WP What is Network Security | Threats, Best Practices | Imperva

Network Security

328 views
App SecurityAttack ToolsEssentialsThreats

What Is Network Security?

Network security incorporates various technologies, processes, and devices into a broad strategy that protects the integrity, confidentiality, and accessibility of computer networks. Organizations of all sizes, industries, or infrastructure types require network security to protect against an ever-evolving cyber threat landscape.

Traditional network security consists of rules and configurations that employ software and hardware technologies to protect the network and its data. However, this mechanism cannot cover the needs of today’s complex network architectures, which have a bigger, more vulnerable attack surface than the traditional perimeter-based network of past days.

Threat actors understand the vulnerable nature of the modern network and utilize advanced technologies, such as automation and botnets powered by artificial intelligence (AI), to find vulnerabilities, exploit them, and avoid detection. They look for security vulnerabilities everywhere—in devices, data, users, locations, and applications.

Common network security threats include malicious software (malware), phishing schemes, Distributed Denial of Service (DDoS). Many network security issues create the additional risk of regulatory non-compliance. Defending against these threats involves utilizing a broad set of technologies including firewalls, network segmentation, intrusion prevention systems (IPS), and tools that can help organizations implement zero trust security principles.

This is part of a series of articles about cyber security.

Network Security vs. Cyber Security

Network security focuses primarily on securing network infrastructure, including the network edge, routers, and switches. Cyber security includes network security and covers additional areas, such as data storage and transportation.

Network security and cyber security differ mainly in network planning. A cyber security plan includes within it a network security plan. However, network security plans can exist independent of cyber security.

Network Security Threats and Attacks

Malware

Malware is a program that attacks information systems. There are various types of malware, each designed to perform specific malicious activities. For example, ransomware encrypts files and holds it for ransom, spyware covertly spies on victims, and Trojans infiltrate systems.

Threat actors use malware to achieve various objectives, such as stealing or secretly copying sensitive data, blocking access to files, disrupting system operations, or making systems inoperable.

Phishing

Phishing is a type of fraud that occurs when a threat actor impersonates a reputable entity in person, via email, or other communication forms. Threat actors often use phishing emails to spread malicious attachments or links that perform various functions, such as extracting the victim’s account information or login credentials.

Bots

A bot is a small program that automates web requests with various goals. Bots perform their tasks without any human intervention, for example, scanning website content and testing stolen credit card numbers.

A bot attack utilizes automated web requests to defraud, manipulate, or disrupt applications, websites, end-users, or APIs. Bot attacks were originally used primarily for spam and denial of service, but have evolved into complex enterprises with economies and infrastructure that enables waging additional, more damaging attacks.

DDoS Attacks

A Distributed Denial of Service (DDoS) attack employs multiple compromised computer systems to attack a target and cause a denial of service for the targeted resource’s users. It sends a flood of messages, malformed packets, or connection requests to the target system, forcing it to slow down or entirely shut down, denying service to real systems and users. DDoS attacks can target a website, server, and other network resources.

Advanced Persistent Threats (APTs)

An advanced persistent threat (APT) is a targeted and prolonged attack during which intruders gain unauthorized access to a network, remaining undetected for an extended time. Threat actors usually launch APT attacks to steal data rather than cause damage to the target’s network.

Most APT attacks aim to obtain and maintain long-term, covert access to a targeted network. Since it is not a simple operation involving getting in and out as quickly as possible, APT attacks typically require much effort and resources. To ensure a return on investment, actors choose high-value targets like large corporations and nation-states.

Drive-by Download

A drive-by download attack is the unintentional download of malicious code to a computer or mobile device, exposing the victim to a cyberattack. Unlike other cyberattacks, a drive-by does not rely on a user to actively enable the attack.

Becoming infected does not require clicking on anything, pressing download, or opening a malicious email attachment. A drive-by download exploits an application, web browser, or operating system containing security flaws, which may occur due to a lack of updates or unsuccessful updates.

DNS Attack

A DNS attack occurs when a threat actor exploits vulnerabilities in a domain name system (DNS). DNS was designed for usability rather than security. As a result, threat actors can exploit the communication between clients and servers to launch attacks.

Threat actors often exploit the plaintext communication between clients and DNS servers. Another attack strategy involves logging in to a DNS provider’s website using stolen credentials and redirecting DNS records.

