Cybersecurity Series, V3, Network Security

Good morning, my fellow LinkedIn community and beyond.

Today's Cybersecurity Series publication of The Canton Cyber, Privacy, and AI Reports is about Network Security.

I don't have a technical background. No computer science degree or anything similar.

When I started my journey into data privacy (that's where it all started for me), then AI (working at an AI company), and cyber (working on cyber incident response), and of course, all the other work I do among the above-mentioned, I realized I NEEDED to have a basic understanding of certain network security processes and terminology (among other subjects).

It became VERY evident for me learning the terminology was a must a few years ago when I was attending my FIRST technical meeting related to a cyber incident. I was one of over twenty people (and only one of two women in the meeting) in a meeting where tech acronyms and terms about network security were being thrown around the way data privacy acronyms are thrown around. You know, the usual CCPA, CPRA, CPPA, GDPR, COPPA, CDPA, DPA, FERPA, LGPD . . . and on and on and on. You get my point.

My saving grace was that I type at a descent rate. Although I didn't understand what a lot of the acronyms, after the meeting I took time to find what the acronyms meant. I even put together a descent summary of the meeting for my team. Phew.

Why do I share this personal experience in this Report?

Because you don't need to have a technical background to learn technical terminology or learn about technical processes you have not been exposed to or have no experience with (yet).

The below report is not going to give you ALL the terminology you need. But, it will give you a good starting point and understanding.

Now, I must get back to work. I hope you enjoy this Canton Report as much as I enjoyed putting it together for you.

*****************************************************************************8

What is network security? Network security focuses on protecting an organization’s infrastructure that connects computers, devices, and data. It involves different strategies, such as firewalls, encryption, and intrusion detection systems. The goal of network security is to prevent unauthorized access to networks.?Below is a list of terms to help you get started with learning about network security. If you are curious to learn more about any of these terms I recommend you take a few minutes to find information online and learn more.

1. Firewalls

Firewalls act as the first line of defense for networks by monitoring and controlling incoming and outgoing traffic. They enforce security policies and block unauthorized access to protect internal networks from external threats.

2. Intrusion Detection and Prevention Systems (IDPS)

Intrusion Detection Systems (IDS) monitor network traffic for suspicious activities and alert administrators of potential threats, while Intrusion Prevention Systems (IPS) actively block detected threats in real time, preventing breaches. An example of a suspicious activity scenario: a US based company with all US employees in one specific city had an IDS. The IDS detects high network traffic in the middle of the night when all employees are traditionally not active.?

3. Virtual Private Networks (VPNs)

VPNs provide secure, encrypted connections over the internet, protecting data from interception by malicious actors. They are commonly used to secure remote work connections and protect privacy when using public Wi-Fi. If you are a remote worker for a company, you are probably familiar with VPNs and may be required to execute a MFA process to launch the VPN and/or get access to the organization’s platform.?

4. Network Segmentation

Network segmentation divides a network into smaller sub-networks, limiting the spread of attacks by isolating critical systems and sensitive data. This approach helps contain breaches and minimize potential damage. Think compartmentalizing. For example, you would not keep your shoes mixed in with your clothes? (Sorry for this example as I haven’t had enough coffee yet). Another example: you would not keep your financial information in the same folder you keep your HR information? (I hope this example is better.) The point is segmentation helps in case there is an intrusion or impact on one sub-network to prevent the spread of such intrusions to other sub-networks.?

5. Zero Trust Architecture

The Zero Trust model assumes that no one, inside or outside the network, should be trusted by default. It requires continuous verification of user identities, devices, and network access, reducing the risk of insider and external threats. This does not mean there is no trust in the organization. It means that, to keep trusted end-users, a zero trust structure and access process is set up so that if individuals have access, it is known they have authorized access. These types of architecture make it more challenging (but not impossible - sorry) for threat actors to gain access.?

6. Encryption

Encrypting data in transit and at rest ensures that sensitive information remains protected from eavesdropping or unauthorized access. Even if data is intercepted, encryption prevents attackers from reading it without the decryption key. Tip: don’t keep the decryption key (information that allows access to the encrypted data - think password) in the same place or file as you keep the encrypted data.?

7. Secure Configuration of Network Devices

Ensuring that routers, switches, and other network devices are securely configured is crucial. Default settings, such as weak passwords or open ports, must be changed to reduce the risk of compromise. Think of a time when you’ve attempted to set up a password and you get a message that states the password is too weak, not long enough, or does not comply with other security requirements. Yes, it can be annoying at times (I hear from friends about this) but it is done to protect you, your data, and the systems you are accessing.?

8. Network Access Control (NAC)

NAC enforces security policies on devices attempting to connect to the network, ensuring that only compliant and secure devices are allowed access. It helps prevent unauthorized or compromised devices from connecting.

9. Regular Network Audits and Penetration Testing

Regular audits and penetration testing help identify vulnerabilities and weaknesses in the network before attackers can exploit them. This proactive approach ensures that security measures are continuously improved and updated.

10. Security Information and Event Management (SIEM)

SIEM systems collect and analyze security data from across the network, providing real-time insights into potential security incidents. They help identify patterns of attack, facilitate incident response, and ensure compliance with security policies.

A lot of these Report will have technical subjects that even I need to look up to make sure I’m explaining them well. That is one reason why I try to incorporate everyday examples. If you need additional understanding and information about a subject, take a few minutes to look it up.