eBook - ePub
Network Security Strategies
Aditya Mukherjee
This is a test
Compartir libro
- 390 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Network Security Strategies
Aditya Mukherjee
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Build a resilient network and prevent advanced cyber attacks and breachesKey Features• Explore modern cybersecurity techniques to protect your networks from ever-evolving cyber threats• Prevent cyber attacks by using robust cybersecurity strategies• Unlock the secrets of network securityBook DescriptionWith advanced cyber attacks severely impacting industry giants and the constantly evolving threat landscape, organizations are adopting complex systems to maintain robust and secure environments. Network Security Strategies will help you get well-versed with the tools and techniques required to protect any network environment against modern cyber threats.You'll understand how to identify security vulnerabilities across the network and how to effectively use a variety of network security techniques and platforms. Next, the book will show you how to design a robust network that provides top-notch security to protect against traditional and new evolving attacks. With the help of detailed solutions and explanations, you'll be able to monitor networks skillfully and identify potential risks. Finally, the book will cover topics relating to thought leadership and the management aspects of network security.By the end of this network security book, you'll be well-versed in defending your network from threats and be able to consistently maintain operational efficiency, security, and privacy in your environment.What you will learn• Understand network security essentials, including concepts, mechanisms, and solutions to implement secure networks• Get to grips with setting up and threat monitoring cloud and wireless networks• Defend your network against emerging cyber threats in 2020• Discover tools, frameworks, and best practices for network penetration testing• Understand digital forensics to enhance your network security skills• Adopt a proactive approach to stay ahead in network securityWho this book is forThis book is for anyone looking to explore information security, privacy, malware, and cyber threats. Security experts who want to enhance their skill set will also find this book useful. A prior understanding of cyber threats and information security will help you understand the key concepts covered in the book more effectively.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Network Security Strategies un PDF/ePUB en línea?
Sí, puedes acceder a Network Security Strategies de Aditya Mukherjee en formato PDF o ePUB, así como a otros libros populares de Informatik y Computernetzwerke. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
In this section, you will find information pertaining to the fundamentals of networking security, from the perspective of both cloud networks and wireless networks, as well as the top threats that impact networks worldwide. This includes mechanisms and solutions that can be implemented by you as a network security analyst. We will also take a look at the various types of setup that organizations have and what are the best practices, according to leading industry resources, for secure network establishment.
This section comprises the following chapters:
- Chapter 1, Network Security Concepts
- Chapter 2, Security for Cloud and Wireless Networks
- Chapter 3, Mitigating the Top Network Threats of 2020
Similar to how the nervous system forms one of the basic functional building blocks of our human body, computer networks are at the very core of the interconnected, seamless world that we all know today. Hence, it is of paramount importance to dedicate our efforts and focus on building and maintaining the security posture of our networks. Protecting our networks from internal and external threats is one of the most important aspects of any information security program for an organization.
In this prelusive chapter, we will be looking at the core concepts that will form our building blocks for a comprehensively secure network architecture, besides a few best practices and guidelines.
The following topics will be covered in this chapter:
- An overview of network security
- Network security architecture approach
- Network security best practices and guidelines
Technical requirements
There are no requirements for this chapter.
An overview of network security
For an effective network security apparatus to be in place, it is important to understand the central concepts associated with it and the implied technologies and processes around it that make it robust and resilient to cyber attacks. Today, some of the common challenges that security professionals face is the lack of a clear distinction between the devices in their infrastructure and the data that they hold or process. This is further complicated when the visibility is blurred by not having a demarcation of the various network boundaries. Today, we have evolved networks with components such as IoT, Industrial IoT (IIoT), and cloud computing, which have further added to the network complexity.
Network security in itself touches upon various attributes of security controls that a security professional should take into account, such as security gateways, SSL inspection, threat prevention engines, policy enforcement, cloud security solutions, threat detection and insights, attack analysis w.r.t frameworks, and so on.
Therefore, it is important, as a network security professional, to not only have clear visibility of your network but also understand the effectiveness of your security products/solutions. The following subsections will help us get familiar with the key terms and components of network security.
Network security concepts
As a network security professional, you should have a good understanding of major concepts such as the different attributes of network security, different types of network attacks, the fundamentals of a firewall's intrusion-detection/intrusion-prevention systems, the fundamentals of encryption and virtual private networks, operating system hardening, and many more.
Conceptually, cybersecurity focuses on the following attributes for foundational maturity, something that we will investigate deeply later in this book:
- Authentication: The process of verifying the identity of a user or process.
- Authorization: This is the process of validating the rights/privileges that a user has for a resource.
- Confidentiality: This refers to protecting information (data and system) from being accessed by unauthorized parties.
- Availability: This refers to data and systems being available for use.
- Integrity: This refers to maintaining the accuracy, consistency, and trustworthiness of data over its entire life cycle.
- Non-repudiation: This refers to the ability to assure that the sender accepts the authenticity of their signature message.
- Resilience: This refers to the ability of an entity to deliver the intended outcome continuously, despite adverse cyber events.
Before proceeding further, please ensure that you are familiar with the following concepts:
- OSI reference model: 7 layers and their corresponding functions and TCP/IP model
- Networking protocols and concepts: Proxies, security zones, DMZ, subnetting, and NAT/PAT
- Network connectivity devices: Firewall, DLP, IDS/IPS, and load balancer
- Common threats to network security: Virus, worms, trojans, RAT, sniffing, session hijacking, and DoS/DDoS
Next, we will take a look at the various attributes of network security and how to conduct continuous improvements and post-deployment analysis.
Network security components
A foundational well-thought-out network security architecture is key to an efficient, effective, and secure network infrastructure. Often, organizations face reliability issues, performance issues, cyber disruptions, and security incidents due to loopholes in the network architecture. Organizations should focus on areas such as network segmentation, adequate access controls, Defense-in-Depth (DiD), and the implementation of least privileges from a design perspective to begin with.
The first step in defending/protecting a network is to understand what that network comprises, how its elements communicate, and the architecture. Although there are many major frameworks available for implementing best practices for network design, each organization has different operational objectives and business goals, due to which contextualization and applying the best bit for the purpose of analysis needs to be done by a security architect.
As a best practice, break down all the security controls in the organization into major blocks and test each one. This allows you to validate their effectiveness and understand the improvement areas or security gaps. The overall blocks can be Identify, Detect, Protect, Respond, Recover, and Comply:
| Identify | Detect | Protect | Respond | Recover | Comply |
| Breach Stimulation | SOC 1 and SOC 2 | Security Awareness Training | SOAR | Data Backup | ISO Requirements |
| Red and Purple Teaming Exercise | Threat Hunting | SecDevOps | Digital Forensics | Data Recovery | GDPR/PIMS/and so on |
| Cloud Breach Stimulation | Threat Intel | CASB | Incident Response | Cyber Resilience | National and Regional Policies |
| Web/Mobile Application Attacks | Attack Surface Monitoring | WAF Assessment | Cyber Incident Response Team Assessment | BCP and DR | Industry and Regulatory Requirements and Mandates |
| Infrastructure Security Attacks | Cloud Security Monitoring | Third-Party Vendor Assessment | |||
| Security Architecture and Configuration review | SIEM and SOC Detection Assessment | Data Security and Classification | |||
| IoT and IIoT Security | UEBA | Identity and Access Management |
The preceding table shows the key components of a network security program and the solutions that should be (ideally) present in those components to give it holistic coverage against ...