Cybersecurity threats are greater than ever. For example, the world has suffered a 645% increase in distributed denial-of-service (DDoS) attacks QoQ in March 2022, and a rise in ransomware equal to the past five years combined. Incidents like the SolarWinds hack of 2020 demonstrate that threats have grown increasingly complex and are able to infiltrated top-tier organizations like the US government. . And the average cost of a data breach has reached an all-time high of $4.35 million.
Given the growing sophistication and severity of the threats, organizations must continually fortify their network security. By implementing the most recent network security recommendations, they can prevent or promptly detect many cyberthreats to protect their business.
This guide will show you the fundamentals of securing a network and maintaining compliance, as well as the most common threats you may encounter, so you can begin securing your network today.
Network security: what needs to be protected
The first step in determining how to secure your network is to understand what you need to protect. In its most basic form, a network consists of connected devices that can collect and transmit information. Computer networks are built using both hardware technology and software components — all of which must be protected. Some of these components include:
- Wireless routers
- Switches
- Access points
- Cables
- Operating systems
- Applications
- Subnetworks, often known as network segments
Effectively managing network security is a challenge. Here are just a few of the common issues:
- Human errors resulting in network vulnerabilities
- Repetitive and time-consuming processes that can burn out network admins
- Conflicting or obsolete security policies, which can expose networks to threats
- Manual network configuration changes that cannot be automated, resulting in inefficiencies
- Poorly understood systems and processes
- Difficulty measuring risks
- Complex hybrid systems
Network security vulnerabilities and steps to address them
Just as improving the security of a physical security requires knowing where its weak points are, proper network security management demands that IT teams assess their network vulnerabilities so they know what to fortify.
A network security vulnerability is any component of your IT infrastructure that a threat actor would be likely to exploit, such as a flaw or weakness in an operating system, hardware component, computer network or related process. Network security vulnerabilities are likely to take one of three forms: hardware, software or human. Steps for addressing common vulnerabilities are detailed below.
Hardware vulnerabilities
- Ensure physical security. The hardware elements of your network — routers, switches and devices — can be penetrated by physical access. Installing security cameras and locking areas that contain your hardware can prevent unauthorized access and keep both your data center and your employees’ personal devices secure.
- Replace outdated hardware. When hardware is so old that it no longer receives support from the vendor, it becomes increasingly vulnerable to threats. Diligently track the lifecycle of your hardware and keep your inventory current.
Software vulnerabilities
- Keep your OS and application software updated. Adversaries actively seek to exploit outdated and unpatched OS and application software. Use the most current software solutions to minimize exposure to threats, and apply security fixes promptly to remediate weak points.
- Ensure your configurations are secure. Software often comes with default configuration settings that are well known by hackers. Avoid using default passwords and settings, and change the name of each administrator account to avoid overly easy access.
- Limit privileges. Too often, user accounts have access to data that either doesn’t pertain to their job or is above their pay grade altogether. This gives the employee — or an adversary who compromises their account — more opportunity to do damage. Use the least-privilege principle and ensure that each user has access to only the data they need.
Human vulnerabilities
- Educate everyone. Verizon’s Data Breach Investigation Report notes that 82% of digital threats involved the human element. For example, phishing attacks can lure email recipients into clicking on links that lead to fraudulent IP addresses or opening attachments that unleash ransomware into your network. Provide people at every level with training about common hacker tactics and how to report threats.
- Monitor for insider threats. Unfortunately, some threat actors are on the inside. Insider threats include disgruntled or negligent current or former employees. Carefully monitor for signs of suspicious behavior and remove old credentials before they can be used again.
Common types of network attacks
In addition to identifying and addressing vulnerabilities, it’s also important to understand common network attacks so you can be prepared for them. The most common types of network attacks are:
- Adware — Malware that attempts to gain revenue by placing advertisements on webpages and tracking the most visited sites
- Spyware — Malware that targets sensitive data
- Virus — Malware that replicates itself by modifying other programs and inserting its own code.
- Ransomware — Malware that uses data encryption to block access to files or directories until the victim pays a ransom
- Keylogger — Malware that tracks a user’s keystrokes in order to steal passwords, personal information and other sensitive data
- Worm — Malware that replicates itself from one system to another without the need for a host file
- Trojan — Malware disguised as something benign to trick the user into installing it
- Rootkit — Spyware that remains hidden in order to steal passwords and control the computer remotely.
- Logic bomb — Malicious code embedded in a system that doesn’t activate until certain criteria are met
- Botnet — A network of compromised computers controlled by hackers to conduct DDoS attacks, launch phishing campaigns and so on
- Advanced persistent threat (APT) — Accesses and remains inside a network for a prolonged period, often by combining several of the attacks listed above
In addition to software attacks like these, network security teams also need to know about hardware attacks like installation of unauthorized storage media (hard drives, flash drives, etc.), the risks of bring-your-own-device (BYOD) policies and stolen devices. Another risk is shadow IT — when teams use hardware, software or external services that are not managed and secured by the IT department.
Network security and regulatory compliance
Many regulatory mandates require organizations to implement network security controls, and top cybersecurity frameworks also address network security. These include:
- Payment Card Industry Data Security Standard (PCI DSS),Requirements 1 and 5
- International Organization of Standardization (ISO) 27001. Controls A.13.1.1–3
- Health Insurance Portability and Accountability Act (HIPAA) Security Rule, 45 CFR 160 and subparts A and C of 45 CFR 164
- General Data Protection Regulation (GDPR), Principle of Integrity and Confidentiality
- National Institute of Standards and Testing (NIST) Cybersecurity Framework
Five essential steps to secure your network
Step 1: Know your network.
