Building Your Cybersecurity Foundation – The Network Layer

TeamTechnology
By Barry Semple, Director of Technology, Fully Managed

Many layers of security are needed to build a solid foundation for your organization. In our last blog post we discussed some basic guiding principles for your company and looked closely at the Endpoint Layer – which is any device, either cabled or wireless, that touches your network. Today we are delving into the network itself.

Network Layer

In general, a business network can be made up of several different components: modems, hubs, routers, switches, wireless access points and more – essentially all things that allow multiple computers to talk to one another and share data.
 
Your network has many thousands, to many billions of packets of data traversing it every single day. So how do we know what is good traffic and what is bad? Up to date network equipment has the ability to check each piece of data as it enters and crosses your network, looking for indicators that the traffic may be malicious. This type of technology is called an Intrusion Detection System, or IDS, in monitoring mode, and called Intrusion Prevention System, or IPS, in active protection and control mode.
 
It’s possible to check all network components to see if they are capable of running IDS or IPS in order to provide this added layer of protection. We recommend that key network components do have the capability of running at least IDS, and preferably IPS.  Any components not capable of either should be considered for an upgrade or update.
 
Another protection against malicious data crossing your network is DNS security. DNS is the internet-based system that converts internet web site names into the IP address of the server which hosts the data for the web site. A DNS security system protects all devices on your network from going to web sites and internet IP addresses which are known to be malicious or bad. One such system is Cisco Umbrella, which processes over 150 billion DNS requests per day, and from this sheer volume of data, is able to ascertain which are not safe for general consumption.
 
And finally, it is possible to utilize monitoring software to log and view what your network is being used for and by whom, what devices are being used, what applications are accessing which data, and what web sites are being visited. This can provide an immense volume of data which via machine learning can identify both malicious actors (groups, or individuals with malicious intent wanting to exploit vulnerabilities) entering your environment and internal threat actors who may already be in your environment. Some network components have this type of monitoring built in, to provide a good level of information and protection without adding greatly to the complexity or cost of your overall environment.
 
Next time: We look into the Perimeter Layer.

Read more in this Series: