Best Practices in Network Security

Nicholas Antunez

American Public University

ISSC 421

Dr. Cooper

April 24, 2022

detect and prevent the malicious misuse of a computer network. With that in mind, it is important

for a company or organization as well as a personal environment, to keep up with proper network

security standards. The goal for network security is to abide by the CIA triad. These are the

pillars that make up the fundamentals and components to network security. This helps with the

tasks of mitigating risks, building trust, protecting proprietary information etc. Network security

should be implemented across any type of network whether it is for personal use or for work;

there should be policies and procedures set in stone to reduce the attack surface as well as

include software to do the heavy lifting for the IT professional such as IDS and IPS that can

detect and prevent any malicious traffic from entering a network.

Since the advent of the Internet and the digital change that has occurred in recent years,

the concept of cybersecurity became a common topic in both our work and personal life. Over

the last 50 years of technological advancement, cybersecurity and cyberterrorism have remained

constant (Chadd 2020). Until the invention of the Internet in the late 1970s and early 1980s,

cybersecurity was primarily relegated to academia, where, with growing interconnectivity,

malware attacks and data breaches began to take off. The 2000s saw the industrialization of

cyber risks and cybersecurity, following the rise of malware in the 1990s. According to

Gregersen, “The first firewalls were developed in the 1980s at the American technology

companies Cisco Systems and Digital Equipment Corporation. These “network layer” firewalls

judged packets based on simple information such as their apparent source, destination, and

connection type.” These methods were rather easy to defeat, while being quick and transparent.

A new generation of application layer firewalls appeared in the early 1990s, which were more
difficult to set up and maintain but performed a more complete inspection. Most firewalls in the

early 21st century were blends of these two categories.

Security audits are critical when it comes to being apart of any IT team in a respected

company or organization. Audits is the first step to identifying any potential vulnerabilities as

well as anything that poses as a threat to the network. A network security audit normally entails a

thorough examination of the entire network infrastructure and all systems that are accessible via

the internet. It also entails an examination of the security mechanisms in place to safeguard the

network infrastructure, including network devices. If security is a major concern, a security audit

can be integrated into a system or performed independently (Malik 2022). The importance of

security audits in network security cannot be overstated. Organizations can stay on top of the

latest vulnerabilities and threats by conducting network security audits on a regular basis.

It is crucial that the IT professional has a clear understanding of the entire OSI Reference

Model. The OSI Reference Model stands for Open System Interconnections Reference Model

and it consists of seven layers that each have specific network functions. The layers starting from

the first layer is Physical, Data Link, Network, Transport, Session, Presentation, and Application.

The first two layers, physical and data link, tackles issues with data transport. Hardware and

software are used to implement the data link and physical layers. The physical layer is the OSI

model's lowest layer, and it's the one nearest to the physical media. The Physical Layer is

primarily in charge of putting data on the physical medium. The rest of the layers from the

network layer all the way to the application layer deals with issues relating to application

software. It is imperative that the IT professional knows how each layer functions because there

are attacks that happen at each layer and can cause severe damage to a network infrastructure.
 The physical layer transmits bits from one node to another. The Data Link Layer is in

charge of packet routing and forwarding and ensuring that data frames are transferred without

errors. It specifies the data format on the network. The Network Layer maintains device

addressing and keeps track of where devices are on the network. Based on network conditions,

service priority, and other considerations, it calculates the optimum path to move data from

source to destination. The Transport Layer uses the protocols TCP and UDP and transmits

messages in the order they are sent in and ensures that data is not replicated. UDP, on the other

hand, is considered unreliable due to there being no acknowledgement when a packet is received,

and the send does not wait for the acknowledgement. The sessions layer establishes and

maintains a connection between communicating devices (JavaTpoint). The presentation layer,

also known as the “syntax layer”, serves as a networks data translator. This layer is a component

of the operating system that transforms data between different presentation formats. The

Application Layer deals with concerns like network transparency, resource allocation, and so on.

