RUCKUS Networks是构成康普世界领先级网络解决方案的一部分,欢迎您的咨询,了解更多信息。了解更多信息。
The words “network security” summon many different feelings and mental images, most of them negative, swirling around disasters like breaches, lost data, and unwanted corporate headlines. But it doesn’t have to be like that!
Sure, there are many complicated things that make up security that are well beyond any simple blog post, topics that require some deeper understanding, but that isn’t where we are going here. For every in-depth, complicated security configuration, there is at least one, if not more, simple thing that can be done that also benefits the security of our networks.
While each vendor has their own viewpoint on how to make your networks secure, many of the basics involved in network security are vendor agnostic, just as network security isn’t the exclusive domain of a single vendor. Sure, security appliances and tools will be different, but the one thing in common is that every vendor builds upon the standards published by the IEEE. It’s with this in mind that we can start a conversation about general network security.
In an effort to not boil the ocean in a single document, this topic is going to be broken down over a series of blogs that will roughly cover the following, high-level subjects.
- Wired network security
- Wireless network security
- Network management security
As we all know, the easiest way to keep a network secure is to remove all access to it (just ask any security professional). Of course, that approach negates the whole purpose of having a network (which is to be able to access and USE it), so we need to strike a balance between 100% locked down and 100% totally open.
While cliché, the best way to describe effective network security is “defense in depth” or, more simply put, to implement layers of security to protect at multiple levels. Many times, you will hear hackers state that had just one thing blocked their path in breaching a network, they probably would have backed off. While not a sure-fire way to ensure your network will never be compromised, buttoning up the fundamentals at each level can make sure that it isn’t easy for the attackers, even if they happen to be successful penetrating one area.
Wired Network Security
Once we begin our discussion on wired network security, we’ll present some basics that can be done when configuring your wired network for the first time, as well as some things that can be done as part of daily operations. After all, as much as wireless network engineers like to think we are pretty hot stuff, wireless doesn’t work without good wired infrastructure to support our radios.
These steps will be broken down into three parts. First, we will review methods to physically protect our network utilizing hands-on techniques. Then, we’ll follow up by some logical configurations that aren’t even “security” based but have the effect of increasing protection within your network; the goal there is to utilize the native IEEE 802.3 standards to our advantage to help protect our networks. Finally, we will hit on some more advanced security steps to round out the “depth” for our wired security things like using Role-Based Access Control (RBAC; it’s used in wired networks as well as wireless networks) and Zero-Trust Network Access (which crosses ALL kinds of network-related stuff).
Wireless Network Security
From a wireless perspective, it’s important to understand the advantages (and disadvantages) of the different wireless encryption types that we will talk about. While the technical details of how the different encryptions work in a wireless network can get complicated, we just want to focus on what to use and when to use them, not how.
The wireless security blog (coming soon) will cover some basics like the different WPA2/3 types, RBAC and Zero-Trust, again, and also touch on some RUCKUS-specific tools that are available to assist with securing your wireless network using RUCKUS Dynamic PSK™ ( Pre-shared Key) technology. In addition, we’ll touch on another part of wireless security that is often ambiguous, WIDS and WIPS. I hear about it all the time, and management loves to throw ”WIDS and WIPS” around, but when it comes to putting this into practice, many times it turns into the never-ending project that is left wandering in the wilderness, never to be heard from again.
But wireless projects don’t have to get stuck in the wilds. I will show you how to navigate them to implement solid wireless security
Network Management Security
Finally, we are going to talk about different methods to secure the management of our networks. It’s one thing to have really great security configurations and practices in place for accessing our networks, but if an attacker can gain access to the management side of the network and change the configurations to meet their needs, then it is all for naught. To increase the safety of our network management, we’ll also talk about some other strategies like the concepts of “least privileged” (RBAC and Zero-Trust once again!) and good password management.
While there are so many other things that go into security and securing our networks, the goal here isn’t to climb the highest mountain peak in our first outing. We want to discuss practical, recommended security basics and make sure we are covered before we start to attack the more difficult and complex topics that make up the rest of the security world. This isn’t to say the complex topics aren’t important—they definitely are—and the concern you should be addressing is the one facing you today. But when that is taken care of, we need to make sure that we are covering the basics in security to make sure we are keeping our “workspace” clean and safe.
Managing and maintaining a secure network involves a combination of tackling current threats and implementing fundamentals that make sure that while we are addressing pressing security issues, we are also securing all the doors and windows in our network.
Stay tuned for my upcoming thoughts on network fundamentals for wired, wireless, and network management security!