Network and System Security
Definitions are fine as top-level statements of intent. But how do you lay out a plan for implementing that vision?
Protection: You have to configure your systems and networks as correctly as possible
Detection: You should be able to identify when the configuration has changed or when some network traffic indicates a problem
Reaction: After detecting problems quickly, you must respond to them and return to a safe state as rapidly as possible
1) Access control: You should be able to block unauthorized users and devices from accessing your network. End Users that are permitted network access should only be able to work with the limited set of resources for which they’ve been authorized.
2) Anti-malware: Viruses, worms, and trojans by definition attempt to spread across a network, and can lurk dormant on infected machines for days or weeks. Your security effort should do its best to prevent initial infection and also root out malware that does make its way onto your network.
3) Behavioral analytics: You should know what normal network behavior looks like so that you can spot anomalies or breaches as they happen.
prevention of Data loss : Human beings are inevitably the weakest security link. You have to implement technologies and processes to ensure that staffers don’t deliberately or inadvertently send sensitive data outside the network
SMTP&POP3 security: Phishing is one of the most common ways attackers gain access to a network. E-mail spamming attack prevention tools can block both incoming attacks and outbound messages with sensitive data.
4) Network filters & Firewalls: Perhaps the granddaddy of the network security world, they follow the rules you define to permit or deny traffic at the border between your network and the internet,It established a barrier between your trusted zone and the wild west outside.
5) Intrusion detection and prevention System (IDS & IPS): These systems scan network traffic to identify and block attacks, often by correlating network activity signatures with databases of known attack techniques.
6) Network segmentation: Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier.
7) Logs and Events analysis tools (SIEM): These are automated tools aims to automatically pull together information from a variety of network tools to provide data you need to identify and respond to threats.
8) Virtual Priate Network: A tool (typically based on IPsec or SSL) that authenticates the communication between a device and a secure network, creating a secure, encrypted “tunnel” across the open internet.