What You Should Know about Networks for a Job in Information Security

By Peter H. Gregory

If you are seeking a career in information security, you will need to know all about network security. Several network-centric security devices are used to protect systems, networks, and information from intruders.

Firewalls

Firewalls are inline devices placed between networks to control the traffic that is allowed to pass between those networks. Typically, an organization will place a firewall at its Internet boundary to prevent intruders from easily accessing the organization’s internal networks.

A firewall uses a table of rules to determine whether or not a packet should be permitted. The rules are based on the packet’s source address, destination address, and protocol number. Firewalls do not examine the contents of a message.

Firewalls are used to create a demilitarized zone (DMZ), which is half-inside and half-outside networks where organizations place Internet-facing systems such as web servers. This strategy helps protect the web server from the Internet and also protects the organization in case an adversary compromises and takes over control of the web server.

Intrusion prevention system (IPS)

An intrusion prevention system (IPS) is an inline device that examines incoming and outgoing network traffic, looking for signs of intrusions and, when any intrusion is detected, blocking such traffic.

Unlike a firewall, an IPS does examine the contents of network packets, not just their source and destination addresses. This approach is based on the principle that malicious traffic may be characterized by its contents, not merely its origin or destination.

Like a firewall, an IPS is typically placed at or near Internet ingress and egress (entrance and exit) points, so that all Internet incoming and outgoing traffic, respectively, can be examined and any malicious traffic blocked.

Data loss prevention (DLP) system

A data loss prevention (DLP) system examines (primarily) outgoing traffic, looking for evidence of sensitive data being sent out of the organization inappropriately. A DLP system is configured to look for specific patterns in outgoing data and send alerts or just block traffic meeting certain criteria.

Web-filtering system

A web-filtering system examines the websites that an organization’s personnel are visiting. The web-filtering system logs all web access by personnel and can also be configured to block access to various categories of websites (for example, pornography, gambling, weapons, or social media sites) as well as specific sites. The purpose for web-filtering systems is generally twofold: to prevent access to sites that are clearly not work related and to protect the organization from accessing sites that may be hosting malware.

Virtual private network

A virtual private network (VPN) is a technique used to encapsulate network traffic flowing between two systems, between a system and a network, or between two networks. Typically, encryption is employed along with encapsulation so that the contents of the traffic cannot be read by anyone who intercepts the traffic.

VPNs are most commonly used for remote access, as well as to protect information flowing over the Internet between specific organizations.