Pages

Friday, August 15, 2025

Cybersecurity Architecture: Networks


1. Firewalls: The First Line of Defense 

A firewall is a fundamental network security device that acts as a barrier, controlling incoming and outgoing traffic based on a set of rules.1 The name comes from the physical firewalls in buildings that prevent a fire from spreading.

How Firewalls Work:

  • Packet Filtering: A basic firewall inspects the "envelope" of a data packet, checking information like the source and destination IP addresses and the port number.2 It allows or denies traffic based on these simple rules.

  • Stateful Packet Inspection: A more advanced firewall that not only looks at the packet's headers but also tracks the context of the traffic, making sure a sequence of packets is part of a legitimate session.

  • Proxies: A proxy is a server that acts as an intermediary, breaking a direct connection between a user and a server into two separate sessions. This allows the firewall to inspect and filter all traffic that passes through it, even encrypted traffic.

  • Network Address Translation (NAT): This is a technology built into most home routers. It translates internal, non-routable IP addresses (e.g., 192.168.x.x) into a single, public IP address. This hides the individual devices on the internal network from the public internet, providing a basic level of security by preventing direct attacks.

2. Network Segmentation: Creating Secure Zones 

Segmentation is the practice of dividing a network into smaller, isolated zones to limit the spread of an attack.3 It's an application of the defense-in-depth principle, ensuring that if one part of the network is compromised, the rest remains secure.

Common Segmentation Architectures:

  • Tri-Homed Network: A single firewall with three network interfaces to separate the internet, a public-facing server, and the internal network. It's a low-cost option but creates a single point of failure.

  • Basic DMZ (Demilitarized Zone): Uses two firewalls to create a "buffer zone" between an untrusted network (the internet) and a more trusted network (the internal network). Traffic must pass through two layers of defense, providing more robust security.

  • Multi-Tiered DMZ: A more complex architecture with multiple firewalls to separate different components, such as a web server, an application server, and a database. This offers the highest level of security and granular control but is also the most costly and complex to manage.

3. Virtual Private Networks (VPNs): The Secure Tunnel 

A VPN creates a secure, encrypted "tunnel" over an untrusted network, such as the internet.4 This ensures that data remains confidential and can't be viewed by anyone monitoring the network.

Key Concepts:

  • How it Works: The VPN encrypts all data packets before they are sent over the network, providing confidentiality.

  • The Trade-off: While a VPN secures data, it also makes it difficult for security systems to inspect the traffic for malware or other threats, as the data is encrypted.

  • Types of VPNs: Many types of VPNs operate at different layers of the network stack. Examples include:

    • TLS/SSL: The most common type, used by web browsers to secure traffic (the "HTTPS" lock icon)

    • IPsec: Encrypts all traffic between two networks, providing a broad, network-wide security.

    • SSH: An application-specific VPN for securely connecting to a server's console.

  • Modern Trends: The industry is moving away from broad, network-based VPNs toward more application-specific VPNs for greater control and granularity.

4. SASE: The Cloud-Native Security 

SASE (Secure Access Service Edge) is a modern, cloud-based approach that combines networking and security functions into a single platform delivered from the cloud.

How SASE Works:

  • Convergence: SASE is a logical combination of network security (firewalls, secure gateways) and wide area networking (SD-WAN), all delivered as a cloud service.

  • Zero Trust: SASE is a key component of a zero trust strategy, which assumes that no user or device is trusted by default, regardless of their location.

  • Benefits:

    • Scalability & Agility: It provides a flexible, on-demand solution that can easily scale up or down.

    • Simplicity: It replaces multiple, separate physical appliances with a single, integrated cloud service, reducing cost and complexity.

    • Distributed Security: It provides consistent security policies for users and devices no matter where they are located.

Key Themes:

  • Defense in depth is crucial.

  • Segmentation improves containment and security.

  • VPNs and SASE offer secure connectivity but require careful management to avoid blind spots.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)