NETWORK SECURITY

Network Security achieved with the following implementations:

• FIREWALL
• WAF – Web Application Firewall
• Proxy
• EDR – Endpoint Detection and response
• AD – Active Directory Domain Service
• AV – AntiVirus
• NAC- Network Access Control
• PIMS etc.
FIREWALL
 A Firewall is a network security device /sw, that monitors and filters incoming
and outgoing network traffic and decides whether to allow or block specific
traffic based on a defined set of security rules of an organization's security
policies.
 Firewalls have been a first line of defense in network security. They establish
a barrier between secured and controlled internal networks that can be
trusted and untrusted outside networks, such as the Internet.
 A firewall can be hardware, software, software-as-a service (SaaS), public
cloud, or private cloud (virtual).
FIREWALL CONT..
There are many types of firewalls, often categorized as follows:
 Network firewall.
 Host-based firewall.
 Hardware firewall.
 Software firewall.
 Internal firewall.
 Distributed firewall.
 Perimeter firewall.
 Next-generation firewall (NGFW) – We use this type of
Firewalls.
FIREWALL CONT..
 Network firewalls prevent unauthorized access by creating
and separating a secure zone from a less secure zone.
They use configuration and access control policies to
control communications between the two zones.
 Network firewalls usually operate at OSI Layer 3 and 4 and
focus on network protocols such Domain Name System
(DNS), File Transfer Protocol (FTP), Simple Mail Transfer
Protocol (SMTP), Secure Shell (SSH) and Telnet.
WAF – Web Application Firewall
 A WAF or web application firewall helps protect web applications by filtering
and monitoring HTTP traffic between a web application and the Internet. It
typically protects web applications from attacks such as cross-site
forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among
others.
 A WAF is a protocol layer 7 defence (in the OSI model) and is not designed to
defend against all types of attacks. This method of attack mitigation is
against a range of attack vectors.
 By deploying a WAF in front of a web application, a shield is placed between
the web application and the Internet. While a proxy server protects a client
machine’s identity by using an intermediary, a WAF is a type of reverse-proxy,
protecting the server from exposure by having clients pass through the WAF
before reaching the server.
Types of WAF

 A network-based WAF is generally hardware-based. Since they are

installed locally, they minimize latency, but network-based WAFs are
the most expensive option and also require the storage and
maintenance of physical equipment.
 A host-based WAF may be fully integrated into an application’s
software. This solution is less expensive than a network-based WAF
and offers more customizability.
 Cloud-based WAFs offer an affordable option that is very easy to
implement, they usually offer a turnkey installation that is as simple
as a change in DNS to redirect traffic. Cloud-based WAFs also have a
minimal upfront cost, as users pay monthly or annually for security as
a service. Cloud-based WAFs can also offer a solution that
is consistently updated to protect against the newest threats with
minimal costs.
WAF vs Firewall
Layer 7 vs Layer 3 & 4 Protection:
Layer 7 protection and Layer 3 and 4 protections are both critical
components of network security protection mechanisms. Layer 7
protection refers to an application-level protection mechanism
that focuses on observing the application's traffic, recognizing
patterns, and rejecting malicious traffic that doesn't conform to
the traffic's typical application.
In contrast, Layer 3 and 4 protections refer to network-level
protection that is based on standard TCP/IP and UDP protocol
suites, focusing on controlling the flow of traffic based on the
source and destination IP addresses and ports. The key difference
between the two methods is that Layer 7 protection focuses on
rejecting anything that is not explicitly allowed by application
protocols. Layers 3 and 4, on the other hand, focus on restricting
traffic that does not match pre-defined rules based on IP
addresses, ports or protocols.
PROXY
What is Proxy:
A proxy server is a system or router that provides a gateway
between users and the internet. Therefore, it helps prevent cyber
attackers from entering a private network. It is a server, referred
to as an “intermediary” because it goes between end-users and
the web pages they visit online.
Types of Proxies Based on Traffic Flow:

Depending on whether they are set up on the client's side as

outgoing or the server's side as incoming, there are two categories
of proxies forward and reverse.
PROXY cont..
 Proxies provide a valuable layer of security for your computer. They
can be set up as web filters or firewalls, protecting your computer
from internet threats like malware.
 This extra security is also valuable when coupled with a secure web
gateway or can filter traffic according to its level of safety or how
much traffic your network or individual computers can handle.
 Use proxies for personal purposes, such as hiding their location while
watching movies online, for example. For a company, however, they
can be used to accomplish several key tasks such as:
1. Improve security.
2. Secure employees’ internet activity.
3. Control the websites to employees to access in the office.
4. Save bandwidth by caching files or compressing incoming traffic .
EDR ,
 Endpoint Detection and Response (EDR), also referred to as endpoint detection and threat response
(EDTR), is an endpoint security solution that continuously monitors end-user devices to detect and
respond to cyber threats like ransomware and malware.
 Our Bank used EDR solution from CrowdStrike

Key EDR functions

 Automatically uncovers stealthy attackers- EDR technology pairs comprehensive visibility across all
endpoints with IOAs and applies behavioral analytics that analyze billions of events in real time to
automatically detect traces of suspicious behavior.
 Integrates with threat intelligence - provides faster detection of the activities and tactics,
techniques and procedures (TTPs) identified as malicious. This delivers contextualized information
that includes attribution where relevant, providing details on the adversary and any other
information known about the attack.
 Managed threat hunting for proactive defense - Using EDR, the threat hunters work proactively to
hunt, investigate and advise on threat activity in your environment. When they find a threat, they
work alongside your team to triage, investigate and remediate the incident, before it has the
chance to become a full-blown breach.
 Provides real-time and historical visibility - EDR acts like a DVR on the endpoint, recording relevant
activity to catch incidents that evaded prevention.
NAC – Network Access Control
Compliance requirements for Network
 NAC – Network Access control : Which ensures the compliance requirements to get connected to
the SBI Network to any client/user of the Bank.
 ClearPass OnGuard performs advanced endpoint posture assessments to ensure security and
compliance requirements are met, prior to devices connecting to the corporate network, in our
Bank.
 ClearPass OnGuard controls compromised devices by detecting and blocking access to unsecure
or unhealthy devices. The client is denied access to network resources across wired, wireless,
and remote networks when it is determined to be unsecure, which is accomplished by running
an extensive posture assessment.
 With ClearPass OnGuard, your IT team can define the “level of health” a device must have to
gain network access. This solution automatically conducts critical endpoint health checks and
posture assessments to ensure that all devices are compliant with your requirements (and
industry best practices)
 ClearPass leverages a user's role, device, location, application use, and time of day to execute
custom security policies, accelerate device deployments, and streamline network operations
across wired networks, wireless networks, and VPNs.
 Aruba is the Service provider for ClearpassOnguard – for our Network
Compliance requirements for Network
Access
 ADDS – Active Directory Domain Services : Architecture used in the
Bank ( going to explain)
 AV – Trend Micro solution provides antivirus for our Bank.
 PIMS etc