Network security fundamentals

Are you aware of all the assets that comprise your network?

Recognizing all the components of your network is crucial for enhancing security and resilience. A common entry point for attackers is through unnoticed systems within the network that remain unprotected or unmaintained.

Additional NCSC Resources:

Asset Management Guidance
How to implement asset management for cybersecurity.

Guidance on Network Devices
Best practices for acquiring, managing, and disposing of network devices.

Perimeter Threats
A discussion on how attackers exploit reachable network products.

What threats should you be protected against?

Your network security controls should be tailored to the specific threats you require protection from. Without conducting ‘threat modeling’, resources may be wasted on addressing irrelevant threats, leaving your network exposed to unrecognized vulnerabilities.

Further NCSC Reading

Threat Modeling Guidance
Insights into using threat modeling to guide risk management.

How do you manage access to your network?

Access to your network and its assets must be strictly controlled. Adhering to the ‘principle of least privilege’ allows users and systems to only access necessary resources for their roles.

Additional NCSC Resources

Minimizing Application Privileges
Guidelines for secure device usage and configuration.

Enterprise Authentication Policies
Implementing effective authentication across devices.

System Administration Architectures
Overview of best practices for system administration.

Securing Administrative Accounts

Highly privileged accounts are prime targets for attackers, enabling extensive access and alterations to security settings. It’s critical to secure these accounts proportionately to the risk they pose if compromised.

Further NCSC Resources

Secure System Administration
Principles for protecting sensitive data.

Avoiding Security Architecture Pitfalls
A guide to best practices in system design.

Authentication Strategies

Effective use of passwords and PINs is essential for user verification and securing network access, ideally in conjunction with multi-factor authentication (MFA).

Further NCSC Reading

Implementing MFA for Corporate Services
Guidance on strong MFA methods for organizations.

Choosing Authentication Methods
Recommendations for moving beyond passwords.

Password Management for System Owners
Password strategies for enhanced security.

Control Lists

Allow and deny lists facilitate control over resource access. Use allow lists to maintain the principle of ‘least privilege,’ while deny lists are limited by known entities and may leave gaps for attackers.

Utilizing Certificates

Certificates provide a robust authentication method. They are preferred for securing network access and VPN implementations but can be complex to maintain.

Further NCSC Reading

Protecting Data with TLS
Profiles for secure TLS configuration.

Choosing and Configuring VPNs
Comprehensive guidance on VPN technology.

Is security integrated into your network design?

Choosing and implementing an appropriate network architecture can:

• Make it harder for attackers to compromise or disrupt your network
• Limit the impact of any breaches that do occur
• Facilitate the detection of malicious activities

If security and resilience are overlooked during design, it may lead to greater complexities and costs later.

Further NCSC Resources

10 Steps to Cyber Security: Architecture and Configuration
A guide for secure design, build, and management.

Network Architecture Guidelines
Advice for designing remote access architecture.

Secure Design Principles
Guidelines for creating cybersecurity-aware systems.

Segmenting Your Network

Network segmentation involves dividing your network into smaller sections to manage traffic flow and access controls effectively. It’s vital for protecting management interfaces.

Further Reading

Preventing Lateral Movement
NCSC guidance on security against lateral threats.

Implementing Network Segmentation
Guidance from the Australian Cyber Security Centre.

Implementing Zero Trust Architecture

A zero trust architecture eliminates inherent trust in the network, treating every access request as potentially hostile and requiring verification.

Further Reading

NCSC Zero Trust Design Principles
Best practices for zero trust implementation.

NIST Zero Trust Architecture (PDF)
Advanced guidance from the U.S. National Institute of Standards and Technology.

How do you secure data traveling across networks?

Networks primarily function to enable data transfer which may include sensitive information. Implementing controls for ensuring the confidentiality, integrity, and availability of data in transit is critical.

Using VPNs

How do you secure outside connections to your network?

VPNs establish secure connections over untrusted networks. It’s crucial to maintain the software and devices throughout their lifecycle to minimize vulnerability exposure.

Further Reading

NCSC’s VPN Guidance
Choosing, deploying, and managing VPN technologies securely.

Assessing VPN Necessity in Zero Trust Environments
A blog examining the security of an ‘Always On VPN’.

Protocol Selection

Are your network protocols suitable?

Network protocols should be selected based on their ability to prevent compromises and minimize disruption. Opting for secure protocols can aid in both threat detection and mitigation.

Further NCSC Reading

Using TLS for Data Protection
Recommendations for secure TLS configurations.

Protocol Design Principles
A guide for protocol designers.

How do you manage network entry and exit controls?

Identifying network boundaries can be complex; however, fortifying these perimeters remains essential. Utilizing firewalls is a common method for enhancing perimeter security.

Further NCSC Resources

Examining Perimeter Products
A blog analyzing evolving attack tactics for network infiltration.

Firewall Configurations

Firewalls, whether hardware or software, are pivotal in preventing unauthorized network access. Their functionality relies on allow and deny rules.

• Allow rules: Permit access based on designated attributes.
• Deny rules: Block access matching known malicious attributes.

Employing a final ‘deny all’ rule after defining essential access rules reinforces the principle of least privilege.

DNS Security

DNS security is critical for all networks. Implement protective measures, such as limiting query changes and utilizing DNSSEC, to ensure robust DNS protection.

Further NCSC Reading

Protective Domain Name Service (PDNS)
An overview of NCSC’s PDNS service designed to counteract malware.

PDNS Guidelines for the Private Sector
Recommendations for implementing Protective DNS.

PDNS for Educational Institutions
Extension of the PDNS for broader organizational protection.

Managing Domain Names
Best practices for managing public domains.

How do you ensure your systems remain secure and updated?

Regular updates are vital for the security of your systems. Implement a policy for automatic updates wherever possible, while being mindful of exceptions for critical systems.

Further NCSC Reading

Guidance on Vulnerability Management
Principles for establishing an effective vulnerability management process.

How can you identify potential network compromises?

Implementing a security monitoring system enables organizations to detect unusual activities on their networks, facilitating prompt action against threats.

• Clearly understand what to monitor
• Ensure log availability for analysis
• Derive meaningful insights from data analysis
• Detect signs of misuse effectively

Further NCSC Reading

Logging and Protective Monitoring
Using logs to enhance threat identification.

Designing a Security Operations Centre
Guidance for establishing a SOC and its monitoring capabilities.

Deciding on a Security Operations Centre’s Necessity
Insights on SOC requirements in secure environments.