Denys Rudyi - Fotolia
The network has always played a key role in IT security. Most business-critical traffic traverses at least some portion of a corporate network, making it an ideal location to centralize threat prevention services. Let's look at a few of the top network security techniques used to protect enterprises and their data.
Identity and access control is the ability to identify users and devices and provide the appropriate level of resource accessibility when connecting to the corporate network. Network security techniques in this space include 802.1x authentication, router/switch access control lists and firewall rules.
Intrusion prevention systems (IPSes) are commonly placed in line with firewalls at the network edge, primarily between the internal company network and the internet. An IPS uses known malicious signatures that are then cross-referenced against packets coming into or going out of the network. When malicious packets are identified, they are blocked from entry.
Mobile device security became popular around the time the BYOD movement began. The IT department doesn't own or control the security of noncorporate mobile devices, such as smartphones and tablets, so additional security measures had to be implemented to lower overall risk. Mobile device security platforms perform preliminary checks on mobile devices to make sure they meet a minimum level of security prior to being granted access onto the network. If the devices fail one or more checks, they can be placed into a quarantine network where the user can perform the necessary upgrades or patches needed to gain access to company resources.
Wireless security helps to ensure that devices are protected from malicious actors attempting to connect to -- or read data from -- the wireless LAN. This includes network security techniques, such as Wi-Fi Protected Access and associated authentication mechanisms. Common Wi-Fi authentication techniques include preshared keys or per-user authentication using a centralized RADIUS (Remote Authentication Dial-In User Service) server.
Other network encryption mechanisms also exist to protect data from being sniffed while traversing the wire. These include VPN tunnels across the internet, encryption over the WAN and encryption on a per-application basis.
Dig Deeper on Network security
Related Q&A from Andrew Froehlich
SASE and NaaS are network models with different goals. SASE combines SD-WAN with cloud-based security, while NaaS lets businesses outsource network ... Continue Reading
Prevention is the only line of defense against an extortionware attack. Learn how extortionware works and why it can be more damaging than ransomware. Continue Reading
SMS is being supplanted by RCS to let carriers compete against WhatsApp and Messenger and open new avenues to business messaging. Learn the ... Continue Reading