I know most of you already know a lot about it, but I just wanted to lay down the foundations for what to come next.
Security Lifecycle:
If you search the Internet for the definition of Network Security, you will find like 22512 definitions, well, here is another one “Network Security is the PROCESS of providing and maintaining a Trusted Path for traffic traveling from one point to any other point in the Infrastructure, and provide a reliable and timely access to data and services for authorized users.”
Some people (especially in the management domain) think that when they threw a firewall on the edge, an IPS in the DMZ, and a couple of WAFs in front of Web published service, then they are secured. WRONG, Security is a PROCESS and Implementation is only one phase of that process.
This Security wheel divides the Security process into 4 Phases:
1-Plan: Define Assets, Assets values, Vulnerabilities, Threats, Prepare
your documents (HLD, LLD, etc.)
2-Protect: Implement and configure.
3-Detect: Monitor and define Security Incidents.
4-Resolve: Mitigate attacks and Maintain secure state.
P.S: If you search the internet you will find many cycles like Cisco: Secure, Monitor and Respond, Test, Manage and Improve. Bhaiji, Yusuf. Network Security Technologies and Solutions. Cisco Press, 2008. But I just wanted to use a simple one.
Security Triad:
So what are the goals of security?, What do we get when we secure our netw
orks?
CIA, simply stands for Confidentiality, Integrity, and Availability.
–Confidentiality: To prevent the exposure of information to unauthorized users.
–Integrity: To make sure that your data remains accurate and to prevent any unauthorized modification.
–Availability: Data and services are available all the time for authorized users.
Security Controls:
Are the tools that can be used to secure and mitigate attacks, there are 3 types of controls:
1-Administrative Controls: Polices, Procedures, Guidelines, and Standards that obligate, recommend, or forbid certain actions, like forbidding the usage of social media, providing a specific procedure for changing passwords, or recommended guidelines to create a strong password. Security Awareness Training also falls under administrative Controls.
2-Physical Controls: Protects the environment from tangible or physical threats like theft. An example for Physical Controls would be CCTVs, Secure Doors, Fences, etc.
3-Technical Controls: also called Logical Controls. Implemented in the form of Information Systems to prevent data theft/damage. Firewalls, Intrusion Prevention, Application Firewalls.
Defense in Depth:
Is to apply multiple layers of Security Controls, in a way that if one layer was compromised, the information will still be protected by other layers.
For example: If a network has a DMZ block with published services that n
eed to be protected from outside attacks, we can’t just install a parameter packet filtering firewall, because a firewall will not prevent attacks like SQL Injections or Buffer overflows, so we have to install an Intrusion Prevention System, then there will be Application attacks targeting Web servers, so we implement a Web Application Firewall (WAF) to prevent attacks like Cross Site Scripting (XSS) or Cross Site Request Forgery (XSRF). Even more we should define polices of who has physical access to the data centers?, and what cabinets?, I even saw Biometric Racks where you must provide your fingerprint to open a cabinet.
The OSI Model:
For sure everyone knows The Open Systems Interconnection (OSI) Model which provides a framework for communications between two devices and consists of 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.
The Dominos Effect:
Like a raw of Dominos if one falls all other Dominos will probably fall, so is the OSI model if one layer is compromised, all following layers will be compromised too so you have to start by protecting layer 1 (Physical) and move up to layer 7 (Application). One of the famous attacks is the Man In The Middle (MITM) Attack, the attack starts at layer 2 (Data Link) by poisoning ARP requests and replies but it compromises all the following layer up to layer 7 (Application), you can capture passwords for example, and if you start protecting your network from layer 3 (Network) and above, the MITM attack will still be applicable.
In the next topics we will view the attacks related to each layer and we will discuss the countermeasures and security controls that could be used to mitigate these attacks, after that we will talk about the Network Architecture and Design on the Enterprise Level.
I know it was a long and boring topic, but I had to lay the foundation first. I promise the upcoming topics will be more interesting.
Regards, 🙂
