Network security fundamentals

Are you aware of the assets that comprise your network?

Recognizing all the assets within your network is essential for enhancing security and resilience. A frequent method through which attackers breach a network is by exploiting systems that the organization fails to identify and, as a result, do not secure or properly decommission.

Additional Resources from NCSC:

Asset Management Guidance
Implement asset management strategies for improved cyber security.

Acquiring, Managing, and Disposing of Network Devices
Guidelines for organizations regarding the acquisition, management, and disposal of networking devices.

Products on Your Perimeter Considered Harmful
A blog detailing how attackers intrude into networks through publicly accessible products.

What specific threats must you defend against?

Your network controls should align closely with the particular threats you need to mitigate. Without conducting ‘threat modeling’, you risk misallocating resources to irrelevant threats while exposing your network to unexpected vulnerabilities.

Further Reading from NCSC

Threat Modeling Guidance
This guidance outlines how threat modeling can inform risk management strategies.

How can you ensure that access to your network is limited to authorized personnel and systems?

Access to your network and its components should be tightly controlled. Adhering to the principle of ‘least privilege’ means that users and systems should have access only to the resources requisite for their roles.

Additional Resources from NCSC

Minimize the Privilege and Reach of Applications
Guidance on securely choosing, configuring, and utilizing devices.

Enterprise Authentication Policy Guidance
Implementing effective authentication measures for mobile and desktop devices.

Systems Administration Architectures
Guidance on common approaches to system administration architectures.

Systems Administration

Highly privileged accounts used for system administration are prime targets for attackers, as these accounts can alter security settings, install software, delete users, and access all files. Therefore, they require proportional security measures due to the significant risk they pose if compromised.

Further NCSC Reading

Secure System Administration Guidance
Design principles aimed at protecting your critical data.

Security Architecture Anti-Patterns
Design patterns to be avoided when developing computer systems.

Passwords and PINs

Passwords and PINs serve as the means for users to verify their identity when accessing a network. Utilizing these methods alongside additional authentication factors is essential for enhancing security through multi-factor authentication (MFA).

Further Resources from NCSC

Implementing Multi-Factor Authentication
Guidance for organizations on adopting robust MFA methods.

Choosing the Right Authentication Methods
Recommended authentication strategies for organizations moving towards better security practices.

Password Management for System Owners
Effective password strategies to enhance organizational security.

Access Control Lists

Utilizing allow lists and deny lists can significantly help regulate access to network resources. Allow lists authorize specified access only, while deny lists restrict specified access. To maintain the principle of ‘least privilege’, it is recommended to primarily employ allow lists.

Security Certificates

Certificates offer a more fortified authentication method compared to traditional mechanisms like passwords, though they can be complex to implement and sustain. Common uses include securing network access and setting up Transport Layer Security (TLS) and Virtual Private Networks (VPNs).

Further NCSC Resources

Using TLS for Data Protection
Recommendations for robust TLS configurations.

Virtual Private Networks
Guidelines for selecting, deploying, and configuring VPN technologies.

Have you integrated security and resilience into your network design from the outset?

Identifying and applying the most suitable network architecture can:

• Make it considerably more challenging for attackers to compromise or disrupt your network.
• Mitigate the effects of a security breach should one occur.
• Facilitate the detection of potentially malicious activities.

Failing to incorporate security and resilience during the design phase can result in increased difficulties and expenses in the future.

Further Resources from NCSC

10 Steps to Cyber Security: Architecture and Configuration
Strategies for secure design, construction, maintenance, and management of systems.

Device Security Guidance: Network Architectures
Recommendations for lightweight remote access architectures.

Secure Design Principles
Advice on developing cyber-secure systems.

Network Segmentation

Network segmentation involves dividing your network into smaller sections, allowing for controlled traffic flow and access permissions across these segments. Security for management interfaces should also be part of this consideration.

Further Reading

Preventing Lateral Movement
NCSC’s guidance on thwarting lateral movement in enterprise networks.

Implementing Network Segmentation and Segregation
A guidance publication from the Australian Cyber Security Centre.

Zero Trust Architecture

A zero trust architecture assumes that inherent trust within the network does not exist. Every access request must be verified according to an access policy, which factors in context through robust authentication, authorization, device health, and the value of the data accessed.

Further Reading

NCSC’s Zero Trust Architecture Design Principles
Guidance on implementing a zero trust network architecture in enterprise settings.

NIST Zero Trust Architecture (PDF)
Advanced recommendations from the US National Institute of Standards and Technology.

What measures do you have in place to protect data traversing networks?

