Denys Rudyi - Fotolia
The network has always played a key role in IT security. Most business-critical traffic traverses at least some portion of a corporate network, making it an ideal location to centralize threat prevention services. Let's look at a few of the top network security techniques used to protect enterprises and their data.
Identity and access control is the ability to identify users and devices and provide the appropriate level of resource accessibility when connecting to the corporate network. Network security techniques in this space include 802.1x authentication, router/switch access control lists and firewall rules.
Intrusion prevention systems (IPSes) are commonly placed in line with firewalls at the network edge, primarily between the internal company network and the internet. An IPS uses known malicious signatures that are then cross-referenced against packets coming into or going out of the network. When malicious packets are identified, they are blocked from entry.
Mobile device security became popular around the time the BYOD movement began. The IT department doesn't own or control the security of noncorporate mobile devices, such as smartphones and tablets, so additional security measures had to be implemented to lower overall risk. Mobile device security platforms perform preliminary checks on mobile devices to make sure they meet a minimum level of security prior to being granted access onto the network. If the devices fail one or more checks, they can be placed into a quarantine network where the user can perform the necessary upgrades or patches needed to gain access to company resources.
Wireless security helps to ensure that devices are protected from malicious actors attempting to connect to -- or read data from -- the wireless LAN. This includes network security techniques, such as Wi-Fi Protected Access and associated authentication mechanisms. Common Wi-Fi authentication techniques include preshared keys or per-user authentication using a centralized RADIUS (Remote Authentication Dial-In User Service) server.
Other network encryption mechanisms also exist to protect data from being sniffed while traversing the wire. These include VPN tunnels across the internet, encryption over the WAN and encryption on a per-application basis.
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Andrew Froehlich
In your organization's search for the best network automation platform for business operations, compare the pros and cons of proprietary and open ... Continue Reading
New, sophisticated technology is available to help infosec pros find IT infrastructure vulnerabilities. Automated pen testing and outsourcing threat ... Continue Reading
Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.