Network Access Control (NAC) is a concept of controlling access to an environment through Apply a series of restrictions and rules. The goals of Network Access Control are as follows:
- Prevent zero-day attacks
- Enforce security policy throughout the network
- Use identities to provide access control
There are a variety of devices that provide this type of protection, including the following:
A firewall controls traffic flow between a trusted network (such as a home/corporate LAN) and an untrusted or public network (such as the Internet). A firewall can comprise hardware, software, or a combination of both hardware and software. There are three basic classifications of firewalls:
- Packet-filtering: One of the most basic types of firewalls. A packet-filtering firewall typically operates at the Network Layer or Transport Layer of the OSI model. This firewall permits or denies traffic based solely on the TCP, UDP, ICMP, and IP headers of the individual packets. It examines the traffic direction (inbound or outbound), the source and destination IP addresses, and the source and destination TCP or UDP port numbers. This information is compared with predefined rules that have been configured in an access control list (ACL) to determine whether each packet should be permitted or denied. This firewall allows outbound ICMP echo requests and inbound ICMP echo replies.
- Circuit-level gateway: A circuit-level gateway controls access by maintaining state information about established connections. This type of firewall operates at the Session Layer of the OSI model. When a permitted connection is established between two hosts, a tunnel is created for the session, allowing packets to flow freely between the two hosts.
- Application-level gateway: This type of firewall is considered the most secure and is commonly implemented as a proxy server. In a proxy server, no direct communication between two hosts is permitted. But data packets are intercepted by the proxy server and if permitted by the firewall rules, sends a copy of the original packet to the destination host. This firewall operates at the Application Layer of the OSI model.
These firewalls have a state table that allows the firewall to compare current packets to previous ones. Stateful firewalls are slower than packet filters but are far more secure.
These Firewalls that act as intermediary servers for both packet filter and stateful firewalls. Proxy firewall pass traffic through or denies it.
IDS and IPS
Intrusion detection is defined as real-time monitoring and analysis of network activity and data for potential vulnerabilities and attacks in progress.
IDSs are classified in many different ways, including:
- Active or Passive
- Network-based or Host-based
- Knowledge-based or Behavior-based
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are sometimes referred to as intrusion detection and prevention systems (IDPS).
An IDS is a software or hardware appliance Monitors traffic moving on networks for suspicious activity and known threats, sending up notifications when it finds such items.
Also, An IPS works to detect and prevent identified threats by scanning all network traffic. There are a number of different threats that an IPS is designed to prevent, including:
- Various types of exploits
- DoS and DDoS attacks
Security is only as strong as its weakest link. Weakest link usually is the endpoint (such as desktop and laptop computers, smartphones, tablets medical devices, barcode scanners, smart TVs and so on). Endpoints are particularly vulnerable to attack for Many reasons, including:
Number and variety: The sheer number and variety of endpoints on the network creates numerous opportunities for an attacker to exploit vulnerabilities in different operating systems and applications.
End users: Endpoints are operated by end users with varying computer skill levels and awareness of security and privacy issues. End users usually do not have security knowledge and are good victims for network attackers.
Privilege: In many organizations, end-user accounts have the role of “local administrator.” This means highest level of privilege on the system. Attackers love this level of privilege.
Prioritization: Endpoints are often treated as “lower value” assets on the network. For this reason, security efforts are typically focused on the data center and higher value assets, such as servers and databases.
So the things that are mentioned must be accepted Endpoint security can be the most difficult to manage and maintain. In fact, endpoint security is the most important part of securing a network.
The most common methods of protecting endpoints are as follows:
- Authentication operations
- Multifactor authentication
- Volume encryption
- VPN tunnels
- Network encryption
- Install anti-virus and anti-malware software
Beyond the traditional endpoint protection methods, there are others too that provide additional security:
- Application whitelisting: Only applications on the whitelist can run on the endpoint. This list must be specified by the network security manager.
- Restricting the use of removable media: This can minimize malicious files coming into the network from the outside.
- Automated patch management: Patch management is the most critical task for maintaining endpoints. Also, staying up to date on the latest versions can bring enhanced security.
Content-Distribution Networks (CDN)
CDN uses a series of distributed caching servers, to improve performance of downloaded online content. In these networks, users download content from the fastest and closest servers on the Internet. Microsoft Azure is Example of CDN.
CDNs are distributed networks of servers that cache web content (like static web pages, streaming music and video, and on-demand videos) and then serve that content to Internet users over the most optimal network path available.