Chapter 11
Network security
By Nikhila Sattala
October 12, 2021
In today's digital landscape, network security is a critical aspect of ensuring the integrity, confidentiality, and availability of data and resources. This tutorial will guide you through essential network security concepts and best practices
Client:
Server:
- A client is a computer or device that requests and uses services, resources, or data from another computer or device called the server.
- Clients initiate communication by sending requests to servers and wait for responses.
- Clients can be software applications running on end-user devices such as laptops, smartphones, or desktop computers.
- Typical client applications include web browsers, email clients, file transfer programs, and more.
Server:
- A server is a computer or device that provides services, resources, or data to clients.
- Servers wait for incoming requests from clients, process these requests, and send back the appropriate responses.
- Servers are often specialized hardware or software designed to perform specific tasks, such as web servers, email servers, file servers, and database servers.
- Servers are usually located in data centers or centralized locations to ensure high availability and reliability.
So let us understand these basic terminologies:
- Confidentiality: Ensuring that data is only accessible to authorized users.
- Integrity: Maintaining the accuracy and trustworthiness of data.
- Availability: Ensuring that systems and data are accessible when needed.
Perimeter Security
Perimeter security involves protecting the outermost layer of your network, typically at the boundary between your internal network and the public internet. This layer often includes firewalls, intrusion detection systems, and intrusion prevention systems.
Best Practices:
Example:
A company uses a firewall at its network perimeter to block incoming traffic from known malicious IP addresses and only allow traffic on specific ports required for its services.
Perimeter security involves protecting the outermost layer of your network, typically at the boundary between your internal network and the public internet. This layer often includes firewalls, intrusion detection systems, and intrusion prevention systems.
Best Practices:
- Implement a robust firewall policy that only allows necessary traffic.
- Regularly update and patch your firewall rules.
- Use next-generation firewalls for deep packet inspection and application-level filtering.
Example:
A company uses a firewall at its network perimeter to block incoming traffic from known malicious IP addresses and only allow traffic on specific ports required for its services.
Network Segmentation
Network segmentation involves dividing your network into isolated segments to reduce the attack surface. This practice helps contain breaches and limits lateral movement for attackers.
Best Practices:
Example:
A financial institution segments its network into separate zones for customer data, employee workstations, and public-facing services to prevent unauthorized access to sensitive data.
Network segmentation involves dividing your network into isolated segments to reduce the attack surface. This practice helps contain breaches and limits lateral movement for attackers.
Best Practices:
- Segment networks based on trust levels and data sensitivity.
- Implement access controls between segments.
- Monitor and log traffic between segments for anomalies.
Example:
A financial institution segments its network into separate zones for customer data, employee workstations, and public-facing services to prevent unauthorized access to sensitive data.
Host-Based Security
Host-based security focuses on securing individual servers and endpoints within your network. This includes using antivirus software, host intrusion detection systems (HIDS), and applying security patches regularly.
Best Practices:
Example:
An e-commerce platform installs antivirus software on its web servers and uses HIDS to monitor for any suspicious activities on these servers.
Host-based security focuses on securing individual servers and endpoints within your network. This includes using antivirus software, host intrusion detection systems (HIDS), and applying security patches regularly.
Best Practices:
- Install antivirus and anti-malware software on all hosts.
- Employ host-based intrusion detection systems.
- Automate patch management to keep systems up to date.
Example:
An e-commerce platform installs antivirus software on its web servers and uses HIDS to monitor for any suspicious activities on these servers.
Data Encryption
Data encryption ensures that data remains confidential during transmission. It's essential for securing sensitive data, especially over untrusted networks.
Best Practices:
Example:
A healthcare organization encrypts patient data both during transmission between hospital branches and while stored in its databases.
Data encryption ensures that data remains confidential during transmission. It's essential for securing sensitive data, especially over untrusted networks.
Best Practices:
- Use encryption protocols like TLS/SSL for data in transit.
- Encrypt sensitive data at rest using encryption algorithms and key management practices.
- Employ encryption for data backups.
Example:
A healthcare organization encrypts patient data both during transmission between hospital branches and while stored in its databases.
Securing Network Protocols
Understanding common network protocols like HTTP, HTTPS, SSH, and FTP is vital for securing communication between clients and servers.
Best Practices:
Example:
A DevOps team configures a web server to enforce HTTPS for all web traffic, ensuring data exchanged between clients and the server is encrypted.
Understanding common network protocols like HTTP, HTTPS, SSH, and FTP is vital for securing communication between clients and servers.
Best Practices:
- Use HTTPS instead of HTTP for web applications to encrypt data in transit.
- Implement secure authentication mechanisms when using SSH for remote access.
- Limit the use of unencrypted protocols like FTP and consider alternatives like SFTP (SSH File Transfer Protocol).
Example:
A DevOps team configures a web server to enforce HTTPS for all web traffic, ensuring data exchanged between clients and the server is encrypted.
TLS/SSL for Secure Communication
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols used to secure communication over the internet.
Best Practices:
Example:
A financial institution uses TLS encryption for secure online banking transactions, safeguarding customer data during online transactions.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols used to secure communication over the internet.
Best Practices:
- Always use the latest TLS/SSL versions.
- Ensure proper certificate management and validation.
- Disable weak cipher suites.
Example:
A financial institution uses TLS encryption for secure online banking transactions, safeguarding customer data during online transactions.
SSH Best Practices
Secure Shell (SSH) is a secure protocol for remote access and data transfer. Adhering to best practices is crucial to prevent unauthorized access.
Best Practices:
Example:
A cloud service provider enforces strict SSH access controls on its servers to protect sensitive customer data.
Secure Shell (SSH) is a secure protocol for remote access and data transfer. Adhering to best practices is crucial to prevent unauthorized access.
Best Practices:
- Disable root login via SSH.
- Use key-based authentication instead of passwords.
- Regularly audit and rotate SSH keys.
Example:
A cloud service provider enforces strict SSH access controls on its servers to protect sensitive customer data.
Vulnerability Management
Regular vulnerability scanning helps identify and remediate security weaknesses in your network.
Best Practices:
Example:
A DevOps team uses automated vulnerability scanning tools to periodically assess their server infrastructure, addressing critical vulnerabilities promptly.
Regular vulnerability scanning helps identify and remediate security weaknesses in your network.
Best Practices:
- Use vulnerability scanning tools to regularly scan network assets.
- Prioritize vulnerabilities based on their severity.
- Develop a vulnerability remediation plan.
Example:
A DevOps team uses automated vulnerability scanning tools to periodically assess their server infrastructure, addressing critical vulnerabilities promptly.