Network Security

 Translating the organization’s security needs into safe, reliable and effective network systems needs to start with a simple premise. The purpose of all communications is to exchange information and ideas between people and organizations so that they can get work done.

Those simple goals can be re-expressed in network (and security) terms such as:

• Provide reliable, managed communications between hosts (and users)
• Isolate functions in layers
• Use packets as the basis of communication
• Standardize routing, addressing and control
• Allow layers beyond internetworking to add functionality
• Be vendor-agnostic, scalable and resilient

In the most basic form, a network model has at least two layers:

Upper Layer

The upper layer, also known as the host or application layer, is responsible for managing the integrity of a connection and controlling the session as well as establishing, maintaining and terminating communication sessions between two computers. It is also responsible for transforming data received from the Application Layer into a format that any system can understand. And finally, it allows applications to communicate and determines whether a remote communication partner is available and accessible.

Lower Layer

The lower layer is often referred to as the media or transport layer and is responsible for receiving bits from the physical connection medium and converting them into a frame. Frames are grouped into standardized sizes. Think of frames as a bucket and the bits as water. If the buckets are sized similarly and the water is contained within the buckets, the data can be transported in a controlled manner. Route data is added to the frames of data to create packets. In other words, a destination address is added to the bucket. Once we have the buckets sorted and ready to go, the host layer takes over.

Which tools help to identify, prevent or both identify and prevent threats? Select identify, prevent or both for each tool. 

1. IDS: Identify. An Intrusion Detection System helps to identify threats, but does not have the capability to prevent them.

2. HIDS: Identify. A Host Intrusion Detection System helps to identify threats to a host system, but does not prevent them.

3. NIDS: Identify. A Network Intrusion Detection System helps to identify threats based on network traffic, but does not prevent them.

4. SIEM: Identify. A Security Incident and Event Management system identifies threats by correlating and storing logs from multiple systems, but does not take action to prevent the threats from materializing.

5. Anti-malware/Antivirus: Both. Anti-malware/Antivirus helps to both identify and prevent threats by identifying malicious software and stopping the processes before they fully execute.

6. Scans: Identify. Scans help to identify threats, often by conducting a vulnerability analysis, and may suggest action to mitigate the threats, but does not prevent them.

7. Firewall: Both. Most modern firewalls both identify and prevent threats by automatically adjusting rules to block malicious traffic from entering a secured network.

8. IPS (NIPS/HIPS): Both. Intrusion Prevention Systems both identify and prevent threats.