Show
Network security is a major challenge for companies. Indeed, the growing importance of IT assets, the interconnection of information systems and their exposure have increased the risks of attacks. At the same time, information (data) is produced, processed, exchanged and exploited by systems and on networks that may be vulnerable in all their components or configuration: servers, workstations, segmentation, Wi-Fi, user access, applications, etc. Why is it important to secure an internal network?Networks are one of the main targets of attacks because their design rarely considers security risks. This usually results in:
We concede that designing a network architecture is a complex process. However, proper design should not be based solely on functional requirements. It must also take into account security considerations to avoid critical vulnerabilities that could compromise the entire information system. It is therefore necessary to include security requirements in the network design phase, which should ensure the following objectives:
To sum up in one sentence: the continuity of an organisation’s activity, and therefore its sustainability, implies that of its information system. However, this continuity can only be ensured by the implementation of a security policy and measures tailored to the company’s specific challenges. However, information without a system to deliver it is useless, and a system cut off from its users is meaningless. This is why network security must be one of the priorities of any company, whatever its sector, activity or size. Securing an internal network is therefore vital and necessarily involves implementing best practices in terms of configuration, integration, monitoring and security testing. This article does not aim to be exhaustive. It will address network security from a best practice perspective only, with some additional information on the risks, types of attacks and vulnerabilities that can be exploited by attackers to compromise an internal network. We invite you to take a look at our article: How to strengthen the security of your network infrastructure to counter the most common attacks? in order to have a more comprehensive view of the security issues and risks related to the internal network. Internal network segmentationNetwork segmentation is the separation of the network into physical and logical domains, each protected by a defined security perimeter. In practice, it involves splitting the network into smaller network segments that are isolated from each other within virtual local area networks (VLANs) or physical networks (LANs). On the one hand, this allows workstations, devices, applications, servers and other systems with different levels of criticality to be grouped together in separate zones in order to optimise management and security levels. On the other hand, segmentation enables the restriction of authorised connections by differentiating, for example, an internal network for which no connection from the Internet is authorised from a network accessible from the Internet. This is generally referred to as a demilitarised zone or DMZ. Furthermore, the implementation of such a DMZ requires the installation of firewalls between the partitioned networks in order to control the incoming and outgoing information flows. VLAN network segmentationVLANs therefore enable to create virtual networks connected to a physical device (switch), allowing to separate the traffic between the different logical networks defined. This ensures that machines in one VLAN cannot communicate with those belonging to another VLAN, unless interconnection is desired. Thus, VLANs not only provide better control but also simplify the management and administration of the network. However, let’s be clear, they do not provide any security mechanism per se. Indeed, the segmentation of the network into VLANs does not thwart attacks, but it remains an essential security measure, as it is one of the main ways to reduce the impact of a successful attack. Wi-Fi network partitioningWi-Fi networks can also be used as attack vectors. It is therefore necessary to distinguish the Wi-Fi connections of personal or visitor terminals from those of the organisation’s systems, and to filter the flows of workstations connecting to the Wi-Fi network. To do this, several partitioned Wi-Fi networks can be set up in order to restrict access to certain critical resources while ensuring that only the necessary elements are accessible to the different predefined user groups. To reduce the risk of your network being compromised, you should ensure that:
Securing Wi-Fi networksThe use of WIFI networks is essential in most companies, generally for reasons of comfort and performance optimisation. However, as mentioned earlier, it is necessary to separate the uses by implementing segmentation mechanisms. This provides additional security. Furthermore, the physical security of Wi-Fi access points and related infrastructure should not be overlooked. Appropriate controls should therefore be implemented to protect the equipment. Lastly, Wi-Fi network communications must be secured and encrypted using a proven protocol such as WPA2 and WPA3. Generally and if possible, the deployment of Wi-Fi networks on information systems handling sensitive data should be avoided or, failing that, specific measures should be implemented. Thus, to secure WI-FI networks, it is necessary to:
Securing the administration and management of network devicesThe administration and management of active network devices is a critical aspect that must be handled in an appropriate manner, with adequate security measures, to prevent unauthorised intrusion. To return to the subject of network segmentation, it is strongly recommended to create an area dedicated to the administration of network devices. This segment enables to manage and verify the proper functioning of all components within a given security perimeter. Furthermore, management traffic should also be separated from the rest of the communications to eliminate the possibility that it could be intercepted in transit. Where appropriate, management traffic should transit through a secure protocol. Thus, as the administration and management of network devices is by nature particularly sensitive, it must be adequately protected, with appropriate filtering, restrictions and protocols. To do this, it is therefore necessary to:
