What is Network Security Critical Necessity?

Information and efficient communication are two of the most critical strategic problems for the success of each business. With the advent of digital manner of conversation and storage, more and more companies have shifted to using information networks to communicate, keep data, and to achieve assets. There are different types and levels of network infrastructures which can be used for running the business.

It may be stated that in the modern world nothing had a larger effect on businesses than the networked computers. but networking brings with it security threats which, if mitigated, permit the advantages of networking to outweigh the dangers.

Role of Network in Business

Nowadays, computer networks are considered as a resource by means of almost all businesses. This resource permits them to collect, analyze, organize, and disseminate data this is important to their profitability. most businesses have installed networks to stay competitive.

The most obvious role of computer networking is that groups can shop genuinely any type of data at a important region and retrieve it at the preferred place through the network.

Benefits of Networks

Computer networking permits people to share data and thoughts easily, in order to work more successfully and productively. Networks improve activities including purchasing, selling, and customer service. Networking makes traditional business techniques extra efficient, greater possible, and less expensive.

The main benefits a business draws from computer networks are −

• Resource Sharing − A business can lessen the amount of cash spent on hardware by means of sharing components and peripherals related to the network.
• Streamlined Business Processes − computer networks allow groups to streamline their internal business methods.
• Collaboration Among Departments − when two or more departments of business connect selected quantities of their networks, they can streamline business methods that generally take inordinate amounts of time and effort and often pose difficulties for achieving higher productivity.
• Improved Customer Relations − Networks offer customers with many advantages including convenience in doing business, speedy carrier response, and so on.

There are many other business unique advantages that accrue from networking. Such advantages have made it important for all sorts of businesses to adopt computer networking.

Necessity for Network Security

The threats on stressed or wireless networks has significantly improved because of advancement in present day technology with developing capacity of computer networks. the overwhelming use of internet in today’s world for numerous business transactions has posed challenges of data theft and different assaults on business intellectual assets.

In the present technology, maximum of the businesses are performed through network utility, and hence, all networks are at a risk of being attacked. maximum common security threats to business network are information interception and theft, and identity theft.

Network security is a specialized subject that offers with thwarting such threats and presenting the protection of the usability, reliability, integrity, and protection of computer networking infrastructure of a business.

Importance of Network Security for Business

• Protecting Business Assets − that is the primary goal of network security. property suggest the data that is saved in the computer networks. data is as important and precious as any other tangible assets of the organization. network security is involved with the integrity, safety, and secure access of personal data.
• Compliance with Regulatory Requirements − network security features assist organizations to conform with government and industry precise rules about data protection.
• Secure Collaborative working − network security encourages co-worker collaboration and enables communication with clients and providers by providing them relaxed network access. It boosts client and consumer confidence that their sensitive information is protected.
• Reduced Risk − Adoption of network security reduces the effect of security breaches, such as legal action that may bankrupt small organizations.
• Gaining Competitive Advantage − developing an powerful security device for networks supply a competitive area to an company. in the area of net financial services and e-commerce, network security assumes prime importance.

Firewall

A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.

Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet

History and Need for Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.
But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

Connectivity to the Internet is no longer optional for organizations. However, accessing the Internet provides benefits to the organization; it also enables the outside world to interact with the internal network of the organization. This creates a threat to the organization. In order to secure the internal network from unauthorized traffic, we need a Firewall.

How Firewall Works

Firewall match the network traffic against the rule set defined in its table. Once the rule is matched, associate action is applied to the network traffic. For example, Rules are defined as any employee from HR department cannot access the data from code server and at the same time another rule is defined like system administrator can access the data from both HR and technical department. Rules can be defined on the firewall based on the necessity and security policies of the organization.
From the perspective of a server, network traffic can be either outgoing or incoming. Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a source address and destination address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port number which identifies purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For this reason, the firewall must always have a default policy. Default policy only consists of action (accept, reject or drop).
Suppose no rule is defined about SSH connection to the server on the firewall. So, it will follow the default policy. If default policy on the firewall is set to accept, then any computer outside of your office can establish an SSH connection to the server. Therefore, setting default policy as drop (or reject) is always a good practice.

Generation of Firewall

Firewalls can be categorized based on its generation.

1. First Generation- Packet Filtering Firewall :  Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).
   Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet headers.

1. Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.
2. Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.
   In other words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between either side of the firewall, each packet has to pass through the proxy. It can allow or block the traffic based on predefined rules.

   Note: Application layer firewalls can also be used as Network Address Translator(NAT).

3. Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats.

 Types of Firewall

Firewalls are generally of two types: Host-based and Network-based.

1. Host- based Firewalls : Host-based firewall is installed on each network node which controls each incoming and outgoing packet. It is a software application or suite of applications, comes as a part of the operating system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.
2. Network-based Firewalls : Network firewall function on network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the firewall. A Network firewall might have two or more network interface cards (NICs). A network-based firewall is usually a dedicated system with proprietary software installed.

 

 

What is Access Control

Access control is a method of restricting access to sensitive data. Only those that have had their identity verified can access company data through an access control gateway.

What are the components of access control?

