eBook - ePub
Network Security Strategies
Aditya Mukherjee
This is a test
Condividi libro
- 390 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Network Security Strategies
Aditya Mukherjee
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Build a resilient network and prevent advanced cyber attacks and breachesKey Features• Explore modern cybersecurity techniques to protect your networks from ever-evolving cyber threats• Prevent cyber attacks by using robust cybersecurity strategies• Unlock the secrets of network securityBook DescriptionWith advanced cyber attacks severely impacting industry giants and the constantly evolving threat landscape, organizations are adopting complex systems to maintain robust and secure environments. Network Security Strategies will help you get well-versed with the tools and techniques required to protect any network environment against modern cyber threats.You'll understand how to identify security vulnerabilities across the network and how to effectively use a variety of network security techniques and platforms. Next, the book will show you how to design a robust network that provides top-notch security to protect against traditional and new evolving attacks. With the help of detailed solutions and explanations, you'll be able to monitor networks skillfully and identify potential risks. Finally, the book will cover topics relating to thought leadership and the management aspects of network security.By the end of this network security book, you'll be well-versed in defending your network from threats and be able to consistently maintain operational efficiency, security, and privacy in your environment.What you will learn• Understand network security essentials, including concepts, mechanisms, and solutions to implement secure networks• Get to grips with setting up and threat monitoring cloud and wireless networks• Defend your network against emerging cyber threats in 2020• Discover tools, frameworks, and best practices for network penetration testing• Understand digital forensics to enhance your network security skills• Adopt a proactive approach to stay ahead in network securityWho this book is forThis book is for anyone looking to explore information security, privacy, malware, and cyber threats. Security experts who want to enhance their skill set will also find this book useful. A prior understanding of cyber threats and information security will help you understand the key concepts covered in the book more effectively.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Network Security Strategies è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Network Security Strategies di Aditya Mukherjee in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Computer Networking. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
In this section, you will find information pertaining to the fundamentals of networking security, from the perspective of both cloud networks and wireless networks, as well as the top threats that impact networks worldwide. This includes mechanisms and solutions that can be implemented by you as a network security analyst. We will also take a look at the various types of setup that organizations have and what are the best practices, according to leading industry resources, for secure network establishment.
This section comprises the following chapters:
- Chapter 1, Network Security Concepts
- Chapter 2, Security for Cloud and Wireless Networks
- Chapter 3, Mitigating the Top Network Threats of 2020
Similar to how the nervous system forms one of the basic functional building blocks of our human body, computer networks are at the very core of the interconnected, seamless world that we all know today. Hence, it is of paramount importance to dedicate our efforts and focus on building and maintaining the security posture of our networks. Protecting our networks from internal and external threats is one of the most important aspects of any information security program for an organization.
In this prelusive chapter, we will be looking at the core concepts that will form our building blocks for a comprehensively secure network architecture, besides a few best practices and guidelines.
The following topics will be covered in this chapter:
- An overview of network security
- Network security architecture approach
- Network security best practices and guidelines
Technical requirements
There are no requirements for this chapter.
An overview of network security
For an effective network security apparatus to be in place, it is important to understand the central concepts associated with it and the implied technologies and processes around it that make it robust and resilient to cyber attacks. Today, some of the common challenges that security professionals face is the lack of a clear distinction between the devices in their infrastructure and the data that they hold or process. This is further complicated when the visibility is blurred by not having a demarcation of the various network boundaries. Today, we have evolved networks with components such as IoT, Industrial IoT (IIoT), and cloud computing, which have further added to the network complexity.
Network security in itself touches upon various attributes of security controls that a security professional should take into account, such as security gateways, SSL inspection, threat prevention engines, policy enforcement, cloud security solutions, threat detection and insights, attack analysis w.r.t frameworks, and so on.
Therefore, it is important, as a network security professional, to not only have clear visibility of your network but also understand the effectiveness of your security products/solutions. The following subsections will help us get familiar with the key terms and components of network security.
Network security concepts
As a network security professional, you should have a good understanding of major concepts such as the different attributes of network security, different types of network attacks, the fundamentals of a firewall's intrusion-detection/intrusion-prevention systems, the fundamentals of encryption and virtual private networks, operating system hardening, and many more.
Conceptually, cybersecurity focuses on the following attributes for foundational maturity, something that we will investigate deeply later in this book:
- Authentication: The process of verifying the identity of a user or process.
- Authorization: This is the process of validating the rights/privileges that a user has for a resource.
- Confidentiality: This refers to protecting information (data and system) from being accessed by unauthorized parties.
- Availability: This refers to data and systems being available for use.
- Integrity: This refers to maintaining the accuracy, consistency, and trustworthiness of data over its entire life cycle.
- Non-repudiation: This refers to the ability to assure that the sender accepts the authenticity of their signature message.
- Resilience: This refers to the ability of an entity to deliver the intended outcome continuously, despite adverse cyber events.
Before proceeding further, please ensure that you are familiar with the following concepts:
- OSI reference model: 7 layers and their corresponding functions and TCP/IP model
- Networking protocols and concepts: Proxies, security zones, DMZ, subnetting, and NAT/PAT
- Network connectivity devices: Firewall, DLP, IDS/IPS, and load balancer
- Common threats to network security: Virus, worms, trojans, RAT, sniffing, session hijacking, and DoS/DDoS
Next, we will take a look at the various attributes of network security and how to conduct continuous improvements and post-deployment analysis.
Network security components
A foundational well-thought-out network security architecture is key to an efficient, effective, and secure network infrastructure. Often, organizations face reliability issues, performance issues, cyber disruptions, and security incidents due to loopholes in the network architecture. Organizations should focus on areas such as network segmentation, adequate access controls, Defense-in-Depth (DiD), and the implementation of least privileges from a design perspective to begin with.
The first step in defending/protecting a network is to understand what that network comprises, how its elements communicate, and the architecture. Although there are many major frameworks available for implementing best practices for network design, each organization has different operational objectives and business goals, due to which contextualization and applying the best bit for the purpose of analysis needs to be done by a security architect.
As a best practice, break down all the security controls in the organization into major blocks and test each one. This allows you to validate their effectiveness and understand the improvement areas or security gaps. The overall blocks can be Identify, Detect, Protect, Respond, Recover, and Comply:
| Identify | Detect | Protect | Respond | Recover | Comply |
| Breach Stimulation | SOC 1 and SOC 2 | Security Awareness Training | SOAR | Data Backup | ISO Requirements |
| Red and Purple Teaming Exercise | Threat Hunting | SecDevOps | Digital Forensics | Data Recovery | GDPR/PIMS/and so on |
| Cloud Breach Stimulation | Threat Intel | CASB | Incident Response | Cyber Resilience | National and Regional Policies |
| Web/Mobile Application Attacks | Attack Surface Monitoring | WAF Assessment | Cyber Incident Response Team Assessment | BCP and DR | Industry and Regulatory Requirements and Mandates |
| Infrastructure Security Attacks | Cloud Security Monitoring | Third-Party Vendor Assessment | |||
| Security Architecture and Configuration review | SIEM and SOC Detection Assessment | Data Security and Classification | |||
| IoT and IIoT Security | UEBA | Identity and Access Management |
The preceding table shows the key components of a network security program and the solutions that should be (ideally) present in those components to give it holistic coverage against ...