Network hardening practices
Earlier, you learned that OS hardening focuses
on device safety and uses patch updates,
secure configuration, and account access policies.
Now we'll focus on network hardening.
Network hardening focuses
on network-related security hardening,
like port filtering, network access privileges,
and encryption over networks.
Certain network hardening tasks are performed regularly,
while others are performed
once and then updated as needed.
Some tasks that are regularly
performed are firewall rules maintenance,
network log analysis, patch updates, and server backups.
Earlier, you learned that a log is a record of
events that occurs within an organization's systems.
Network log analysis is the process of
examining network logs to identify events of interest.
Security teams use a log analyzer tool
or a security information and event management tool,
also known as a SIEM,
to conduct network log analysis.
A SIEM tool is an application that collects and analyzes
log data to monitor
critical activities in an organization.
It gathers security data from a network and
presents that data on a single dashboard.
The dashboard interface is sometimes
called a single pane of glass.
A SIEM helps analysts to inspect, analyze,
and react to security events
across the network based on their priority.
Reports from the SIEM provide a list of
new or ongoing network vulnerabilities
and list them on a scale
of priority from high to
low, where high priority vulnerabilities
have a much shorter deadline for mitigation.
Now that we've covered tasks
that are performed regularly,
let's examine tasks that are performed once.
These tasks include port filtering on firewalls,
network access privileges, and
encryption for communication, among many things.
Let's start with port filtering.
Port filtering can be formed over the network.
Port filtering is a firewall function that blocks or
allows certain port numbers
to limit unwanted communication.
A basic principle is that
the only ports that are
needed are the ones that are allowed.
Any port that isn't being used by
the normal network operations should be disallowed.
This protects against port vulnerabilities.
Networks should be set up with
the most up-to-date wireless protocols
available and
older wireless protocols should be disabled.
Security analysts also use
network segmentation to create
isolated subnets for
different departments in an organization.
For example, they might make one for
the marketing department and
one for the finance department.
This is done so the issues in
each subnet don't spread across the whole company and
only specified users are given access to
the part of the network that they require for their role.
Network segmentation may also be used
to separate different security zones.
Any restricted zone on a network containing
highly classified or confidential data
should be separate from the rest of the network.
Lastly, all network communication should be
encrypted using the latest encryption standards.
Encryption standards are rules or methods used to
conceal outgoing data and
uncover or decrypt incoming data.
Data in restricted zones should
have much higher encryption standards,
which makes them more difficult to access.
You've learned about the most common hardening practices.
This knowledge will be useful as you complete
the certificate program and it's
essential to your career as a security analyst.