Chapter 3 - 02 - Discuss Network Security Fundamentals - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Network Defense Benefits QO O 0O Protect information assets Comply with government and industry specific regulations Ensure secure communication with clients and suppliers v B O Reduce the risk of being attacked O Gain competitive edge over competitor by providing more secure services Copyright © by All Rights Reserved. Reproductionis Strictly Prohibited Network Defense Benefits Network security is crucial for all organizations, irrespective of size. It safeguards the system, files, data, and personal information, and protects them from unauthorized access. Apart from ensuring safety against hacking attempts and virus attacks, network security also provides the following indirect advantages and benefits. * |Increased Profits Keeping computer networks secure is critical for any organization. With the deployment of comprehensive network defense, the organization can prevent threats, attacks, and vulnerabilities, which could otherwise cause significant loss. This indirectly supports the organization in the earning of profits. It also allows organizations to gain competitive edge over competitor by providing more secure services. * Improved Productivity Network security can also help in improving the productivity of the organization. For example, it prevents employees from spending time on unproductive activities over the Internet such as browsing adult content, gaming, and gossip during office hours. These activities can be restricted with safe browsing techniques, consequently improving productivity. = Enhanced Compliance Network security spares organizations from incurring penalties for lack of compliance. Real-time monitoring of data flows helps organizations enhance their compliance posture. Module 03 Page 424 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals = Exam 212-82 (Client Confidence The knowledge that an organization’s systems and data are protected and safe enhances clients’ confidence and trust in the organization. This may translate into future purchases of other service offerings from the organization. Module 03 Page 425 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Network Defense Challenges Distributed Computing Environments Q o Wwith the advancement in modern technology and to Q meet business requirements, foc Thraat merging eats Potential threats to the network evolve each day. are becoming technically and complex, potentially more sophisticated and leading to serious security vulnerabilities. Attackers exploit exposed security comp.romnse networ security O Organizations are failing to defend themselves Network security attacks networks are becoming vast vul ulnerab iliti.t es to Lack of Network Security Skills against rapidly increasing network attacks due to the lack of network better organized. security skills L';? (‘\—Y'_ aunern| o Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Network Defense Challenges Distributed Computing and to meet Environments: business requirements, With the advancement networks are in modern technology becoming vast and complex, potentially leading to serious security vulnerabilities. Attackers exploit exposed security vulnerabilities to compromise network security. Emerging Threats: Potential threats to the network evolve each day. Network security attacks are becoming technically more sophisticated and better organized. Lack of Network Security Skills: Organizations are failing to defend themselves against rapidly increasing network attacks due to the lack of network security skills. In addition to the broad categories of challenges discussed in the above, a security professional may face following challenges in maintaining the security of network: Protecting the network from attacks via the Internet. Protecting public servers such as web, e-mail, and DNS servers. Containing damage when a network or system is compromised. Preventing internal attacks against the network. Protecting highly important and sensitive information like customer databases, financial records, and trade secrets. Developing manner. guidelines for security professionals to handle the network in a secure Enabling intrusion detection and logging capabilities. Module 03 Page 426 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Types of Network Defense Approaches Preventive Approaches @.. @ Retrospective Approaches Consist of methods or techniques that are used to avoid threats or attacks on Consist of methods or techniques that examine the causes for attacks, and contain, remediate, eradicate, and recover from the target network damage caused by the attack on the target network Reactive Approaches x. Proactive Approaches Consist of methods or techniques that are used to make informed Consist of methods or techniques that are used to detect attacks on the target decisions on potential attacks in the future on the target network network Types of Network Defense Approaches There are four main classifications of security defense techniques used for identification and prevention of threats and attacks in the network. = Preventive Approach: The preventive approach essentially consists of methods techniques that can easily prevent threats or attacks in the target network. or The preventive approaches mainly used in networks are as follows: = o Access control mechanisms such as a firewall. o Admission control mechanisms such as NAC and NAP. o Cryptographic applications such as IPsec and SSL. o Biometric techniques such as speech or facial recognition. Reactive Approach: The reactive approach is complementary to the preventive approach. This approach addresses attacks and threats that the preventative approach may have failed to avert, such as DoS and DDoS attacks. It is necessary to implement both preventive and reactive approaches to ensure the security of the network. Reactive approaches include security monitoring methods such as IDS, SIMS, TRS, and IPS. = Retrospective Approach: The retrospective approach examines the causes for attacks in the network. These include: o Fault finding mechanisms such as protocol analyzers and traffic monitors. o Security forensics techniques such as CSIRT and CERT. o Post-mortem analysis mechanism including risk and legal assessments. Module 03 Page 427 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals = Exam 212-82 Proactive Approach: The proactive approach consists of methods or techniques that are used to inform decision making for countering future attacks on the target network. Threat intelligence and risk assessment are examples of methods that can be used to assess probable future threats on the organization. The methods in this approach facilitate in the implementation of preemptive security actions and measures against potential incidents. Module 03 Page 428 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.