Network Security Concepts
Network Security is essentially the intersection between computer networking and cybersecurity. This field is one of the eight main CISSP domains and is something that I want to pursue. Some of the network security concepts include the CIA Triad, Defense in Depth, Firewalls, Encryption, Decryption, Network Segmentation, VPNs, and IDS/IPS devices.
CIA Triad
The CIA Triad is Confidentiality, Integrity, and Availability. This along with Authentication, Authorization and Non-repudiation are the main components of the CIA Triad. Confidentiality uses encryption to keep data protected. Integrity makes sure that the data is unaltered and accurate when data is in use. Availability is making data available for the people that are authorized to use the data.
Defense in Depth
Defense in Depth is the concept that everything should be protected and used as another layer of security so that an unauthorized user doesn’t have access to other systems which are protected by other security measures. These can be physical, administrative or technical controls that are used to prevent access to essential data or systems.
Network Security Devices
Firewalls, Intrusion Detection Systems, and Intrusion Prevention Systems are network security devices that can help protect a network. Firewalls are essentially perimeter security devices that can inspect, filter or control data in any direction from getting into or out of a network.
Intrusion Detection Systems are a network security device that is not inline and detects then alerts attempts to breach the network. Intrusion Prevention Systems are inline and can detect, alert, and prevent attacks from happening using automated responses. Firewalls, IDSs, and IPSs are able to be used together and will allow for a more secure network perimeter.
Other Concepts
VPNs can allow for encryption and decryption of data from different sites or remotely into an HQ and with Network Segmentation can be combined to form some of the Defense in Depth controls. Network Segmentation is mainly used for VLAN security in a LAN environment and there are also VXLANs that can separate client networks in a cloud environment.
Conclusion
These Network Security Concepts are sometimes used to justify network security measures. With Defense in Depth controls, there are some additional protections that network security has which is at the core of enterprise security measures. Network Segmentation is something that can happen in a Data Center with VXLANs providing virtual segmentation over an underlay network which are the physical switches and routers.
Network Security is the main field that I am wanting to go into, and I already have the Cisco CCST Cybersecurity and the SC-900 from Microsoft. These two complement each other nicely and I will be pursuing the ISC2 Certified in Cybersecurity as those three certifications will replace the need for me to get a CompTIA Security+ certification.