How a Network can be Secured?
How a network can be Secured, and how to prevent it from being attacked.
Network security is a critical component of any organization’s IT infrastructure. It is essential to protect the network from malicious attacks, unauthorized access, and data breaches. Network security is a complex and ever-evolving field, and there are many different methods and techniques that can be used to secure a network. The first step in securing a network is to identify the threats that it faces. This includes identifying the types of attacks that could be used to compromise the network, such as malware.
There are several types of networks according to the network topology which can be attacked.
So, here are the lists of networks which are as follows:
v CAN (Campus Area Networks)
v SOHO (Small Office and Home Office Networks)
v WAN (Wide Area Networks)
v DCN (Data Center Networks)
 |
| How a Network can be Secured |
Campus Area Networks (CAN)
Campus Area Networks within a limited geographic area consists of
interconnected LANs. There are various network security techniques implemented
by Network professionals to protect the organization’s assets from outside and
inside threats. Untrusted
network Connections must be checked in-depth by multiple layers of defense
before reaching enterprise resources, and it is known as defense-in-depth.
 |
| Campus Area Network |
According to the figure, a sample CAN with a defense-in-depth approach
uses various security devices and security features to secure it. The below
table provides an Explanation of the defense-in-depth design elements that are
shown in the figure.
 |
| defense-in-depth design |
Small Office and Home Office Networks (SOHO)
Regardless of size, it is important that all type of networks is
protected. Attackers are also interested in SOHO networks and want to use
someone’s internet connection for free. They use it to view financial
transactions, or for illegal activities such as online purchases.
 |
| Small Office and Home Office Network |
A Router is used to protect Home and SOHO networks, that router is a Consumer Grade Router. Basic security features are provided by these
routers to protect inside assets from outside attackers.
The below figure shows a consumer-grade wireless router, that is used to secure the SOHO network. Integrated firewall features and secure wireless connections are provided by a consumer Grade Wireless Router. The Layer 2 Switch is hardened with various security measures that switch is an access layer switch. This type of router connects user-facing ports that use port security to the SOHO network. Using the Wireless Protected Access 2 (WPA2) data encryption technology, Wireless hosts connect to the wireless network. Hosts typically have antimalware and antivirus software installed. These security measures at different layers of the network provide a comprehensive defense.
Wide Area Networks
Wide Area Networks (WANs) contain a wide geographical area, often over the public internet. Organizations must ensure secure transport over the public network for the data in motion as it travels between sites.
 |
| Wide Area Network |
On the edge of the networks, network security professionals must use
secure devices. In the below figure, an ASA is used to protect the main site,
which provides features of a stateful firewall and establishes secure VPN
tunnels to various destinations.
The above figure shows a Wide Area Network (WAN) and it also shows a way to secure it.
The above figure shows a regional site, a branch site, a SOHO site, and a
mobile worker. Using a hardened ISR, a branch site connects to the corporate
main site. The ISR to the main site ASA firewall can establish a permanent
always-on VPN connection. A regional site is larger than a branch site and using
an ASA, it connects to the corporate main site. A permanent always-on VPN connection
to the main site ASA can be established through ASA. A SOHO site is a small
branch site and it used a Cisco wireless router that connects to the corporate
main site. A connection can be established as a permanent always-on VPN
connection to the main site ASA by the wireless router. Alternatively, The Cisco
Any Connect VPN client is used by the internal SOHO users to establish a secure
VPN connection to the main site ASA. A teleworker is a mobile worker, who may
use the Cisco Any Connect VPN client from any location to establish a secure
VPN connection to the main site ASA.
Data Center Networks
Data center networks are used to store sensitive or proprietary data and
are typically housed in an off-site facility. These sites are connected using
VPN technology to corporate sites with integrated data center switches and ASA
devices, such as high-speed Cisco Nexus switches.
 |
| Data center network |
Today’s data centers store vast quantities of business-critical,
sensitive information. Physical security is critical to their operation, and Physical
security not only protects access to the facility but also protects equipment
and people. Sprinklers, seismically-braced server racks, fire alarms, redundant
heating, ventilation, and air conditioning (HVAC), and UPS systems are in place
to protect equipment, people, and data.
The physical security of a Data center can be divided into two areas:
1.
Inside perimeter security
Inside perimeter security can include continuous video surveillance, electronic motion detectors, biometric access, security traps, and exit sensors.
2.
Outside perimeter security
On-premise security officers, continuous video surveillance, gates, fences,
and security breach alarms are included in this security perimeter.
Data center physical security Measures
1.
Security Trap
Where the data of the data center is stored, security traps provide access
to those data halls. In the below figure, a security trap is similar to an airlock.
A person using their badge ID proximity card must first enter the security trap.
Person Facial recognition, fingerprints, or other biometric verifications are
used after the person is inside the security trap to open the second door. To
exit the data hall, the user must repeat the same process.
 |
| Security Trap |
2.
Biometric Finger Print Scanner
This method is used to secure access to the data center.
 |
| Finger Print Scanner |
If you want to configure and Practical Lab of Static and Dynamic Routing then visit the below link: 👇
How to Configure Static Routing
Dynamic Routing
Redistribution of Routes in Dynamic Routing
How to Configure OSPF Multi-area
How to Configure OSPF Single-area
0 Comments