Network infrastructure refers to resources that enable network connectivity, communication, operation, and management. Typically, it includes networking hardware, software, and services. If your network is not secure, it presents a significant vulnerability to various attacks such as denial-of-service, malware, spam, and unauthorized access.
Network security basics
- Malware protection: Install anti-virus and virus checker, intrusion detection systems, regular backups, and security patches.
- Passwords: Implement adequate password policies for physical and network access control, devices and removable media, as well as remote access. Adequate policies include frequent password changes (every 90 days), requiring letters, numbers, and symbols, and having a strict lockout policy.
- Monitoring and logging: Audit systems and review logs for unusual activity.
- Remote access: Permit only remote access connections to the company network through company-approved remote access technologies. Additionally, Two Factor Authentication is highly recommended.
- Mobile devices and removable media: Establish policy, training, and procedures for mobile devices, restrict the use of removable media, and apply encryption.
Open Systems Interconnection (OSI) model basics
The Open Systems Interconnection (OSI) model demonstrates how networks operate in terms of hardware and software. Each layer in the model performs different tasks for network communication and is useful to analyze security properties of protocols and devices. More importantly, this type of model helps build a multi-layered “defense-in-depth” to provide maximum network security.
Here are the different layers of this model and how it can best be implemented:
Physical layer: Defines physical and electrical characteristics of the network, such as cable types and signals used to transmit data.
- Devices: Repeater, hub, and network interface controller (NIC)
- Vulnerabilities: Loss of power, physical theft, damage, and modification of data and hardware
- Prevention controls: Employ video/audio surveillance, lock your perimeter, use biometric/PIN and password authentication systems
Data link layer: Defines how shared communication channels can be accessed and data frames can be reliably transmitted.
- Devices: switches and bridges
- Vulnerabilities: Media Access Control (MAC) address spoofing and flooding, bypassing VLAN configurations, unauthorized access due to weak authentication, and encryption in the wireless environment
- Prevention controls: MAC address filtering, strong wireless security, physical separation of layers with firewalls and other IDS (Intrusion Detection Systems)
Network layer: Handles the task of routing network messages from one node to another and determines which path it needs to take to reach its destination.
- Devices: Router
- Vulnerabilities: Route and IP address spoofing
- Prevention controls: Anti-spoofing and filter policy, firewalls, broadcast monitoring
Transport layer: Ensures that packets are transported reliably and without errors.
- Vulnerabilities: Spoofing of transmission mechanisms, overloading of transport layer mechanisms, fingerprinting
- Prevention controls: Limit specific transmission protocols, implement stateful inspection on the firewall
Session layer: Establishes conversations (sessions) between networked devices.
- Vulnerabilities: weak authentication mechanisms, passing Personally Identifiable Information (PII) in clear text, spoofed session identification information, brute force attacks
- Prevention controls: encryption when passing personal information, adequate account policy with expiration and authorisation, limit failed timing and session attempts
Presentation layer: Responsible for how data is presented to applications.
- Vulnerabilities: Crashed applications, remote manipulation and execution, information leakage
- Prevention controls: Employ cryptography, input validation
Application layer: Deals with the techniques that applications use to communicate with the network.
- Vulnerabilities: Program flaws causing crashing and abnormal behavior, inadequate and complex security controls, application design flaws
- Prevention controls: Access control for applications should be detailed, flexible, and straightforward; review application code, implement firewall, and IDS to monitor applications
