Denys Rudyi - Fotolia
The network has always played a key role in IT security. Most business-critical traffic traverses at least some portion of a corporate network, making it an ideal location to centralize threat prevention services. Let's look at a few of the top network security techniques used to protect enterprises and their data.
Identity and access control is the ability to identify users and devices and provide the appropriate level of resource accessibility when connecting to the corporate network. Network security techniques in this space include 802.1x authentication, router/switch access control lists and firewall rules.
Intrusion prevention systems (IPSes) are commonly placed in line with firewalls at the network edge, primarily between the internal company network and the internet. An IPS uses known malicious signatures that are then cross-referenced against packets coming into or going out of the network. When malicious packets are identified, they are blocked from entry.
Mobile device security became popular around the time the BYOD movement began. The IT department doesn't own or control the security of noncorporate mobile devices, such as smartphones and tablets, so additional security measures had to be implemented to lower overall risk. Mobile device security platforms perform preliminary checks on mobile devices to make sure they meet a minimum level of security prior to being granted access onto the network. If the devices fail one or more checks, they can be placed into a quarantine network where the user can perform the necessary upgrades or patches needed to gain access to company resources.
Wireless security helps to ensure that devices are protected from malicious actors attempting to connect to -- or read data from -- the wireless LAN. This includes network security techniques, such as Wi-Fi Protected Access and associated authentication mechanisms. Common Wi-Fi authentication techniques include preshared keys or per-user authentication using a centralized RADIUS (Remote Authentication Dial-In User Service) server.
Other network encryption mechanisms also exist to protect data from being sniffed while traversing the wire. These include VPN tunnels across the internet, encryption over the WAN and encryption on a per-application basis.
Dig Deeper on Network security
Related Q&A from Andrew Froehlich
Some of the different types of network switches include managed, modular, unmanaged and stackable. Find out how different network switches dovetail ... Continue Reading
An important piece of remote and hybrid work is keeping UC environments secure. Learn how a zero-trust policy keeps user and app communications ... Continue Reading
The difference between network redundancy and resiliency is redundancy duplicates network devices while resiliency is the self-recovery of system ... Continue Reading