Network Security
Today’s IT environments include components connected to form a network, or multiple networks. A network is a collection of computers and devices joined by connection media. Network components work together to support an organization’s business functions. This makes information available for various uses and many users. As networks grow and become more functional, they can become complex to manage. One way to help organize network components and keep your network simple is to categorize components by function. One way to organize components is to use an IT Infrastructure approach to group components into functional areas, or domains. FIGURE 9-1 shows an IT infrastructure with seven domains. These are the domains you’ll commonly encounter as you study IT environments.
FIGURE 9-1
The seven domains of a typical IT infrastructure.
© Jones & Bartlett Learning.
In a general network perspective, users generally use their workstations to access other resources that are connected to an organization’s local area network (LAN), a metropolitan area network (MAN), or even a wide area network (WAN). TABLE 9-1 lists each of the basic three network types and their characteristics.
TABLE 9-1 Network Types |
||
|---|---|---|
| NETWORK TYPE | SIZE | DESCRIPTION |
| Local area network (LAN) | A LAN covers a small physical area, such as an office or building. | LANs are common in homes and businesses and make it easy to share resources such as printers and network storage. |
| Metropolitan area network (MAN) | A MAN connects two or more LANs but does not span an area larger than a city or town. | MANs are useful to connect multiple buildings or groups of buildings spread around an area larger than a few city blocks. |
| Wide area network (WAN) | WANs connect multiple LANs and WANs and span very large areas, including multiple country coverage. | WANs provide network connections among computers, devices, and other networks that need to communicate across great distances. For example, the Internet is a WAN. |
© Jones & Bartlett Learning. | ||
Organizations rely on networked resources more than ever in today’s environments. Networks make it possible to share expensive resources. Examples of shared resources are color printers, network storage subsystems, and applications. Networks increase efficiency in critical business functions by supporting faster information transfer and resource sharing. These benefits often result in direct cost reductions and productivity increases. Organizations rely on network resources to maintain cost-efficient operations. Protecting the network-based resources and services directly affects cost and efficiency. Implementing the controls necessary to support your security policy and protect your networks makes your organization more secure and effective.
Network Security Controls
Network security controls often focus on limiting access to remote resources. A local resource is any resource attached to a local computer—the same computer to which the user has logged on. A remote resource is any resource attached to another computer on a network that is different from the computer to which the user is logged on. The user’s computer and the remote computer must be connected to a network to provide access to the remote resource. Many of the security controls you’ll find to protect network resources are similar to controls found protecting local resources. You’ll learn more about how each type of control works in a Microsoft Windows network environment in this chapter. The main types of network security controls include:
Access controls for protected resources, such as printers and shared folders
Communication controls to limit the spread of malicious software and traffic
Anti-malware software on all computers in the network to detect and eradicate malware
Recovery plans, including backups, for all computers and devices in the network
Procedures to control network device configuration changes
Monitoring tools and other detective controls to help detect and stop suspicious network activity
Software patch management for all computers and devices in the network