At a high level, access control is about restricting access to a resource. Any access control system, whether physical or logical, has five main components:

1. Authentication: The act of proving an assertion, such as the identity of a person or computer user. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, or checking login credentials against stored details. 
2. Authorization: The function of specifying access rights or privileges to resources. For example, human resources staff are normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. 
3. Access: Once authenticated and authorized, the person or computer can access the resource.
4. Manage: Managing an access control system includes adding and removing authentication and authorization of users or systems. Some systems will sync with G Suite or Azure Active Directory, streamlining the management process.
5. Audit: Frequently used as part of access control to enforce the principle of least privilege. Over time, users can end up with access they no longer need, e.g. when they change roles. Regular audits minimize this risk.  

How does access control work?

Access control can be split into two groups designed to improve physical security or cybersecurity:

• Physical access control: limits access to campuses, building and other physical assets, e.g. a proximity card to unlock a door.
• Logical access control: limits access to computers, networks, files and other sensitive data, e.g. a username and password.

For example, an organization may employ an electronic control system that relies on user credentials, access card readers, intercom, auditing and reporting to track which employees have access and have accessed a restricted data center. This system may incorporate an access control panel that can restrict entry to individual rooms and buildings, as well as sound alarms, initiate lockdown procedures and prevent unauthorized access. 

This access control system could authenticate the person's identity with biometrics and check if they are authorized by checking against an access control policy or with a key fob, password or personal identification number (PIN) entered on a keypad. 

Another access control solution may employ multi factor authentication, an example of a defense in depth security system, where a person is required to know something (a password), be something (biometrics) and have something (a two-factor authentication code from smartphone mobile apps). 

In general, access control software works by identifying an individual (or computer), verifying they are who they claim to be, authorizing they have the required access level and then storing their actions against a username, IP address or other audit system to help with digital forensics if needed.

Why is access control important?

Access control minimizes the risk of authorized access to physical and computer systems, forming a foundational part of information security, data security and network security.

Depending on your organization, access control may be a regulatory compliance requirement:

• PCI DSS: Requirement 9 mandates organizations to restrict physical access to their buildings for onsite personnel, visitors and media, as well as having adequate logical access controls to mitigate the cybersecurity risk of malicious individuals stealing sensitive data. Requirement 10 requires organizations employ security solutions to track and monitor their systems in an auditable manner. 
• HIPAA: The HIPAA Security Rule requires Covered Entities and their business associates to prevent the unauthorized disclosure of protected health information(PHI), this includes the usage of physical and electronic access control.  
• SOC 2: The auditing procedure enforce third-party vendors and service providers to manage sensitive data to prevent data breaches, protecting employee and customer privacy. Companies who wish to gain SOC 2 assurance must use a form of access control with two-factor authentication and data encryption. SOC 2 assurance is particularly important for organization's who process personally identifiable information(PII).
• ISO 27001: An information security standard that requires management systematically examine an organization's attack vendors and audits all cyber threats and vulnerabilities. It also requires a comprehensive set of risk mitigation or transfer protocols to ensure continuous information security and business continuity. 

What are the types of access control?

The main types of access control are:

• Attribute-based access control (ABAC): Access management systems were access is granted not on the rights of a user after authentication but based on attributes. The end user has to prove so-called claims about their attributes to the access control engine. An attribute-based access control policy specifies which claims need to be satisfied to grant access to the resource. For example, the claim may be the user's age is older than 18 and any user who can prove this claim will be granted access. In ABAC, it's not always necessary to authenticate or identify the user, just that they have the attribute. 
• Discretionary access control (DAC): Access management where owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. These systems rely on administrators to limit the propagation of access rights. DAC systems are criticized for their lack of centralized control. 
• Mandatory access control (MAC): Access rights are regulated by a central authority based on multiple levels of security. MAC is common in government and military environments where classifications are assigned to system resources and the operating system or security kernel will grant or deny access based on the user's or the device's security clearance. It is difficult to manage but its use is justified when used to protected highly sensitive data. 
• Role-Based Access Control (RBAC): In RBAC, an access system determines who can access a resource rather than an owner. RBAC is common in commercial and military systems, where multi-level security requirements may exist. RBAC differs from DAC in that DAC allows users to control access while in RBAC, access is controlled at the system level, outside of user control. RBAC can be distinguished from MAC primarily by the way it handles permissions. MAC controls read and write permissions based on a user/device's clearance level while RBAC controls collections of permissions that may include complex operations such as credit card transactions or may be as simple as read or write. Commonly, RBAC is used to restrict access based on business functions, e.g. engineers, human resources and marketing have access to different SaaS products.
• Rule-based access control: A security model where an administrator defines rules that govern access to the resource. These rules may be based on conditions, such as time of day and location. It's not uncommon to have some form of rule-based access control and role-based access control working together.
• Break-Glass access control: Traditional access control has the purpose of restricting access, which is why most access control models follow the principle of least privilege and the default deny principle. This behavior may conflict with operations of a system. In certain situations, humans are willing to take the risk that might be involved in violating an access control policy, if the potential benefit of real-time access outweighs the risks. This need is visible in healthcare where inability to access to patient records could cause death.