Network hardening practices

Earlier, you learned that OS hardening focuses  on device safety and uses patch updates,  secure configuration, and account access policies.  
 Now we'll focus on network hardening. 
 Network hardening focuses  on network-related security hardening,  like port filtering, network access privileges,  and encryption over networks. 
 Certain network hardening tasks are performed regularly,  while others are performed  once and then updated as needed. 
 
 
 
 
 
 
 
 
 
 Some tasks that are regularly  performed are firewall rules maintenance,  network log analysis, patch updates, and server backups. 
 Earlier, you learned that a log is a record of  events that occurs within an organization's systems. 
 Network log analysis is the process of  examining network logs to identify events of interest. 
 Security teams use a log analyzer tool  or a security information and event management tool,  also known as a SIEM,  to conduct network log analysis. 
 A SIEM tool is an application that collects and analyzes  log data to monitor  critical activities in an organization. 
 It gathers security data from a network and  presents that data on a single dashboard.  
 The dashboard interface is sometimes called a single pane of glass. 
 A SIEM helps analysts to inspect, analyze,  and react to security events  across the network based on their priority. 
 Reports from the SIEM provide a list of  new or ongoing network vulnerabilities  and list them on a scale  of priority from high to  low, where high priority vulnerabilities  have a much shorter deadline for mitigation. 
 
 
 
 
 
 
 
 
 
 Now that we've covered tasks  that are performed regularly,  let's examine tasks that are performed once. 
 These tasks include port filtering on firewalls,  network access privileges, and  encryption for communication, among many things. 
 Let's start with port filtering. 
 Port filtering can be formed over the network. 
 Port filtering is a firewall function that blocks or  allows certain port numbers  to limit unwanted communication. 
 A basic principle is that  the only ports that are  needed are the ones that are allowed.  
 Any port that isn't being used by the normal network operations should be disallowed. 
 This protects against port vulnerabilities. 
 Networks should be set up with  the most up-to-date wireless protocols  available and  older wireless protocols should be disabled. 
 Security analysts also use  network segmentation to create  isolated subnets for  different departments in an organization. 
 For example, they might make one for  the marketing department and  one for the finance department. 
 This is done so the issues in  each subnet don't spread across the whole company and  only specified users are given access to  the part of the network that they require for their role. 
 Network segmentation may also be used  to separate different security zones. 
 Any restricted zone on a network containing  highly classified or confidential data  should be separate from the rest of the network.  
 Lastly, all network communication should be  
 encrypted using the latest encryption standards. 
 Encryption standards are rules or methods used to  conceal outgoing data and  uncover or decrypt incoming data. 
 Data in restricted zones should  have much higher encryption standards,  which makes them more difficult to access.  
 
 
 
 
 
 You've learned about the most common hardening practices. 
 This knowledge will be useful as you complete  the certificate program and it's  essential to your career as a security analyst.