Monday, January 21, 2013

Defense in Depth Layer 4: Internal Network Security


"Do not figure on opponents not attacking; worry about your own lack of preparation."
- Book of the Five Rings



This is the sixth post in in the series/semester.  The next step in our journey through the Defense in Depth model of security is the internal network.  Internal network security deals with authenticating network users, authorizing access to the network resources, and protecting the information that flows over the network.  There are various tools here to protect the network from potential attackers and traffic that should not be there.  The following is a list of key elements for internal network security.

1. Vulnerability Assessment and Management
Network services should be assessed and tested for vulnerabilities on a regular basis.  The purpose is to discover possible attack vectors to each host and device on the network and to address them in a way that makes an attack more difficult.

2. Network Segmentation
The process of network segmentation splits the network into sub-networks or network segments.  Network segments are created to control the flow of traffic between hosts on different segments  In addition to improving performance by reducing congestion and containing network problems, segmenting the network improves security by ensuring that only appropriate traffic is forwarded between segments and that the internal network structure is not visible from the outside. 

3. Network-Based IDS/IPS
The internal network layer, like the perimeter layer, works in conjunction with IDS/IPS.  As we discussed in the last blog post, the intrusion detecting system is in place to identify and proactively respond to problems while the intrusion prevention system allows for an automated response to potential security breaches.

4. Internet Protocol Security (IPSec)
IPSec is a set of protocols for securing IP communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic, public keys to be used during the session.  It can be used in protecting data flows between a pair of security gateways (network-to-network) or between a security gateway and a host (network-to-host). 

5. Network Access Control (NAC)
NAC restricts the availability of network resources to endpoint devices that comply with a defined security policy.  NAC restricts the data that each individual user can access and can also implement anti-threat applications such as firewalls, anti-virus software, and spyware-detection programs.  NAC also regulates and restricts the things individual subscribers can do once they are connected.

6. Access Control and Authentication
Access control is the means of controlling what a user or device can and cannot access. Authentication is the method used to identify a user or device.  Access control and authentication measures have evolved to include ID and password, digital certificates, security tokens, smart cards, and biometrics.   Access control lists (ACLs) block traffic and ensure that only those individual IP addresses can access systems and services.

7. Network-Based Anti-Virus Protection
Network based anti-virus software can eliminate viruses and worms before they reach other layers.

8. Network Communication Encryption
Encryption can defend network communications in three ways:
-An encrypted link can be constructed so that a third party cannot see its contents while data is in transit.
-An encrypted link can be constructed so that data cannot be modified while it is in transit without the modifications being detected.
-An encrypted link can be constructed to ensure the sender’s identity.

9. Network Analytics and Monitoring
Network traffic flow can be analyzed to determine patterns and identify potential risks.  This can be done through packet sampling, port scanning, behavior anomaly tracking, threat detection, rogue traffic quarantine, and network event management.

Next time, we’ll discuss security at the host layer.  

Thanks for reading!

Jen



1 comment: