WK4 Network hardening practices Flashcards
Network hardening
Network hardening focuses on network-related security hardening, like port filtering, network access privileges, and encryption over networks.
Certain network hardening tasks are performed regularly, while others are performed once and then updated as needed.
Regularly performed Network Hardening
Some tasks that are regularly performed are firewall rules maintenance, network log analysis, patch updates, and server backups.
Network log analysis (Regularly peformed)
Network log analysis is the process of examining network logs to identify events of interest
Security teams use a log analyzer tool or a security information and event management tool, also known as a SIEM, to conduct network log analysis. This data is shown on a dashboard
The dashboard interface is sometimes called a single pane of glass. A SIEM helps analysts to inspect, analyze, and react to security events across the network based on their priority.
Reports from the SIEM provide a list of new or ongoing network vulnerabilities and list them on a scale of priority from high to low, where high priority vulnerabilities have a much shorter deadline for mitigation.
One off Network Hardening tasks
These tasks include port filtering on firewalls, network access privileges, and encryption for communication, among many things.
One off Network Hardening tasks
Port Filtering
Port filtering can be formed over the network. Port filtering is a firewall function that blocks or allows certain port numbers to limit unwanted communication. A basic principle is that the only ports that are needed are the ones that are allowed. Any port that isn’t being used by the normal network operations should be disallowed. This protects against port vulnerabilities. Networks should be set up with the most up-to-date wireless protocols available and older wireless protocols should be disabled
One off Network Hardening tasks
Network Segmentation
Security analysts also use network segmentation to create isolated subnets for different departments in an organization. For example, they might make one for the marketing department and one for the finance department. This is done so the issues in each subnet don’t spread across the whole company and only specified users are given access to the part of the network that they require for their role. Network segmentation may also be used to separate different security zones. Any restricted zone on a network containing highly classified or confidential data should be separate from the rest of the network
One off Network Hardening tasks
Encryption standards
All network communication should be encrypted using the latest encryption standards. Encryption standards are rules or methods used to conceal outgoing data and uncover or decrypt incoming data. Data in restricted zones should have much higher encryption standards, which makes them more difficult to access.
