Chapter 4: Implementing Secure Network Infrastructure

A secure network infrastructure is the backbone of a resilient cyber security framework.

This chapter focuses on the essential components of network security, such as firewalls, intrusion detection systems, and secure remote access. We delve into strong authentication mechanisms and encryption protocols.

By implementing robust network security measures, you can fortify your organisation's perimeter defences and minimise the risk of unauthorised access.

Configure firewalls to filter traffic

Configuring your firewall to block incoming and outgoing network traffic allows you to control what is allowed in and out of your network and to which web services. Firewalls are rule based devices. To allow traffic in and out there must be a rule to allow the action. For example, if you had a webserver in your office for public access you would have a rule similar to “Allow all traffic to the webserver”. This rule will allow the outside world into the office webserver.

The same is true of outgoing rules.

You may have an outgoing rule that looks similar to “deny access to www.facebook.com”. Outgoing rules aid in the prevention of employees accessing something that that could compromise your network. Many businesses overlook outbound rules through fear of upsetting employees because they are not allowed to browse social media on the organisations network, however by allowing access to only the parts of the internet that your employees need to perform their daily duties, you can really cut down the risks of accidentally exposing your business.

Deploy IDS/IPS

Deploying intrusion detection and prevention systems to detect and block malicious activities can stop attackers while they are gathering information about your network. So, what’s the difference between IDS and IPS?

Intrusion Preventions Systems (IPS) are there to prevent known security problems from being exploited. An IPS is like a firewall but in reverse. As mentioned above, a firewall has rules like “allow all traffic to webserver”, however an IPS has many, many thousands of rules such as “block known security flaw xyz...”. The rules in the IPS get updated automatically all the time when a new vulnerability is exposed.

Intrusion Detection Systems (IDS) work in a similar way as IPS. However the IDS will detect if a “bad actor” is trying to exploit a vulnerability by “sniffing” the incoming internet traffic and blocking it.

VPNs, SSL and MFA

Establishing secure remote access through the use of virtual private networks (VPNs), Secure Socket Layer protocol (SSL) and Multi-Factor Authentication (MFA) is good, but what are they?

VPNs

VPS or Virtual Private Network is a network connection that creates a private link over the internet between two points, for example the office and your house. Using this link, you have direct access from you house to the office network and all the data is being encrypted so that the data cannot be read by a third party while it is being sent between the two locations.

SSL

SSL or Secure Socket Layer is a protocol for securing data transmission between two devices by using encryption. A realworld example of this is that on the majority of websites you will notice a little padlock in the left-hand side of the address bar. This little padlock means that any information that is sent between your computer and the website is encrypted and generally speaking more secure.

Due to the ease of obtaining an SSL certificate don’t assume all websites are safe just because they have the little padlock. You should always use some common sense

MFA

MFA or Multi-Factor Authentication is a way of making sure the login details are being used by the correct individual and not by a hacker that has stolen the details. MFA requires users to provide two or more verification factors to gain access to a website, application, or corporate network.