – VPNs apply encryption to network traffic. Encryption guards data passing between remote workstations and network servers.
Network security controls
Levels of control make securing networks easier to understand. There are three control levels. Companies should factor them all into their security strategies:
Physical – physical security measures deal with the physical status of devices. Office devices may demand several credentials before permitting access. Companies must physically secure servers and other data storage devices via locks and access controls. Security setups may include cameras and biometric scanners to add extra assurance.
Technical – these controls protect data flows across the computer network. They also guard data resting on network devices. Technical controls cover locally-connected servers and workstations. But they also include remote working devices and SaaS services used by employees. They seek to prevent external attacks without harming network performance.
Administrative – these controls deal with user behavior. Administrative controls include Identity and Access Management systems that check all access requests. Security policies set out privileges for each user. Systems onboard new hires and delete obsolete accounts to prevent credential theft. Staff training is also a major administrative challenge.
Understanding the CIA triad model
The CIA model is the most popular way of visualizing security methods for modern networks. This model is the basis for defense-in-depth, which means defending connected assets across all network layers. "CIA" refers to the initials of the model's core principles. These ideas include:
Confidentiality – all sensitive information and user data must be protected and remain confidential. External attackers should not have access to network resources of any kind.
Integrity – network managers retain complete control over application configurations. Only authorized admins can make code changes or set security policies. Network teams have total awareness of device connections and visibility of network traffic.
Availability – resources should be available to authorized users at all times. Employees should be able to access workloads and transfer data from remote workstations. But security tools must minimize the freedom of unauthorized users.
Network managers must enforce all three CIA principles across the entire network. In practice this means using several of the networking security approaches mentioned above. For example, traffic monitoring identifies which users are accessing specific apps at a given moment. But it also means employing the right tools to achieve the CIA triad model.
Network security tools
The exact mixture of tools varies, but popular security options include:
Firewalls are the foundation of most security setups. They create a barrier between internal traffic flows and the external internet. And they can also operate internally to create zones of trust. In this case, firewalls enforce segmentation strategies. They limit east-west traffic inside the perimeter, minimizing freedom of movement for attackers.
IPS (Intrusion Prevention Systems)
Intrusion Prevention Systems allow managers to take a pre-emptive security approach. IPS tools check network traffic flows for malicious agents and suspicious activity. They quarantine and record threats that emerge and remove threats when detected. IPS tools generally use packet inspection, including protocol analysis. Signature Matching also helps to prevent exploit kit attacks.
A load balancer uses algorithms to determine traffic flows across the network. Traffic balancing helps to avoid bottlenecks but also has cybersecurity benefits. For example, load balancers can divert traffic when a service attack (or DDoS) occurs.
A sandbox operates alongside IPS tools to actively block aggressive malware. Sandboxes create emulated environments. These environments assess network traffic and can identify attack techniques like port scanning that other scanners often miss.
Network Traffic Analysis tools use AI to analyze network traffic. They compare real-time traffic to secure baselines. Baseline comparison allows traffic analysis tools to detect anomalies and report attacks before they cause harm.
Find the right network security mix
Robust networking security is the key to preventing data breaches and ransomware attacks. Follow the CIA model to create a comprehensive security strategy. Take into account physical, administrative and technical controls. And choose agent or agentless monitoring to ensure total awareness.