In today's connected digital environment, there's more of a need than ever to secure your network. DDoS attacks are on the rise. More criminals are trying to take advantage of exploits to infect your pc with ransomware. Hackers are using loopholes to steal your personal information from organization databases. But how do you go about protecting yourself and your organization?
Network security tools can be used to increase network visibility and secure your network. There are two broad categories of network security tools that you can use: inline and out-of-band.
Inline or in-band network security tools are ‘active’ tools that are installed inline on the network data traffic path within the network itself. This allows it to interact with the traffic in real-time, detecting and removing malicious data packets if they’re detected. Unfortunately, if an inline device fails, it causes the network connection to fail as well. You’ll need to install a network bypass, such as a bypass switch or an optical bypass, alongside the inline device to circumvent it in this scenario.
Out-of-band network security tools are ‘passive’ tools that are installed outside of the network data path. These tools get a duplicate copy of the network traffic. This is also referred to as a tap deployment. Out-of-band tools often have less stringent real time requirements, or none at all. This means that if threatening traffic is detected, an appropriate action will only take place after the threat has been detected in the duplicate traffic.
There are a wide variety of tools that you can use to protect your network. Here are 5 tools that you can take advantage of to defend yourself. The marketplace is constantly coming up with new 3-4 letter acronyms, that often combine the functionality of these ‘basic’ tools:
A regular or traditional firewall is only able to scan and control connections based on packet information available between network visibility layers two and four. A traditional firewall would likely include additional tools such as Network Address Translation.
The Next-Generation Firewall (NGFW) takes the traditional firewall and adds intrusion prevention systems (IPS) and application control. NGFWs also include other functionality such as TLS termination and SSL inspection, and deep-packet and malware detection as part of a broader breach detection system (BDS).
An intrusion detection system (IDS) is a network monitoring tool used to surveil network traffic. It is similar to a firewall but lacks some of its features. If malicious activity is detected by an IDS, an automated warning will be sent to the system administrator and the source of the traffic may be blocked to secure the network. There are a variety of IDS, including:
Here we would like to introduce a (somewhat) related tool. An enterprise may deploy a security information and event management (SIEM) to collect logs and manage warnings and alerts. A SIEM is entirely out-of-band, typically not even processing a copy of the data traffic directly, but logs, metadata and alerts from other tools..
An Intrusion Prevention System (IPS) is an inline solution that provides network and application-level filtering. It uses two types of detection methods to identify malicious packets.
The first type of detection method is Signature-Based Detection. Signature-Based Detection uses the signature, or recognisable pattern of an exploit to identify it. The IPS contains a database of signatures which it uses to recognise threats.
The other type of detection method is based on traffic heuristics or on Statistical Anomaly Detection. Statistical Anomaly Detection creates an average set of behaviours by tracking legitimate traffic over a period of time. After this baseline is defined, the IPS will take steps to protect the network against any traffic that falls outside of these set behaviors. Such traffic heuristics are useful in detecting threats that are yet unknown in the industry and do not have an identifiable signature. IPS may be combined with IDS to automatically protect your network from any potential threats.
Deep Packet Inspection (DPI) is an advanced form of network traffic scanning and classification. It scans a packet, or a connection, and once it has been identified and classified, will take action to reroute or block it as defined by the network administrator. DPI was not always possible due to the processing power that was required to perform DPI in real-time. Often a DPI engine is part of an IPS or IDS.
Penetration Testing, or White Hat Attack, is a sanctioned attack on a computer network. The purpose of this intentional attack is to identify any potential weaknesses in the network and address them before a hacker is able to exploit them.
Penetration Tests should be performed on a regular basis to ensure your network is secure, but also whenever you make changes to your network or network management, update applications or apply security updates.
These are just a few of the tools you can use to protect your organization’s network and improve network vsibility. For more information on deploying and optimizing your network security tools for better protection and availability, contact Niagara Networks to arrange a consultation today.