Related content: Read our guide to information security

What Are the Challenges of Network Security?

Rapidly Evolving Threat Landscape

The first major challenge for network security is the rapid evolution of the cyber threat landscape. Technologies evolve quickly, and attackers find new ways to infiltrate and exploit corporate networks, requiring businesses to implement new defenses to protect their networks.

Bigger Attack Surface

Another factor that makes network security more challenging is the broadening scope of an organization’s security strategy. All network users are responsible for security. Building a strategy everyone can follow is not easy, especially if the organization needs to update it regularly to address emerging threats.

Bring Your Own Device (BYOD) and Remote Work

Many organizations have a Bring Your Own Device (BYOD) policy, resulting in a highly complex, distributed network and a much larger attack surface. Every personal device requires protection.

Wireless security is especially important for companies that allow employees to work from home. Remote users often access sensitive corporate resources and data via an unsecured public network (i.e., the Internet).

Cloud Security

When organizations run workloads and services in the cloud, cloud vendors and managed service providers are responsible for ensuring security, but the organization is typically responsible for securing its own data and applications. Organizations must maintain awareness of all access points to the network and implement a unified security strategy across the hybrid environment.

Types of Network Security Technologies and Solutions

Firewall/NGFW

A firewall controls inbound and outbound traffic on networks using predetermined security rules to prevent malicious traffic from entering the network. Network security relies on firewalls to protect against external threats. Today, most organizations use next-generation firewalls (NGFW) that can block malware and application-layer attacks.

WAF

A web application firewall (WAF) is a program that can filter, monitor, and block HTTP traffic flowing to and from a web service. Inspecting HTTP traffic enables a WAF to prevent actors from exploiting known vulnerabilities in web applications, such as cross-site scripting (XSS), SQL injections (SQLi), improper system configuration, and file inclusion.

Intrusion Prevention Systems (IPS)

IPS technology detects or prevents network security attacks such as brute force and DoS attacks and exploitation of known vulnerabilities. A security vulnerability can potentially allow threat actors to achieve various malicious goals, like gain control of an affected system. Once an actor discovers a vulnerability, there is a window of opportunity to exploit it before it is discovered and patched. An IPS can help quickly block exploits of known vulnerabilities.

Network Segmentation

Network segmentation is a technique that enables organizations to define boundaries between network segments. A network segment can be a location housing assets with a common function, role, or risk within the organization.

A perimeter gateway, for example, segments a corporate network from the public Internet. It blocks potential external threats to keep sensitive data safe inside the network. Organizations can define additional internal boundaries within the network to achieve improved access control and security.

Microsegmentation

Microsegmentation is a technique that security architects employ to logically split a network into separate security segments, define security controls per microsegment, and deliver services for each microsegment. It enables deploying flexible security policies deep inside a data center via network virtualization technology rather than installing several physical firewalls.

Microsegmentation can help protect each virtual machine (VM) in a network using policy-driven, application-level security controls. It allows applying security policies to separate workloads, significantly improving a network’s resistance to attack.

Secure Remote Access

Threat actors require access to infiltrate networks. Access controls determine which users and devices can access certain internal or cloud resources. Modern access control implementations include secure remote access and zero trust network access (ZTNA). Secure remote access incorporates various technologies that address authentication, endpoint security, the elevation of privileges, and secure remote connections.

Virtual Private Networks (VPNs)

A virtual private network (VPN) protects users’ identities by masking their IP address and location and encrypting their data. Using a VPN eliminates the need to connect to the Internet directly. Instead, it provides a secure server that connects to the public Internet on behalf of the user.

VPNs help organizations and individuals protect themselves when connecting to unsafe networks like public WiFi connections in airports and coffee shops. It helps protect users from threat actors trying to steal sensitive data like photos, corporate emails, credit card numbers, and users’ identities.

Zero Trust Network Access (ZTNA)

Zero trust security is a model that requires suspecting all entities, including internal users, within the networks. It shifts away from traditional security that treated only externals suspiciously. Zero trust security involves implementing various controls that protect against internal threats and external intrusion.

Zero trust network access (ZTNA), or software-defined perimeter (SDP), solutions enable organizations to specify and enforce granular access to applications and grant access according to the least privileges principle. This principle allows users to have only the access and permissions required to fulfill their role.