Although an application layer is not an application, it performs the functions of the application

layer. This layer offers end-users with network services.

The OSI Reference Model is not safe from any attacks whatsoever. There are many

attacks to consider on each layer on the OSI Model for example, the Transport Layer, even

though it is a 'host' layer, it is vulnerable to the same dangers as the other layers. Sniffing,

specifically relating to ports and protocols, can be found here as well. The transport layer can be

targeted by DDoS attacks. SYN floods and Smurf attacks are two forms of attacks that are

widespread at the OSI transport layer. An SYN flood occurs when an attacker uses a faked IP

address to make many connections to a server without waiting for the connection to complete.
Malware is used in Smurf attacks to overburden network resources. The attacker sends out

echoes of the ICMP, causing an unending cycle of requests (Platsis 2021).

Network Devices are the use of physical devices that allow hardware on a computer to

communicate with one another. There are many network devices, but the most common ones are

hubs, switches, routers, bridges, and gateways. It would behoove any IT professional to study

these devices and have an understanding on how each of these devices operate. Various

computer networking devices can be connected using hubs. A hub also serves as a repeater,

amplifying signals that have deteriorated due to vast distances traveled through connected cables.

Because it links LAN components using the same protocols, a hub is the simplest of the network

connecting devices. Hubs do not filter or address packets; instead, they just broadcast packets of

data to all devices connected. Hubs are part of the Open Systems Interconnection (OSI) model's

Physical layer. Simple and multiple port hubs are the two types of hubs.

In Melnick’s words, “Switches generally have a more intelligent role than hubs” and that

is important to note because switches keep limited routing information about internal network

nodes and facilitates connections to systems such as hubs and routers. Switches are commonly

used to link LAN strands. In most cases, switches can read the hardware addresses of incoming

packets and forward them to the correct destination. It essentially increases the efficiency of a

network infrastructure.

Everyone owns a router. Without it, packet transmission would cause a huge traffic jam.

Routers are smart and can store information about the networks to which they are linked. Most

routers may be set up to act as packet-filtering firewalls with access control lists (ACLs). Routers

are also used to convert LAN framing to WAN framing, in conjunction with a channel service

unit/data service unit (CSU/DSU). Because LANs and WANs use distinct network protocols, this
is required. Border routers are the name given to such routers. They connect a LAN to a WAN

from the outside, and they function at the network's perimeter.

A bridge is a device that connects two or more hosts or network segments and only

operate on the Physical and Data Link Layer on the OSI Model. Bridges' primary function in

network infrastructure is to store and forward frames between the many segments that they

connect. They transport frames using hardware MAC addresses. Bridges can advance or prevent

data crossing by looking at the MAC addresses of the devices that are connected to each

segment. Bridges may also be used to link two physical LANs together to create a bigger logical

LAN.

Gateways frequently function at the Transport and Session layers of the OSI model. At

the Transport layer and higher, there are different protocols and standards from various

manufacturers; gateways are employed to cope with them. Gateways translate the Open Systems

Interconnection (OSI) and TCP/IP networking protocols. As a result, gateways connect two or

more separate networks, each of which has its own routing algorithms, protocols, topology,

domain name service, and network administration procedures and policies (Melnick 2022).

For an IT professional and team, there are defensive mechanisms that can severely reduce

the attack surface on a typical network infrastructure. These mechanisms need to be understood

and configured properly in order for it to function at peak level. All computers come with

firewalls preinstalled already but what exactly is a firewall? A firewall is a device that sits

between an organization's internal network and the rest of the internet. Its purpose is to forward

some packets while filtering others. A firewall, for example, can be used to filter all incoming

packets destined for a single host or server, such as HTTP, or to block access to a specific host or
service within the company. Firewalls essentially filters and monitors the flow of traffic between

networks (Yadav 2020).

