Protect your network
Network protection is an essential part of a robust security policy. As you saw in the previous unit, there are numerous ways in which a network can be attacked. There's no single solution that protects your network; however, most these attacks can be mitigated by using a combination of hardware and software solutions.
How a firewall protects your network
A firewall is typically the frontline of defense in your network. It's a device that sits between the internet and your network, and filters all traffic going in and out. A firewall can be software or hardware based, but for the best protection, it's good to have both types. A firewall monitors incoming and outgoing traffic. Using security rules, it keeps out unfriendly traffic, while allowing authorized traffic to pass freely.
Maintaining a healthy network using antivirus
Viruses come in all shapes and sizes and none of them are good for the devices and servers that use your network. Cybercriminals use viruses for many purposes, from obtaining user credentials so they can access your network, to more harmful types that encrypt all the data on a device or server unless you pay vast sums of money. Much like your body fights off a virus when it gets infected, computers can also be protected with antivirus software. When antivirus software is installed it runs in the background, scanning all data that arrives on the device. A detected virus will automatically be deleted to prevent the user from accidentally running it.
You can now get antivirus protection for most devices, including servers, computers, tablets, smartphones, and any other internet-connected devices.
Improve authentication using network access control
While a firewall keeps unwanted devices from accessing your network, you still need to control the ones that you do want to use it. Network access control (NAC) is a security solution that manages device and user access through strict policy enforcement. Device policies control what can be done on the network and limit what the user does on a device. Through NAC, you can improve security by requiring everyone to use multifactor authentication to sign in to the network. NAC allows you to define the devices and users that can access network assets, reducing threats and stopping unsanctioned access.
Split your network into parts
Every room in your home has a different purpose, such as the kitchen, lounge, dining room, study, bedrooms, and bathrooms. You can control access to each of these rooms by attaching digital locks to all the doors. As a guest arrives, you can grant them a key that permits them to use specific rooms in your home. You can do the same kind of thing with your network using the concept of network segmentation.
Network segmentation creates boundaries around critical operations or assets, in much the same way as you'd put your finance team in their own office. It improves the integrity of your network assets by ensuring that, even if your network is breached, the attacker can't reach the segmented areas.
Secure connections using a virtual private network
A virtual private network (VPN) serves as a dedicated and secure connection, between a device and a server, across the internet. A VPN connection encrypts all your internet traffic and then disguises it so it's impossible to know the identity of the original device. This type of secure connection makes it difficult for cybercriminals to track activities and obtain your data. If you've ever connected to your work network from a public Wi-Fi hotspot, such as at an airport, you most likely used a VPN. The VPN establishes a secure connection over an insecure public network. VPN providers have become very common not just for remote work scenarios but also for personal use.
Encrypt your wireless network
Whether you're setting up a wireless access point in your home or place of work, enabling encryption is critical to protecting against attacks. Wi-Fi Protected Access 2 (WPA2) is the most commonly used Wi-Fi encryption method. It uses the Advanced Encryption Standard (AES) to secure the connection.