Network Access Control (NAC)

NAC utilizes network administrator tools and company-wide policies to prevent unauthorized devices and users from gaining access to protected networks. It enables organizations to:

  • Assign specific accounts to internal users protected with unique credentials.
  • Categorize users according to their job functions to establish role-based permissions defining what these users are permitted to access and do on the network.
  • Grant limited access privileges to various guest users on a separate network to prevent them from reaching sensitive information.
  • Register company-approved devices into the system to ensure the network recognizes devices allowed to access it.
  • Restrict access according to a device’s operating system or the installed security software to prevent high-risk devices from exposing the network to attacks.

Data Loss Prevention (DLP)

DLP solutions help prevent employees from sharing company information and sensitive data outside the network. It helps prevent actions that unwittingly or maliciously expose data to external actors outside the network. Common DLP events include printing, downloading and uploading files, or forwarding messages.

Security Information and Event Management (SIEM)

SIEM solutions provide comprehensive visibility into activities within the protected network. It collects and aggregates log data generated by the organization’s unified security framework, including firewalls, advanced threat protection systems, IPS, and NAC. Next, it creates a security report including analyses that flag anomalous network activities and security incidents.

Administrators use SIEM analysis to quickly address threats using various means, like isolating network environments, blocking malicious payloads, and restricting user access. SIEM solutions also provide granular insights into network traffic and signatures to help administrators make informed decisions on improving network security and minimizing threat exposure.

Endpoint Protection

Endpoint security is a multi-layered approach that helps protect against threats originating at end-user endpoints, such as laptops, smartphones, and tablets, connected to the network. The goal is to keep data, devices, and networks safe by applying various mechanisms like antivirus software, encryption, and DLP.

Network Security Best Practices

Audit the Network and Security Controls

Auditing the network is essential to obtaining the information needed to assess the organization’s security posture accurately. Here are notable benefits of network audits:

  • Identifying potential vulnerabilities that require remediation.
  • Locating unused and unnecessary applications that run in the background.
  • Determining the firewall’s strength to correct its settings accurately.
  • Measuring the state of networked servers, software, applications, and gear.
  • Confirming the efficacy of the overall security infrastructure.
  • Assessing the status of current server backups.

Organizations must conduct audits regularly and consistently over time.

Use Network Address Translation

Network address translation (NAT) helps compensate for the address deficiency of IPv4 networking. It translates private addresses within the organization into routable addresses on a public network like the Internet. Organizations use NAT to connect multiple computers to the public Internet using one IP address.

NAT works alongside firewalls, providing additional protection for internal networks. Hosts inside protected networks with private addresses can usually communicate with the external world. However, systems outside the protected network must go through NAT boxes to reach an internal network. NAT also enables using fewer IP addresses to confuse actors from learning which host they are attacking.

Use Centralized Logging and Immediate Log Analysis

Organizations must record suspicious logins and various computer events to look for anomalies. The goal is to reconstruct what has happened during an existing or past attack to identify the necessary steps to improve the organization’s threat detection process and facilitate a quicker response during future events.

Threat actors often try to avoid logging and detection. For example, an actor can target a sacrificial computer while it actually performs different actions and monitors to learn how the targeted systems work. It helps threat actors learn which thresholds to stay below to avoid triggering security alerts.

Create a Backup and Recovery Plan

Enterprises operate in a threat environment where the question is when they will be breached rather than if. The goal of a backup and recovery strategy is to minimize downtime and limit the overall costs of breaches and other incidents.

Backing up operationally-important and sensitive data is critical to ensure continuity and avoid data loss. Backup and recovery plans are especially important to build resiliency against various threats, especially ransomware attacks and outages.

Securing Networks with Imperva

Imperva Network Security helps organizations ensure constant network availability through constant optimization and protection across corporate, data center, and cloud infrastructure.

  • Imperva Content Delivery Network (CDN) brings content caching, load balancing, and failover so your applications and content are securely delivered across the globe.
  • Imperva DDoS Protection secures all your assets at the edge from attempts at disruption. Avoid paying ransoms, ensure business continuity, and guarantee uptime for your customers.

Imperva DNS Protection is an always-on service that secures your network edge against DNS attacks and guarantees mitigation of DDoS attacks targeting domain name servers for uninterrupted operations.