Network Security is an organization’s strategy and provisions for ensuring the security of its assets and of all network traffic. Network security is manifested in an implementation of security policy, hardware, and software. For the purposes of this discussion, the following approach is adopted in an effort to view network security in its entirety:
- Policy
- Enforcement
- Auditing
The IT Security Policy is the principle document for network security. Its goal is to outline the rules for ensuring the security of organizational assets. Employees today utilize several tools and applications to conduct business productively. Policy that is driven from the organization’s culture supports these routines and focuses on the safe enablement of these tools to its employees. The enforcement and auditing procedures for any regulatory compliance an organization is required to meet must be mapped out in the policy as well.
Enforcement
Most definitions of network security are narrowed to the enforcement mechanism. Enforcement concerns analyzing all network traffic flows and should aim to preserve the confidentiality, integrity, and availability of all systems and information on the network. These three principles compose the CIA triad:
- Confidentiality – involves the protection of assets from unauthorized entities
- Integrity – ensuring the modification of assets is handled in a specified and authorized manner
- Availability – a state of the system in which authorized users have continuous access to said assets.
Strong enforcement strives to provide CIA to network traffic flows. This begins with a classification of traffic flows by application, user, and content. As the vehicle for content, all applications must first be identified by the firewall regardless of port, protocol, evasive tactic, or SSL. Proper application identification allows for full visibility of the content it carries. Policy management can be simplified by identifying applications and mapping their use to a user identity while inspecting the content at all times for the preservation of CIA.
The concept of defense in depth is observed as a best practice in network security, prescribing for the network to be secured in layers. These layers apply an assortment of security controls to sift out threats trying to enter the network:
- Access control
- Identification
- Authentication
- Malware detection
- Encryption
- File type filtering
- URL filtering
- Content filtering
Chicago Network Security
These layers are built through the deployment of firewalls, intrusion prevention systems (IPS), and antivirus components. Among the components for enforcement, the firewall (an access control mechanism) is the foundation of network security.
Providing CIA of network traffic flows was difficult to accomplish with previous technologies. Traditional firewalls were plagued by controls that relied on port/protocol to identify applications—which have since developed evasive characteristics to bypass the controls—and the assumption that IP address equates to a users identity.
The next generation firewall retains an access control mission, but reengineers the technology; it observes all traffic across all ports, can classify applications and their content, and identifies employees as users. This enables access controls nuanced enough to enforce the IT security policy as it applies to each employee of the organization, with no compromise to security.
Additional services for layering network security to implement a defense in depth strategy 8have been incorporated to the traditional model as add-on components. Intrusion prevention systems (IPS) and antivirus, for example, are effective tools for scanning content and preventing malware attacks. However, organizations must be cautious of the complexity and cost that additional components may add to its network security, and more importantly, not depend on these additional components to do the core job of the firewall.
Auditing
The auditing process of network security requires checking back on enforcement measures to determine how well they have aligned with the security policy. Auditing encourages continuous improvement by requiring organizations to reflect on the implementation of their policy on a consistent basis. This gives organizations the opportunity to adjust their policy and enforcement strategy in areas of evolving need.