click to print
Hardening
Networks

Summary

It’s not always possible to secure everything. Often many segments of a network connection will be out of your control, especially if you connect to the Internet in any manner (and who doesn’t nowadays?). Nonetheless, a number of technologies are available to secure the portions of a network that you do control. This part of the book discusses technologies available to harden your network against attacks.

Key Points

  • Network hardening and network design are very closely intertwined processes.

  • Network hardening compensates for practical network design compromises that real networks need to make.

  • No amount of network hardening can compensate for a poor network design.
  • Some hardening can be done by removing insecure systems and services, while other hardening relies on adding security-related hardware and software.

  • Network hardening technologies can do more harm than good if not properly utilized.

Connections

The tools presented in the following chapters provide security for different aspects of network communication. Firewalls and network address translation protect the entry points to a network. Virtual private networking secures data traveling between networks. Traffic shaping ensures consistent availability of high priority network resources. These tools, when used in combination, can provide great protection of network data.

  • Firewalls covers devices that can restrict information traveling in and out of a network.

  • NAT explains a technology that can convert Transmission Control Protocol/Internet Protocol (TCP/IP) addresses from one subnet to another.

  • VPNs looks at using encryption to create a secure network connection between two systems over an insecure network.

  • Traffic Shaping examines a system for controlling access to bandwidth in order to improve data security and bandwidth efficiency.