{"id":5012,"date":"2017-02-28T10:33:21","date_gmt":"2017-02-28T16:33:21","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=5012"},"modified":"2017-02-20T14:44:29","modified_gmt":"2017-02-20T20:44:29","slug":"the-importance-of-layered-network-security","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/the-importance-of-layered-network-security\/","title":{"rendered":"The Importance Of Layered Network Security"},"content":{"rendered":"

<\/a><\/p>\n

As enterprises look to streamline their operations by integrating the diverse aspects of their business and using networked computing architectures to provide a consistent platform and medium for this to take place, their need to guarantee the security of these networks becomes that much greater. In today\u2019s environment, breaches, bottlenecks or downtime leading to the slowing or stopping of network activity can mean the difference between economic prosperity and collapse.<\/span><\/p>\n

\u00a0<\/p>\n

For years, security professionals have been preaching the benefits of a \u201clayered\u201d approach to network defense \u2013 and in this article we\u2019ll be looking at what this means, and the implications it may have for your business.<\/span><\/p>\n

Defense In Depth<\/span><\/h2>\n

The layered approach to network security is based on the concept of \u201cdefense in depth\u201d \u2013 a vaguely cool and military-sounding phrase which simply means that since any barrier you put up to guard against something may one day be breached, it\u2019s a good idea to have several barriers so that anyone attacking you has a lot more work to do.<\/span><\/p>\n

\u00a0<\/p>\n

In terms of security modeling, these barriers translate into a set of layers which make up a complex and protective \u201cskin\u201d around the network (rather like the layers of an onion). Each layer is dedicated to a specific aspect of the network, and each has its own set of protections and security controls. Opinions differ as to what comprises each layer<\/a>, but here\u2019s a summary of the prevailing wisdom.<\/span><\/p>\n

Physical Layers<\/span><\/h2>\n

These layers deal with the first interface between humans and machines: The three-dimensional barriers that control access to the sites where networks are housed, set hardware in its appointed place, and ensure the physical integrity of the connections between different network components.<\/span><\/p>\n

\u00a0<\/p>\n

On the access control side, defense in depth here may include the provision of surveillance cameras or CCTV, security guards and patrols, turnstiles and metal detectors, key card or keypad access points, as well as device-specific measures like port block-outs, movement-triggered alarms, and location-tracking applications (\u201clow jacking\u201d).<\/span><\/p>\n

\u00a0<\/p>\n

The physical integrity of network elements may be maintained through proper wiring, connections, and hardware configuration, isolation of critical components, and environment controls like cooling and ventilation.<\/span><\/p>\n

Electronic Layers<\/span><\/h2>\n

Closely associated with the physical layers (and considered by some as part of them), protocols like Ethernet, Frame Relay, and PPP are concerned with sending bits of data using various communication mechanisms via analog and digital pathways.<\/span><\/p>\n

\u00a0<\/p>\n

Unauthorized users must be prevented from gaining access to these modes of transmission. So access control measures should be put in place to govern this, as well as surveillance and warning systems to monitor this access and give alerts in the event of any breaches.<\/span><\/p>\n

Procedural Layers<\/span><\/h2>\n

More of a conceptual matter than an actual element of the network itself, procedural layers are made up of the policies and best practices governing a system\u2019s IT management and security protocols. These would include the drawing up of rules to determine access rights, the configuration of firewalls or intrusion detection systems, and the establishment of schedules for updates, maintenance, and patch management.<\/span><\/p>\n

Network Security<\/span><\/h2>\n

This layer comprises the actual software and hardware dedicated to protecting the network in part or whole. Protection here extends from enabling the on-board security features of routers and switches to the installation and configuration of firewalls, intrusion prevention systems (IPS), and intrusion detection systems (IDS)<\/a>.<\/span><\/p>\n

\u00a0<\/p>\n

Defense in depth layering is further enhanced by dividing the network into segments or zones, each with its own requirements for establishing domains of trust and security access. This approach also makes it easier to monitor and manage data traffic on the network.<\/span><\/p>\n

Computer Hardening<\/span><\/h2>\n

Exploits targeting specific software vulnerabilities (in both operating systems and working applications) are a favored tool of cyber-criminals, and computer hardening aims at making systems proof against such attacks. Tools and methods include:<\/span><\/p>\n

\u00b7 Anti-virus and anti-malware applications<\/span><\/p>\n

\u00b7 Whitelisting of approved applications and workloads<\/span><\/p>\n

\u00b7 Endpoint security measures and Host Intrusion Detection Systems (HIDS)<\/span><\/p>\n

\u00b7 The removal of redundant or unused applications, services, and protocols<\/span><\/p>\n

\u00b7 Effective management of ports<\/span><\/p>\n

Application Security<\/span><\/h2>\n

Best security practices should be followed with control system applications, like a Role Based Access Control System<\/a> that bars access to critical process functions and forces user authentication via password, token, or some other protocol.<\/span><\/p>\n

\u00a0<\/p>\n

A comprehensive policy on software patching \u2013 which might include the pre-testing of patches on \u201csheep dip\u201d systems not connected to a network, verification of the authenticity of patches from vendors, and other measures \u2013 also applies here.<\/span><\/p>\n

Device Hardening<\/span><\/h2>\n

This layer of protection derives from the simple act of changing the default settings on system hardware. Measures would include resetting of passwords, and the reconfiguration of security settings on firewalls, switches, routers, and other embedded devices.<\/span><\/p>\n

The Need For Monitoring<\/span><\/h2>\n

A system-wide policy of monitoring, reporting, event logging, and alerts<\/a> completes the picture. To reduce the burden on administrators and IT managers, automating as many of these activities as possible is usually advised.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

As enterprises look to streamline their operations by integrating the diverse aspects of their business and using networked computing architectures to provide a consistent platform and medium for this to take place, their need to guarantee the security of these networks becomes that much greater. In today\u2019s environment, breaches, bottlenecks or downtime leading to the […]<\/p>\n","protected":false},"author":10,"featured_media":5016,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,13],"tags":[],"class_list":["post-5012","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-pc-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/5012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=5012"}],"version-history":[{"count":4,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/5012\/revisions"}],"predecessor-version":[{"id":5014,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/5012\/revisions\/5014"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/5016"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=5012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=5012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=5012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}