Networking Overview
A network facilitates communication between computers. Understanding network topologies, mediums, and protocols is crucial for security professionals. Network failures can be subtle and easily missed, highlighting the importance of network monitoring and security.
Security through Network Segmentation
Building a large, flat network is operationally simple but insecure. It’s analogous to a house with only a door lock for security. A more robust approach is network segmentation—creating smaller, isolated networks that communicate only through controlled pathways. This adds layers of defense. While network pivoting (moving laterally within a network) is possible, segmentation makes it slower and more detectable.
Analogies to Physical Security
-
Segmentation and Access Control Lists (ACLs): Building smaller networks and implementing ACLs is like fencing a property. This creates controlled entry/exit points, making unauthorized access more visible and suspicious. (Example: Why is the printer network communicating with the servers using HTTP?)
-
Network Mapping and Documentation: Mapping and documenting network purposes is like illuminating a property. Visibility makes suspicious activity easier to spot. (Example: Why is the printer network communicating with the internet at all?)
-
Intrusion Detection Systems (IDS): Deploying IDSs (like Suricata or Snort) acts as a deterrent, similar to bushes around windows. IDSs detect and alert on suspicious network activity, such as port scans. (Example: Why did a port scan originate from the printer network?)
Challenges of Flat Networks:
On a large, flat network (e.g., a /24 network using DHCP), devices like printers can easily access unintended resources unless explicitly restricted. This highlights the security advantages of segmentation. Proper security measures are often overlooked in flat networks.
Key Security Takeaways:
- Network segmentation is a fundamental security principle.
- Thorough network mapping and documentation are essential for monitoring and incident response.
- IDSs act as a valuable deterrent and detection mechanism.
- A well-segmented network significantly enhances security posture compared to a flat network.
The provided analogies demonstrate that basic network security principles are very similar to physical security concepts. Understanding these concepts is fundamental for protecting an organization’s assets.