Chapter 2: Securing the Network

Chapter 2: Securing the Network


In this chapter, you will learn how to:

  • Secure network design example

  • Improve network security

  • Secure network devices

  • Use access control lists (ACLs) to secure the network

As you saw in the preceding chapter, the network has many threats. Developing a comprehensive security program to combat those threats requires planning in the initial stages, and a lot of tweaking and revising as time goes on. Just as the organization attempts to move the network to a more secure state, the threats are also evolving, changing and often growing stronger. Network security will never be a “set it and forget it” world.

This book looks at many technologies and methods to secure access to and operation of the computer networks. While many variations exist, some of the most important ones include the following concepts.

Physical security

Once stated, this seems so obvious, but it’s often overlooked. Network devices must be physically secured from unauthorized access or even theft. Password recovery techniques make it quite easy for anyone to access and reconfigure a device if they can have physical access to it.

Vulnerability patching

Network devices from workstations to routers have or develop vulnerabilities that can usually be mitigated by applying software patches, performing upgrades, and disabling any unnecessary services.


If making the data path absolutely secure isn’t possible, then encrypt the data. Encryption, such as IPSec, means anyone capturing the data will find useless gibberish.


Firewalls filter traffic based on predefined permit-and-deny rules. Ideally, a firewall devotes 100 percent of its resources to protecting the network.

Intrusion detection

Intrusion detection systems (IDS) detect certain patterns of data that match known “signatures” of improper activities. The IDS system can then notify network management or even implement measures to block the activity.

Authorization systems

Secure authorization systems, such as one-time passwords (OTP), limit the usefulness of a password that’s been compromised or captured through sniffing activity.

In this chapter, you learn some other simple techniques to improve network security. Some of these techniques should be familiar from other certifications, but each one provides a small piece of the strategy necessary to secure the network.

Part III: Virtual Private Networks (VPNs)