Denys Rudyi - Fotolia
The network has always played a key role in IT security. Most business-critical traffic traverses at least some portion of a corporate network, making it an ideal location to centralize threat prevention services. Let's look at a few of the top network security techniques used to protect enterprises and their data.
Identity and access control is the ability to identify users and devices and provide the appropriate level of resource accessibility when connecting to the corporate network. Network security techniques in this space include 802.1x authentication, router/switch access control lists and firewall rules.
Intrusion prevention systems (IPSes) are commonly placed in line with firewalls at the network edge, primarily between the internal company network and the internet. An IPS uses known malicious signatures that are then cross-referenced against packets coming into or going out of the network. When malicious packets are identified, they are blocked from entry.
Mobile device security became popular around the time the BYOD movement began. The IT department doesn't own or control the security of noncorporate mobile devices, such as smartphones and tablets, so additional security measures had to be implemented to lower overall risk. Mobile device security platforms perform preliminary checks on mobile devices to make sure they meet a minimum level of security prior to being granted access onto the network. If the devices fail one or more checks, they can be placed into a quarantine network where the user can perform the necessary upgrades or patches needed to gain access to company resources.
Wireless security helps to ensure that devices are protected from malicious actors attempting to connect to -- or read data from -- the wireless LAN. This includes network security techniques, such as Wi-Fi Protected Access and associated authentication mechanisms. Common Wi-Fi authentication techniques include preshared keys or per-user authentication using a centralized RADIUS (Remote Authentication Dial-In User Service) server.
Other network encryption mechanisms also exist to protect data from being sniffed while traversing the wire. These include VPN tunnels across the internet, encryption over the WAN and encryption on a per-application basis.
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Andrew Froehlich
While VLANs are a type of subnet, they have their own unique capabilities and characteristics that differentiate them from subnets. However, the OSI ... Continue Reading
Broadband and Wi-Fi are common technical terms often used interchangeably -- although they shouldn't be. Both provide connectivity, but they do so in... Continue Reading
Migrating to UCaaS doesn't always mean an organization can keep its PSTN or SIP carrier. But some providers are taking a 'bring you own carrier' ... Continue Reading