A fundamental function of networking is the ability to transmit data. This often involves transferring sensitive information across devices with uncertain security levels. Consequently, implementing controls for the confidentiality, integrity, and availability of data in transit is paramount.

Virtual Private Networks (VPNs)

How do you secure access from outside your controlled network?

VPNs facilitate secure connectivity over untrusted networks. Ensuring that the software and apparatus supporting VPNs remains updated throughout the lifecycle is crucial to avoiding vulnerabilities that could be exploited by attackers.

Further Resources

Device Security Guidance: Virtual Private Networks
NCSC’s recommendations for selecting, deploying, and configuring VPN technologies.

Zero Trust Migration: Can I Disable My VPN?
An exploration of the security aspects of an ‘Always On VPN’.

Protocols

Are the protocols you’ve chosen suitable?

The protocols utilized by your network should complicate potential compromises and facilitate detection if disruptions occur. Selecting protocols with built-in security features is preferable over using those lacking such measures. For example, securing websites should prioritize using HTTPS over HTTP.

Further NCSC Reading

Using Transport Layer Security for Data Protection
Best practices for securely configuring TLS.

Protocol Design Principles
A guide for protocol design processes from the NCSC.

How do you manage what’s allowed to enter and exit your network?

Identifying network boundaries can be complex, especially in the context of zero trust architecture. Nevertheless, safeguarding recognized network boundaries is essential. Perimeter security should be enforced at the boundaries between different security zones or subnets. Firewalls often serve as the primary mechanism for controlling what crosses these perimeters.

Further Resources from NCSC

Products on Your Perimeter Considered Harmful
An analysis of evolving tactics used by attackers to infiltrate networks.

Firewalls: Allow and Deny Rules

Firewalls, whether hardware or software, play a key role in preventing unauthorized access. There are various types of firewalls, ranging from basic packet-filtering systems to next-generation firewalls, which provide extensive filtering functionality. They function using allow and deny rules as part of their security protocol.

• Allow Rules: These determine which traffic is permitted into a network based on specific criteria (like IP addresses or application types).
• Deny Rules: These block access based on a predefined list of patterns, such as known malicious IP addresses.

The combination of these rules is typically processed in a top-to-bottom manner, ensuring that the first applicable rule (either allowing or denying traffic) is executed. Establishing a final ‘deny all’ rule is best practice to uphold the principle of least privilege.

Domain Name System (DNS)

Most networks utilize DNS significantly, making its security vital. Whether you manage your own DNS servers or depend on external ones, it’s important to mitigate risks associated with DNS. Implementing protections might include:

• Controlling who has the authority to modify DNS records and servers.
• Restricting the number of DNS queries allowed.
• Securing DNS queries through DNS Security Extensions (DNSSEC).
• Setting up deny lists of known malicious domains informed by a reliable threat intelligence source.

Further Resources from NCSC

Protective Domain Name Service (PDNS)
Details on the NCSC’s PDNS service designed to hinder malware dissemination via DNS attacks.

Protective DNS for Private Sector
Guidance on how to select and implement Protective Domain Name Systems (DNS).

PDNS for Schools
Extending the NCSC’s PDNS for educational institutions to a broader range of organizations.

Managing Public Domain Names
Best practices for overseeing public domain names owned by your organization.

What steps do you take to maintain system security and stay current?

Regularly installing updates is crucial for securing your network. Establishing a policy where updates are applied promptly and preferably automatically should be integral to your update management strategy, though some exceptions may apply (like for safety-critical systems). Systems lacking regular updates may harbor vulnerabilities that are well-known, making them easy targets for attackers to exploit.

Further Reading from NCSC

Vulnerability Management Guidance
Principles to help set up an effective vulnerability management process.

How do you know if your network has been compromised?

Having an effective security monitoring system enables your organization to identify any activities on your network that do not comply with established policies or expected behaviors. This proactive approach ensures swift detection and remediation of threats before they cause significant damage. When establishing or reviewing your security monitoring protocols, consider:

• Recognizing the specific threats you are monitoring for.
• Ensuring that the necessary logs are available for assessment.
• Making sure your analysis yields actionable insights.
• Identifying indicators of misuse effectively.

Further NCSC Reading

Logging and Protective Monitoring Guidance
Using logging and monitoring to recognize potential threats and secure devices.

Building a Security Operations Centre
A guide designed to assist organizations in forming a Security Operations Centre and enhancing monitoring capabilities.

To SOC or Not to SOC?
An exploration into whether a full-fledged SOC is necessary for ‘secure by design’ environments.