Securing communications and data exchanges on the networkInformation and data that are transmitted in clear test on a network, i.e. unencrypted, constitute a major risk in terms of confidentiality and integrity. The risk is even greater on Wi-Fi networks, as communications can be intercepted throughout the perimeter covered by the access point. In this configuration, logins, passwords, technical documents and other sensitive data (personal, payment information, etc.), can easily be retrieved by attackers with appropriate eavesdropping tools. This type of attack is known as “sniffing”. Given the risks, encryption of information and data flowing over the network is necessary. To protect oneself, it is essential to integrate an encryption layer into existing protocols (http, rtp, ftp, etc.) to guarantee the confidentiality and integrity of communications. Control and secure user accessImplementing a secure access control systemAccess control is probably the most central aspect of network security. It should be based on permissions and access rights to a well-defined security perimeter. To protect against unauthorised access or network intrusion, authentication mechanisms should be used for users and devices. Indeed, access of systems and users must always be authenticated and authorised beforehand. This allows to confirm the identification of the account owner before assigning rights (according to his role, function, etc.) and to keep a record and follow-up of his actions (via logs). However, given the size, nature and complexity of some networks, and the specificities of some organisations, managing authentication databases can be difficult. In general, a centralised single sign-on (SSO) solution can address this issue, as long as it is properly integrated and secure. Implementing an effective password policyAuthentication security naturally requires the implementation of an effective password policy. On this point, three words of order:
In summary, to secure user access and improve control, it is therefore necessary to:
For more details on these best practices, we refer you to our article: How to secure authentication, session management and access control systems? Log eventsLogging is a control mechanism for monitoring the network and ensuring traceability. However, even if best practices in logging and monitoring do not provide any protection against attacks, they do allow the detection and investigation of unusual events and intrusions. To facilitate the management and exploitation of logs, it is advisable to centralise them in a dedicated area allowing easier administration. To do this, it is necessary to implement programs (agents) on all the machines to be monitored in order to send back to the server all the events listed in your log files. This is important because, in the event of a machine being compromised, it is likely that the logs will be destroyed by the attacker. Centralising, synchronising and duplicating the logs will ensure that you always have a copy. Finally, it is recommended to use equipment with native logging functionality. In summary, best logging practices involve:
For more information on the principle and best practices of logging and monitoring, you can consult our article: Logging and Monitoring: definition and best practices. Securing applicationsSecuring an application is vital and this necessarily involves implementing best practices in terms of development, integration, monitoring and security testing. We have discussed the issue of application security in a previous article. We invite you to consult it for an overview of the best practices to implement, in terms of reducing the attack surface, server security, authentication security, protection of sensitive data, etc.: How to secure a website or a web application? And for more information on the common vulnerabilities of web applications, we refer you to our article: How to strengthen the security of your web applications to counter the most common attacks? Raising awareness of security risks, including social engineering threatsSecuring workstationsThe risks of intrusion into systems are significant and workstations are often a gateway for attackers. Indeed, a workstation without adequate protection can not only jeopardise the information processed and stored on it, but also serve as an attack vector to compromise the systems to which it has access. It is therefore essential that basic security practices are known and implemented by the systems security team and users. These measures are based on:
Protecting against social engineering risksBeyond the technical risks, the most common vulnerability exploited to compromise an information system is the human element, via social engineering attacks. These attacks consist of using social skills to obtain or compromise information about a company or its systems. Email ( through phishing) remains the main attack vector, as most studies and examples of successful social engineering attacks on small, medium and large companies show. And the consequences are often devastating and irreversible. However, there are simple measures to limit the impact of this type of attack:
Perform a network penetration test to assess risks and strengthen your securityA network penetration test remains the best way to test the security of your systems against attacks. The objective: to identify potential vulnerabilities and propose security patches. Indeed, this type of offensive audit follows a proven methodology, allowing for an in-depth analysis of the risks of internal networks, some of which have been mentioned in the heart of this article. From this point of view, a network penetration test consists of mapping the network and then carrying out tests on the elements identified: servers, workstations, Wi-Fi, network devices, workstations, etc. The report issued following the tests enables to understand the mechanisms of the discovered vulnerabilities in order to reproduce and correct them. Which type of network can you set up so that your company can work securely with another organization that is separate from or lateral to your company?A small network that is set up separately from a company's private local area network and the Internet. Also known as a perimeter network. Similar to an intranet except that it is extended to users outside a company and possibly to entire organizations that are separate from or lateral to the company.
What kind of network is an intranet quizlet?An intranet is a private network (LAN) that employs internet information services for internal use only.
Which type of firewall operates on the session layer that creates a connection and allows packets to flow between the two hosts without further checking?Circuit-Level Gateway Firewall
Circuit-level gateways operate on the session level (layer 5). These firewalls check for functional packets in an attempted connection, and—if operating well—will permit a persistent open connection between the two networks.
What are the different types of networks quizlet?Terms in this set (8). LAN (Local Area Network) ... . WAN (Wide Area Network) ... . GAN (Global Area Network) ... . WPAN (Wireless Personal Area Network) ... . WLAN (Wireless Local Area Network) ... . SAN (Storage Area Network) ... . VPN (Virtual Private Network) ... . VLAN (Virtual Local Area Network). |