Security Issues You Should Know About to Get a Networking Job

By Peter H. Gregory, Bill Hughes

Networking professionals are largely responsible for technological security within an organization. To effectively protect against attacks, these professionals need to know the best ways to secure the network. Check out the tools of the trade.

Network security

Several network-centric security devices protect systems, networks, and information from intruders. Here are some of the more common ones.

Firewalls

Firewalls are inline devices placed between networks to control the traffic that is allowed to pass between those networks. Typically, an organization places a firewall at its Internet boundary to prevent intruders from easily accessing the organization’s internal networks.

A firewall uses a table of rules to determine whether or not a packet should be permitted. The rules are based on the packet’s source address, destination address, and protocol number. Firewalls do not examine the contents of a message.

Firewalls are used to create a demilitarized zone (DMZ), which is half inside and half outside the networks in which organizations place Internet-facing systems such as web servers. This strategy helps protect the web server from the Internet and protects the organization in case an adversary compromises and takes over control of the web server.

Intrusion prevention system (IPS)

An intrusion prevention system (IPS) is an inline device that examines incoming and outgoing network traffic, looking for signs of intrusions and blocking such traffic when it detects an intrusion.

Unlike a firewall, an IPS examines the contents of network packets, not just their source and destination addresses. This approach is based on the principle that malicious traffic may be characterized by its contents, not merely its origin or destination.

Typical DMZ network architecture.
Typical DMZ network architecture.

Like a firewall, an IPS is typically placed at or near Internet entrance and exit points, so that all Internet incoming and outgoing traffic, respectively, can be examined and any malicious traffic blocked.

Data loss prevention (DLP) system

A data loss prevention (DLP) system primarily examines outgoing traffic, looking for evidence of sensitive data being sent out of the organization inappropriately. A DLP system is configured to look for specific patterns in outgoing data and to send alerts or just block traffic meeting certain criteria.

Web-filtering system

A webfiltering system examines the websites that an organization’s personnel are visiting. The web-filtering system logs all web access by personnel and can also be configured to block access to various categories of websites (for example, pornography, gambling, weapons, or social media sites) as well as specific sites.

The purpose for web-filtering systems is generally twofold: to prevent access to sites that are clearly not work related and to protect the organization from accessing sites that may be hosting malware.

Virtual private network

A virtual private network (VPN) is a technique used to encapsulate network traffic flowing between two systems, between a system and a network, or between two networks. Typically, encryption is employed along with encapsulation so that the contents of the traffic cannot be read by anyone who intercepts the traffic.

VPNs are most commonly used for remote access, as well as to protect information flowing over the Internet between specific organizations.

Attacks and countermeasures

Intruders are incredibly efficient at finding ways to break into an organization’s networks. They do so to steal valuable data that they can easily monetize. The techniques used and the defensive countermeasures include the following:

  • Phishing: Adversaries compose realistic-looking emails to trick users into clicking links to phishing sites, which are malicious sites that will attempt to install malware on victims’ workstations or steal login credentials. Countermeasures include spam filters, antimalware, intrusion prevention systems, and security awareness training.

  • Watering hole attack: Adversaries find websites that they think an organization they’re targeting might visit. They take over those websites and install malicious software that visitors will unknowingly install, leading to an intrusion. Countermeasures include web-filtering systems, antimalware, and intrusion prevention systems.

  • Denial of service attack: Adversaries will attack a target system to incapacitate it, through either a high volume flood of data or malicious traffic designed to incapacitate the target system. Countermeasures include firewalls, intrusion prevention systems, and cloud-based denial-of-service defense services.