Denys Rudyi - Fotolia
The network has always played a key role in IT security. Most business-critical traffic traverses at least some portion of a corporate network, making it an ideal location to centralize threat prevention services. Let's look at a few of the top network security techniques used to protect enterprises and their data.
Identity and access control is the ability to identify users and devices and provide the appropriate level of resource accessibility when connecting to the corporate network. Network security techniques in this space include 802.1x authentication, router/switch access control lists and firewall rules.
Intrusion prevention systems (IPSes) are commonly placed in line with firewalls at the network edge, primarily between the internal company network and the internet. An IPS uses known malicious signatures that are then cross-referenced against packets coming into or going out of the network. When malicious packets are identified, they are blocked from entry.
Mobile device security became popular around the time the BYOD movement began. The IT department doesn't own or control the security of noncorporate mobile devices, such as smartphones and tablets, so additional security measures had to be implemented to lower overall risk. Mobile device security platforms perform preliminary checks on mobile devices to make sure they meet a minimum level of security prior to being granted access onto the network. If the devices fail one or more checks, they can be placed into a quarantine network where the user can perform the necessary upgrades or patches needed to gain access to company resources.
Wireless security helps to ensure that devices are protected from malicious actors attempting to connect to -- or read data from -- the wireless LAN. This includes network security techniques, such as Wi-Fi Protected Access and associated authentication mechanisms. Common Wi-Fi authentication techniques include preshared keys or per-user authentication using a centralized RADIUS (Remote Authentication Dial-In User Service) server.
Other network encryption mechanisms also exist to protect data from being sniffed while traversing the wire. These include VPN tunnels across the internet, encryption over the WAN and encryption on a per-application basis.
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Andrew Froehlich
An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that ... Continue Reading
The network edge is where an enterprise network connects to third-party network services. Edge computing is a distributed architecture that processes... Continue Reading
PAP uses a two-way handshake to authenticate client sessions, while CHAP uses a three-way handshake. Both authentication processes are common, but ... Continue Reading