Network Security Basics
There are
three basic concepts that define what we mean when we talk about network
security:
Confidentiality: Confidentiality means that only the people who are supposed to view
data are the ones who are able to access that data. What this means for us is that we need to
stop unauthorised access to data, whether it be in motion (going from computer
to computer) or at rest (residing on a hard drive). The primary way of ensuring confidentiality
for data in motion is encryption – protocols such as SSL/TLS, SSH and VPNs are
all ways to encrypt data in transit. For
data at rest we have encryption as an option, as well as strict access controls
on both the computer and any network devices in between (routers, switches,
firewalls etc)
Integrity: Integrity means that the data that is sent is
the same that is received, meaning that it is not tampered with in between, and
that only authorised users can modify the data.
Availability: Meaning that the data is available to those
authorised when it is needed. Typically
this means that we need to ensure we have a reliable network, and also mitigate
the effects of Denial of Service attacks.
Now is a good time to lay out some of the key terms that
will be referred to throughout this blog:
Asset: Anything that is of value to a
company. Includes both tangible items
(people, hardware etc) and intangible items (intellectual property, data etc)
Vulnerability: A weakness. Typically described in terms of software
(Shellshock, Heartbleed….), it can also refer to a weakness in policy or
physical security as well.
Threat: Any unauthorised attempt to access,
manipulate or destroy an asset. What we
are protecting against.
Risk: The potential for unauthorised
attempt to access, manipulate or destroy an asset. When we deploy countermeasures to threats, we
are lowering our risk.
Countermeasure: Any action taken to
mitigate a threat.
Classifications
One of the earliest steps we must take to protect our
networks is to classify what is we are protecting (assets), what we are
protecting against (vulnerabilities and threats) and what we are going to do to
protect ourselves (countermeasures).
You’ll no doubt be familiar with classification of assets
which are often organised into groups
such as: Secret, Top Secret, Confidential etc…
We also need to classify our vulnerabilities in order to
describe what we are protecting against. This may include some or all of these:
hardware and software vulnerabilities, policy flaws, physical access security,
errors in design, protocol flaws etc..
Lastly, the countermeasures need to be classified, and they
come in three forms. Administrative, which
is generally policy, physical, which is physical access to hardware, and
logical, which is where we will spend most of our time, configuring network
controls and firewall rules.
Network
Security Principles
These are the basic principles to keep in mind when you are configuring
the network:
Rule of least privilege: Always
configure your network to allow only the minimum access that is required. For example you would configure access to a
web server from the internet to only allow http and https, instead of all
ports.
Defence in depth: Instead of relying on
a single layer of security (such as a perimeter firewall), we now typically
filter at many levels, from a perimeter router, to an access firewall,
access-lists on internal routers, host-protection on end servers, as well as
IPS devices deployed inside the network.
Auditing: The most obvious way of auditing
is keeping network logs so we can find out what access is granted to whom, and
to verify that our security is acting appropriately. We may also employ internal or external
testers to simulate an attack and identify potential weaknesses.
These are the basics to keep in mind as we progress further,
it might not be particularly exciting, but it gives us the grounding to
understand why certain technologies exist and why we employ them when we do.
No comments:
Post a Comment