Improve company productivity with a Business Account.Sign Up


Network Security

Posted on 2014-02-04
Medium Priority
Last Modified: 2014-02-22
what you mean by network security ? how we can define this with the technology implementation with the company setup
Question by:cur
LVL 17

Assisted Solution

by:Chris Millard
Chris Millard earned 256 total points
ID: 39834907
For me, network security encompasses many things including:-

Policies and procedures (what rules and regulations a company sets out for EVERYTHING)
Computer password policies (Password length, complexity, expiry rules etc)
Computer security (User accounts and groups, what computers, folders, files can groups or users access and how you restrict access based on policies, NTFS and share permissions)
Remote access (Firewalls, Remote working procedures - who can have RDP or VPN access)
Anti-Virus software (Desktop vs Enterprise - can the products be centrally managed etc)
Web and Email filtering (either using internal software, hardware devices or external services)
Physical Access (Who can get PHYSICAL access to servers, backup tapes etc.... Are you servers in a secure location, locked away - perhaps with combination door entry systems as well as key locks)
Backup tapes / drives - where are these kept? We use a data safe but also have an offsite policy for weekly tapes - you need to look at where these off sites are stored etc....
BYOD (Bring Your Own Devices) - again this goes back to Virus etc, AND email - do you allow people to use their own smartphones to access company email. What happens if those devices are lost or stolen?
Portable drives and USB sticks - what stops employees losing (or even worse stealing) company data?
Staff training / social networking - Staff are the biggest loophole in computer security. Have procedures in place to stop them unwittingly giving people their logon details etc....

There's probably tons more, but those are some of the things that I have to deal with...

Assisted Solution

markc56 earned 256 total points
ID: 39835440
When starting with Network Security I always look at the definition and structure listed in the CISSP. Telecommunications and Network Security is one of the ten domains listed. Here is a link for the ten domains of the CISSP exam and another link briefly describing the Telecommunications & Network Security domain. This will list the main areas for Network Security and you can then expand into more depth from there as needed.

CISSP Domains:

Assisted Solution

by:Sasha Kranjac
Sasha Kranjac earned 508 total points
ID: 39835774
Network security and its implementation has to have a holistic approach, that is, each Network Security component or layer is viewed as a standalone part and an integral part of whole at the same time.
Defense In Depth, a security model or a strategy that was developed by National Security Agency can assist you in planning your network security.
Going from outward or a base layer towards inner layers, it has following components:
1. Policies, procedures, awareness
2. Physical
3. Perimeter
4. Internal network
5. Host
6. Application
7. Data
This is just one of many Defense In Depth layered representations but basically all of them have the same concept or structure.

This is a huge topic but to get a better picture, as a starting point I would recommend few resources worth reading that have very good examples, graphics and links to other, in-depth security topics:

- Cisco Defense-In-Depth nice graphic
 - Windows Server 2008 in an Organization's Defense in Depth Strategy - although it refers to Windows Server 2008, it gives a very good overview of the security model with a table at the end that can be used in your security planning (and modified as needed)
 - Microsoft Best Practices (in security)
 - Microsoft Security IT Showcase
 - Security Content (Executive) Overview
 - Security Guidance Topics
 - Best Practices For Enterprise Security

These are mostly Microsoft related resources but the security concept is universal and can be applied to other systems as well.

Author Comment

ID: 39845598
citrix  and firewall products will used to implements above security components  . coz I have widows ISA and citrix as well as some level of projection on the router level as well
if some one ask the question as :what is your network security implementation ?

how can I answer to that question ?

Accepted Solution

Sasha Kranjac earned 508 total points
ID: 39846744
The most comprehensive answer, and probably most complete, should address security implementations across seven layers of Defense in Depth or related to layered security approach.
For example:
" We have (1) written policies and procedures that address data security and privacy by defining BYOD policies, ____ , _____ and etc.

Our (2) servers are isolated and in locked in rooms that are secured by smartcards and two keylocks. PCs and the offices are guarded by 24/7 guards.

Corporate network is (3) secured by state-of-the-art ISA firewall and we monitor and filter both inbound and outbound traffic. Certain URLs are not permitted and external employees are given accounts with restricted permissions.

(4) Network access policies and access protection is enforced too. Internal firewall, proxy and NAT protect internal network even further. Network separation and isolation is done by routers and switches (VLAN)

(5) All devices and computers are protected by XYZ Enterprise Class Antivirus, definitions are refreshed daily and full scan is done on Saturday afternoons. Updates to Operating systems are performed monthly, on every third Friday. Active Directory is implemented and controls access to computers, based on location, department, employee position and current performing tasks.

(6) All applications are tested and have latest patches and updates. Application update policy complies with OS update policy. Application usage permission is based on department and is enforced through Group Policy.

(7) We secure our data and access to sensitive information through Active Directory, using Dynamic Access Control, carefully planned permissions, password complexity and password expiration policies.

I think our network is well secured although we never sleep and constantly review and improve our network security policy."

This is only an example but you get the picture. Put Citrix and any other device or policy in the context and this should be your network security policy.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question