**Network Security**

# **Network Security** --- In the current digital world, almost everyone has access to the internet via their mobile phones, use of smart devices, and the need for having control of our assets and devices from the comfort of our smartphones. All of this is made possible by networking and it therefore important to ensure that all this integration is safe. ![](https://i.imgur.com/NmVTjgi.png) **Def**- It is the protection of hardware, software, information and all underlying architecture in a given network. Network security is not a technical problem; it is a business and people's problems. Technology is the easy part. The difficult part is developing a **security plan** that fits the organization's business operation and getting people to comply with the plan. To be able to make people adopt the plan in place for network security, it is key that each person knows the assets, map it to its value, prioritize and develop a cost benefit analysis. The aspect of *Risk Assessment* comes into play which is crucial in developing proportionate defenses and need to understand possible threats and vulnerabilities. The basic steps for Risk Assessment are as follows: * Identifying and prioritizing assets * Identifying vulnerabilities, threats and their probabilities * Identifying countermeasures * Developing a cost benefit analysis * Developing security policies and procedures ### **The triad of Network Security** These are the three basic stands for any network to be considered to have security ***Prevention*** - Every network should have mechanism that are set up to prevent unauthorized intrusion and access to organisation or personal network. ***Detection*** - preventative measures are implemented, procedures need to be put in place to detect potential problems or security breaches, in the event preventative measures fail. ***Response*** - this is a plan in place clearly stating how to go about recovery or addressing an incident. The plan should be in writing and should identify who is responsible for what actions and the varying responses and levels of escalation. ### Importance of Network Security Some of the basic reasons why we maintain security in the network is: ***To protect organization assets*** - which include tangible devices, softwares running and information. ***To gain a competitive advantage*** -over other organizations in the market. This is mostly in the field of financial services, e-commerce and other related ***Compliance with the rules*** - Many organizations strife to be at per with the minimum requirements for a network infrastructure and avoid legal action. This is to achieve the major goals of an organization using computers which is *Confidentiality, Integrity* and *Availability* ## LAN Security To help in the implementation of procedures set within an organization, some basic configurations can be set with regard to the people having access to the network. 1. ***Concurrent Logins*** - The system should be in such a way that a single user cannot sign into their account twice without logging out of one account. 2. ***Time/ Day Restriction***- If an employee does not normally work in the evenings and on the weekends, then the ability to access the network should be restricted for that time period. 3. ***Access Controls*** - Users should only be given access rights to directories they need to function. This can be in levels like Departmental Access of documents, all staff access or strictly confidential. 4. ***File Attributes*** - File-access attributes, such as read, write, execute and delete, should be granted based on need. If file attributes for executable files are not restricted, the executable files can be modified. 5. ***Account Management*** - Organizations should review network user accounts on a regular basis and delete any accounts that are no longer required. Accounts for users or employees no longer with the organization should be deleted 6. ***Trainings*** - Regular awareness should be carried out for all members of staff to equip them with ways of how to ensure security within the organization. This can range from password policies, how they handle client data, disposal of sensitive information, reporting of spam emails and many others to ensure compliance. With regular sensitization, cases of *Social Engineering* and *Ransomwares* are reduced greatly. ![](https://i.imgur.com/AG6D2If.png) Away from the people aspect and considering the ***technical*** aspect, some of the controls to be set in a network include: 1. ***Network Segmentation*** - This is the process of dividing a large network into smaller networks and can be achieved by grouping associated devices together on a common network device. This helps in security in that a malicious user/hacker cannot sniff into the entire network. It also helps in performance since it reduces the distance a packet has to travel to its destination. This improves network throughput, because the packets are only forwarded to the required port 2. ***Honey Pots*** - Honeypots are decoy or lure systems that contain phony services, files and applications designed to emulate well-known holes with the goal of entrapping hackers. When the hacker enters the honeypot the trap is sprung and the alarm is sounded. For it to work properly, the system has to be interesting enough to occupy the hacker long enough so that a security administrator can trace the hacker. Honeypots are usually deployed in conjunction with Intrusion Detection Systems(IDS) 3. ***Firewalls*** - A firewall is a network device that monitors all network traffic and decides whether to block specific traffic based on set controls. From the definition, a firewall can perform both Ingress and Egress packet filtering. They can also monitor for network sniffing and scans and drop those packets. It is important to note that normal routers act as basic hardware firewalls but adopting Next Generation Firewalls is the best option that organizations should consider in their network. 4. ***DMZ*** - Demilitarized zone(DMZ) is a perimeter network that is in between the organization LAN and the rest of the internet. It is important since the LAN is isolated but grants access to external hosts. It also gives the Incident Response time to deal with an attack while it’s on the DMZ before it gets to the LAN 5. ***Anti-malware solutions*** - these are commonly referred to as anti-virus. It is recommended that they be installed in all organization endpoints as they help curb malware and other potential threats that may arise outside the network. These may include files shared using removable disk drives, downloaded from the internet while outside the company LAN etc. 6. ***Patch Management*** - This is the process of keeping all softwares being used within the organization up to date. This happens when software vendors release patches for any found vulnerabilities on their products and users are required to update in order to be safe. This process is key and should not be ignored or postponed as is mostly the case for most people and organizations. **Physical Security** - whereas all the controls in the systems are okay, we should never forget the “traditional” security. This is having a written policy on who has access to organization assets like servers, printers, laptops etc. Authorization can be given with use of biometrics, door pins, and setting of Key Card Access System specific to each staff member and what they need to access. ## Incident Response This is an organized approach to addressing the outcomes of a security breach. The main aims of this are: * Reducing recovery time * Reducing costs incurred ![](https://i.imgur.com/0yqIi7v.jpg) The phases of incident Response are *Preparation, Identification, Containment, Eradication, Recovery* and *Lessons Learnt* To achieve this an organization needs to invest in a *Security Operation Centre (SOC)* with network monitoring solutions like *Security Information and Event Management (SIEM)* tools. This helps in log management and real-time visibility of the system. Alongside the software must be a qualified team of *SOC Analysts*. If this option is not available for the organization, then they can opt to outsource network monitoring *managed services* from companies offering such. ## Audit and Monitoring A systematic and independent examination to determine activities and related results comply with planned arrangements is fundamental in: * Reviewing performance * Ascertain the validity and reliability of information * Provide assessment of system’s internal controls. Audit reports should always be reviewed to check if corrections are being made where required [David Kariuki](https://t.co/rCCnOMhI3N?amp=1) Student, Associate Consultant, Shehacks Campus Ambassador