IDS, also known as Intrusion Detection System, is the process of looking for and

detecting attempts at unauthorized system access or exploitation. In order to detect data breaches,

such as intrusions and misuse, an IDS collects and analyzes data from multiple portions of a

computer or network. An IDS is another tool in the shed for a network administrator. It examines

all network traffic, both inbound and outbound. The IDS detects any suspicious patterns that

could signal a system attack and serves as a security check mark on all transactions that enter and

exit the system. There are four main types of IDS’ and they are NIDS (Network Intrusion

Detection System), HIDS (Host-Based Intrusion Detection System), PIDS (Perimeter Intrusion

Detection System), VMIDS (Virtual Machine-Based Intrusion Detection System). These four

types of IDS’ depend on the needs and demands of the respected company. An IPS, which stands

for Intrusion Prevention System, should not be confused with IDS. Although, IDS does detect

potential threats, IPS both detects and prevents threats from entering a network. The difference

between the both is that IDS does not have the ability to negate any type of attack whereas an

IPS has the ability to detect and prevent any malicious traffic from entering a network.

Some other network defenses that are commonly known are web filters and proxy

servers. Web filters simply prevent a user’s browser from entering certain websites. There are

different kinds of web filters that depend on the type of environment whether it being at home or

work. At home, web filters can be applied by adding parental controls, but some other web filters

are created for use of an organization or enterprise. Client software requests resources from other

servers, and proxy servers operate as mediators. When a user connects to the proxy server and

requests a service such as a website, the proxy server reviews the request and decides whether to
allow or deny it. Proxy servers are usually used in businesses for traffic filtering and to optimize

performance on the network (Petters 2018).

Network security includes policies and standards that keep a computer network's ability

to monitor, detect, and prohibit malicious activity under check. It is critical for a business or

organization, as well as an individual, to maintain proper network security standards. The CIA

triad should be followed when it comes to network security. The fundamentals and components

of network security are made up of these pillars. This aids in risk mitigation, trust development,

and the protection of proprietary information, among other things. There are many tools at a IT

professionals disposal that can help with staying a step ahead of any suspicious traffic that may

enter a network. Tools such as IDS, IPS, proxy servers etc. do the tedious work that would

distract the IT team from important tasks and projects. It is important for the team to stay

engaged with such priorities rather than sorting through hundreds of audits and alerts. In the

Digital Era, network security serves as a fundamental piece of cybersecurity and makes up a

great deal of security threats and threat detection and prevention.

21, M., 7, M., 4, M., & 28, F. (2021, May 27). Network design: Firewall, ids/IPS. Infosec

Resources. Retrieved April 24, 2022, from

[Link]

Chadd, K. (n.d.). The history of Cybersecurity. Avast. Retrieved April 24, 2022, from

[Link]

Lutkevich, B. (2021, October 7). What is an intrusion detection system (IDS)? SearchSecurity.

Retrieved April 24, 2022, from

[Link]

Malik, K. (2022, February 4). What is Network Security Audit and why is it important? Astra

Security Blog. Retrieved April 24, 2022, from [Link]

audit/network-security-audit/

Melnick, J., & Jeff Melnick Jeff is a former Director of Global Solutions Engineering at Netwrix.

He is a long-time Netwrix blogger. (n.d.). Network devices explained. Netwrix Blog.

Retrieved April 24, 2022, from [Link]

explained/

OSI model: Layers, characteristics, functions - javatpoint. [Link]. (n.d.). Retrieved

April 24, 2022, from [Link]

Petters, J. (n.d.). What is a proxy server and how does it work? Varonis. Retrieved April 24,

2022, from [Link]

Platsis works with the private. (2021, June 14). The OSI model and you part 4: Stopping

threats at the OSI transport layer. Security Intelligence. Retrieved April 24, 2022, from

[Link]

Team, L. C. (2019, December 31). The basics and benefits of Network Security. Lucidchart Blog.

Retrieved April 24, 2022, from [Link]

and-benefits

Yadav, A. (2021, May 27). Network design: Firewall, ids/IPS. Infosec Resources. Retrieved

April 24, 2022, from [Link]

idsips/