There are many confusing terms for newcomers to the world of networking. In this blog, we're going to explore some of the very common network security terms and what they mean.
Security in networking is fundamental and complex - it has to be multi-layered, not get in the way of business operations, and critically it cannot fail. In this blog, we're going to look at some of the key terms and what they mean - this is an introductory explainer blog for those new to networking!
ASSOCIATED BLOGS:
LAN & WAN Segmentation
.gif?width=211&height=211&name=ZTA%20Zero%20Trust%20Deployment%20(Instagram).gif)
In most enterprise networks the LAN (Local Area Network) is divided up into specific segments to match their purpose.
Segmentation allows you to break up your network into smaller domains - within which you can control access. Zero Trust and segmentation are hot topics in security at the minute, but in its most basic form, networks have historically been built from three basic layers.
There is of course segmentation between LAN and WAN - you have separate security domains for both.
The most common segment names are listed here from the the point where client connects, to the point where networks connect to each other:
-
Edge Layer = The point at which networking clients connect (e.g. a single floor)
-
The Wireless LAN (WLAN) is often its own segment, but can more than one as well
-
-
Distribution Layer = the point where multiple edge segments connect (e.g. connecting floors in a single building)
-
Core Layer = the central point where routing and firewalling often takes place (connecting buildings and VLANs to each other)
-
When the core and distribution layers are merged, this is called a “collapsed core”
-
-
WAN = a Wide Area Network, that connects multiple networks together
-
A public WAN is something like the internet or other network that someone else controls
-
A private WAN is usually a VPN or other, secured network that is controlled by the same
-
ASSOCIATED BLOGS:
- Increasing AP Density
- Wi-Fi Surveys (Overview to the various types of RF Surveys)
- Wi-Fi Phone Dropouts
- Wi-Fi Surveys
Firewalls & Encryption
Firewalls enable administrators to implement methods for restricting traffic. They sit in-line and inspect all traffic that passes through it. A firewall then prevents or allows that traffic to pass based on a combination of factors:
-
The traffic source and destination (a router can act as a firewall with this capability)
-
The traffic protocol’s properties (e.g. block IP ports, allow UDP)
-
The traffic content (referred to as deep packet inspection)
Firewalls don’t have to encrypt data in transit (although you can setup VPNs between firewalls), but they can set conditions on the behaviour of traffic, such as limiting bandwidth used and applying rules to what can be accessed from where.
They can be placed anywhere along the traffic path, even on the endpoint, but are usually placed at the network perimeter.
Networks can implement Encryption protocols to secure and protect data in transit. This can happen at any layer, and at more than one layer at the same time. Link-specific protocols can be used, such as:
-
WPA2-AES, for Wi-Fi encryption
-
MacSec (for LAN encryption)
-
IPSec (for VPN tunnel encryption)
Alternatively, general encryption protocols such as TLS (Transport Layer Security) can be used. These are often be added to network protocols to secure them (e.g.: HTTPS, SSL VPN, EAP-TLS).
SSL is basically just an older version of TLS. “SSL 3.0” became “TLS 1.0” and was the version was incremented from there.
ASSOCIATED BLOGS:
VPNs for Remote Access
A VPN (Virtual Private Network) is a way of securely connecting two or more endpoints across an unsecured (or open) network. This connection is usually called a VPN tunnel. There are two main ways a VPN can be established:
-
a site-to-site VPN establishes a secure tunnel between two networks, allowing clients on each side to communicate with each other. each side will generally have their own restrictions setup to prevent unauthorised communication, but clients do not need to to be explicitly configured with any authentication or software.
-
a client-server VPN establishes a secure tunnel from a single client to a VPN Server, allowing that client to communicate as if it is on the local LAN. the VPN Server is usually responsible for implementing any access restrictions. the client usually requires some form of authentication and often requires a specific piece of software called a VPN client.
The VPN tunnel is usually secured with encryption, as traffic is expected to travel over networks controlled by third parties. Examples of secure tunnel methods are:
-
IPSec tunnel
-
TLS tunnel
ASSOCIATED BLOGS:
Networking Security Basics: Summary
Networking is a great career - there are so many avenues to study and deliver great network solutions. Security is one of the fastest growing and relevant areas of networking.
The ability to segment and offer zero trust as a highly segmented solution, along with more classic techniques such as VPNs and firewalls show the depth and layers in a security implementation.
There's a lot to learn! Hopefully this explainer blog has got you started on some of the key concepts.
As ever, if you need support with your design and install, drop us a line at sales@iptel.com.au
ASSOCIATED BLOGS:
- Wi-Fi Predictive Designs
- Wi-Fi Assurance Review
- Wi-Fi 6E and 6GHz Explained
- Wi-Fi 6 vs 5G
- Wi-Fi Surveys: Overview to Wi-Fi Survey types
