Question

You're working as a security analyst for a small company that doesn't have the resources of larger organizations to secure it's network. What type of network security solution should you consider implementing? In your opinion which of the many services it offers provides the most benefits? How about the least?

Answer 1

Network security is anything you do to protect your network, both hardware and software. Network administrators (or system administrators) are responsible for making sure the usability, reliability, and integrity of your network remains intact. A hacker is capable of getting into a network and blocking your access, for example by holding a system hostage for a bitcoin ransom. You need an excellent defense in place to ensure you’re protected.

Detecting weaknesses in a network can be achieved through:

• Security engineering: the practice of protecting against these threats by building networks to be safe, dependable, and secure against malicious attacks. Security engineers design systems from the ground up, protecting the right things in the right ways. If a software engineer’s goal is to ensure things do happen (click here, and this happens), a security engineer’s goal is to ensure things don’t happen by designing, implementing, and testing complete and secure systems.

As a part of security engineering, there are proactive measures to predict where vulnerabilities might lie and reinforce them before they’re hacked:

• Vulnerability assessment: Engineers identify the worst case scenarios and set up proactive plans. With security analysis software, vulnerabilities in a computer, network, or communications infrastructure are identified and addressed.
• Penetration testing: This entails deliberately probing a network or system for weaknesses.
• Network intrusion detection systems (NIDS): This type of software monitors a system for suspicious or malicious activity.

Network admins are able to target threats (whether through suspicious activity or large queries to a database), then halt those attacks, whether they’re passive (port scanning) or active, like:

• Zero-day attacks, also called zero-hour attacks—attacks on software vulnerabilities that often occur before the software vendor is aware of it and can offer a patch. Or, hackers will initiate attacks on the software vulnerability the day that it’s made public there’s an issue, before users can install patches (hence the name “zero day”)
• Denial of service attacks
• Data interception and theft
• Identity theft
• SQL injection

===========================================================================================

The Answer to your question:

methods of protecting networks include:

• IT Security frameworks: These act like blueprints for a company to set up processes and policies for managing security in an enterprise setting. Which a company uses can depend on the industry and compliance requirements. COBIT is popular among larger, publicly traded companies, ISO 27000 Series is a broad set of standards that can be applied to a number of industries, and NIST’s SP 800 Series is used in government industries, but can be applied elsewhere.
• Password “salt and peppering”: Adding a salt, or random data, to a password makes common passwords less common. A pepper is also a random value attached to the password, which is helpful in slowing hackers down.
• Authorization, authentication, and two-factor authentication (sometimes sent via SMS, although this can prove vulnerable as well)
• Virtual Private Networks (VPNs)
• Application whitelisting, which prevents unauthorized apps from running on a computer
• Firewalls: Block unauthorized access to a network or data interceptions
• Honeypots: These are like decoy databases that attract hackers but don’t house any important information.
• Anti-virus software
• Encryption—decoding data, in transit or at rest, including end-to-end encryption often used in messaging apps and platforms that only allows encrypted messages to be read by sender and receiver

Within network security is also content security, which involves strategies to protect sensitive information on the network to avoid legal or confidentiality concerns, or to keep it from being stolen or reproduced illegally. Content security largely depends on what information your business deals in.

===============================================================================================

Most beneficial:

ENDPOINT SECURITY: SECURING THE WEAKEST LINK

It’s said that users are often the weakest link in the security chain, whether it’s because they’re not properly educated about phishing campaigns, mistakenly give credentials to unauthorized users, download malware (malicious software), or use weak passwords. That’s why endpoint security is so crucial—it protects you from the outside in.

Endpoint security technology is all about securing the data at the place where it both enters and leaves the network. It’s a device-level approach to network protection that requires any device remotely accessing a corporate network to be authorized, or it will be blocked from accessing the network. Whether it’s a smartphone, PC, a wireless point-of-sale, or a laptop, every device accessing the network is a potential entry point for an outside threat. Endpoint security sets policies to prevent attacks, and endpoint security software enforces these policies.

If you’ve ever accessed a network through a virtual private network (VPN), you’ve seen endpoint security in action. Malware is one of the core threats addressed by endpoint security, including remote access trojans (RATs), which can hack into a laptop and allow hackers to watch you through your webcam.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

INTERNET SECURITY: GUARDING AGAINST CYBER CRIMES

The internet itself is considered an unsecured network—a scary truth when we realize it’s essentially the backbone for how we give and receive information. That’s where internet security (or cyber security) comes in, and it’s a term that can get pretty broad, as well. This branch of security is technically a part of computer security that deals specifically with the way information is sent and received in browsers. It’s also related to network security and how networks interact with web-based applications.

To protect us against unwittingly sharing our private information all over the web, there are different standards and protocols for how information is sent over the internet. There are ways to block intrusions with firewalls, anti-malware, and anti-spyware—anything designed to monitor incoming internet traffic for unwanted traffic or malware like spyware, adware, or Trojans. If these measures don’t stop hackers from getting through, encryption can make it harder for them to do much with your data by encoding it in a way that only authorized users can decrypt, whether that data is in transit between computers, browsers, and websites, or at rest on servers and databases.

To create secure communication channels, internet security pros can implement TCP/IP protocols (with cryptography measures woven in), and encryption protocols like a Secure Sockets Layer (SSL), or a Transport Layer Security (TLS).

Other things to have in an internet security arsenal include:

• Forms of email security
• SSL certificates
• WebSockets
• HTTPS (encrypted transfer protocols)
• OAuth 2.0, a leading authorization security technology
• Security tokens
• Security software suites, anti-malware, and password managers
• Frequently updating and installing security updates to software, e.g., Adobe Flash Player updates
• Encryption, and end-to-end encryption

===============================================================================================

Least beneficial:

APPLICATION SECURITY: CODING APPS TO BE SAFE FROM THE GROUND UP

A lot of the internet security focus is on patching vulnerabilities in web browsers and operating systems, but don’t neglect application security—a majority of internet-based vulnerabilities come from applications. By coding applications to be more secure from the start, you’re adding a more granular layer of protection to your internet and network security efforts, and saving yourself a lot of time and money.

App security does rest on top of many of the types of security mentioned above, but it also stands on its own because it’s specifically concerned with eliminating gaps and vulnerabilities in software at the design, development, and deployment stages. Security testing(which should be conducted throughout the code’s lifecycle) digs through the app’s code for vulnerabilities, and can be automated during your software development cycle.

Choosing a language, framework, and platform with extra security fortifications built in is paramount, too. For example, Microsoft’s .NET framework has a lot of built-in security, and the Python Django-style Playdoh platform addresses application security risks. Rising in popularity is the Spring Security framework, a Java framework known for excellent built-in authentication and authorization measures, and the PHP framework Yii prioritizes security, as well.

Aside from framework choice, there are a few strategies to bolster application security, including:

• Ensuring TLS
• Authentication and authorization measures
• Data encryption
• Sandboxing applications
• Secure API access
• Session handling