Establish a complete inventory of all assets that access your networks and keep it up to day. Include all hardware assets connected to your infrastructure physically, virtually or remotely, even if they’re not under your control. Examples include user devices, servers, non-computing and IoT devices, and network devices.
Step 2: Identify and remediate vulnerabilities.
Threat actors often exploit networks by locating their weaknesses, so it’s vital to regularly conduct network security vulnerability assessments and take remediation steps based on the results. CIS Control 7 offers helpful guidance for the entirety of the vulnerability management process, including network security. These steps include:
7.1. Establish and maintain a vulnerability management process.
7.2. Establish and maintain a remediation process.
7.3. Perform automated operating system patch management.
7.4. Perform automated application patch management.
7.5. Perform automated vulnerability scans of internal enterprise assets.
7.6. Perform automated vulnerability scans of externally-exposed enterprise assets.
7.7. Remediate detected vulnerabilities.
Step 3: Strengthen your defenses and monitor for threats.
You need to layer multiple strategies to secure your digital assets and detect network threats. We cover them thoroughly in our best practices guide, but some of them are:
- Use Network Address Translation (NAT). By converting private internal IP addresses into routable ones on public networks, NAT connects multiple devices to the web with a single IP address. The result is fewer access points and less clarity for attackers as to which host they are invading; the points that do exist can be covered by firewalls.
- Use firewalls (don’t disable personal ones). Company-wide firewalls can help protect you from external attacks, but not from internal threat actors. Configuring standard personal firewalls according to your company’s needs can bolster your defenses against attacks from inside.
- Use virtual private networks (VPNs). A VPN is a kind of digital tunnel amidst other public networks. They connect LANs across the internet, and require special hardware or software to install. They use a tunneling protocol like PPTP or IPSec and encrypt their data to improve security, so they’re especially safe, though these factors can make them slower than other networking environments.
- Use an intrusion detection system (IDS).An IDS monitors normal activity and spots anomalies so your team can investigate them. It can also compares the attack signature to typical threat behavior.
- Use centralized logging and immediate log analysis. By recording suspicious logins and events, you’ll be better equipped to identify attackers the next time they strike. But remember that attackers adapt quickly — and they’re recording your responses, too.
- Use web domain whitelisting for all domains. Blacklisting prohibits users from visiting unauthorized sites, while whitelisting allows them to visit only those that have been approved. Thus, whitelisting gives attackers fewer options.
- Use a proxy server for internet access from workstations. Routing all outbound traffic to a server where it can be controlled and monitored can help protect abnormal behavior. Reconfiguring your network to include an authenticating proxy server can take some upfront work, but the payoff is more secure outgoing traffic with little upkeep thereafter.
- Enforce the least-privilege principle. Restricting each user’s access to the minimum required for their roles helps keep an individual — or an attacker who takes over their account — from viewing, modifying or deleting information they should not use.
- Practice network segmentation. Use switches, ports and VLAN networks to divide your network into functional units and use firewall to limit unauthorized access and prevent attackers from infiltrating your entire network should they breach a single point.
- Keep a consistent, common time source. Real-time log analysis and post-incident forensics rely on the ability to correlate events across the network into a single timeline, so you need a coordinated time across all your assets.
Step 4: Automate response to network attacks.
Network maintenance can be a tedious and overwhelming process, so automating as much as possible can improve efficiency and keep all defenses up to date. The most automatable processes include the following:
- Blocking IP addresses, which is useful against spam and DDoS attacks, though IP addresses can be spoofed
- Terminating connections by configuring routers and firewalls to target RESET TCP packets, thereby disrupting attackers.
- Acquiring additional information by observing intruders over time
- Identifying the point of initial access by reverse-engineering any malware you find
- Determining how malicious software was deployed, so that you can stop it next time
Automating your processes will also help admins keep track of other activities and free them up for different tasks.
Step 5: Remember that network security is an iterative process .
Network security is not a once-and-done event. Rather, continuous monitoring of network devices is vital for security. In particular, be sure to:
- Regularly assess risks and perform penetration tests. Risk assessments identify weak points and penetration tests are mock invasions performed by your security team to show you where an attacker could strike. Use both to understand your attack surface area and remediate weaknesses.
- Determine which devices you need to audit. Which ones to monitor will depend upon your industry and IT infrastructure, but those containing the most essential assets and the ones connected to the internet are a good place to start.
- Determine the frequency of auditing. Auditing frequency depends on your industry, network size and other factors, but auditing at least once a month can help you detect changes to your network environment, like changes to device configuration, that could weaken your security.
Because IT environments are complex, automating the monitoring process is critical. For example, Netwrix Change Tracker will:
- Monitor system integrity in real time
- Identify anomalies that might compromise systems integrity
- Remove blind spots by monitoring changes across all major cloud platforms, containers, virtual machines and network components, including products from Cisco, Nortel, Juniper, Fortinet and Checkpoint
Summary
As you can see, network security management is a complex process with many moving parts. The keys to success include understanding common threats; proactively mitigating software, hardware and human vulnerabilities; continually monitoring for suspicious activity and changes across the network; and making network security an iterative process.