1. Protecting your corporate network resources against internal and external threats
Today, the concept of local network for organizations has expanded in terms of being able to access any person in the organization from anywhere, regardless of internal network/external network distinction. But in parallel with this development, security professionals have to implement more complicated security policies in order to deal with threats against their networks. The foremost threat is to protect important network resources from possible attacks from the Internet or the local network.
Access control over the network is the main way to protect existing network resources. With scalable comprehensive access control rules, network security administrators can set flexible network access rights for network connections by specifying the source system, destination system, network traffic type and implementation time.
Maintaining network security, of course, is not just about providing access control to specific resources. Furthermore, a complete network security solution should provide:
Kod:
[COLOR="PaleGreen"]· Identification of network users
· Encrypting data during transmission
· Using registered IPs in an optimized way
· Applying security policy to the content of all network traffic
· Identifying and preventing attacks in real time
· Keeping records of all audit information[/COLOR]Also, the security policy should be applicable to all existing and future applications used in the organization and should not cause connection problems and network performance degradation.
2. Providing network connectivity for mobile and remote users
Many companies have become aware of network applications developed on the Internet that offer very economical solutions for remote users' connections compared to traditional remote access solutions that require large modem connections and expensive dial-up phone connections. As the number of companies that want to connect their remote and mobile users to their corporate networks via Internet-based private virtual networks (VPNs), securing these critical connections has become more important.
In order to make sure the security of your information while it is transmitted over public networks such as the Internet, two key elements must be implemented in place. First, the strongest possible diagnostics should be provided at both the remote client and corporate Internet gateway level. Second, after all user IDs are determined, all data traffic must be transmitted encrypted for privacy.
Both diagnostic and encryption applications must work seamlessly and compliantly within the network security solution framework. Network security criteria such as access control also play a very important role in virtual private network communications. Just because a remote user connects to their corporate office via VPN, it does not mean gaining access to all network resources here.
As the need for remote network connections increases for a company, network security managers need manageable and easy-to-use VPN solutions. And the solution to be chosen should be easy to install, flexible enough to support a large number of remote users that can be added in the future, and seamless and transparent for the end user.
3. Reducing corporate data communication costs by using the Internet
Since VPN connections established between clients and networks to provide secure network access are expensive solutions, companies save money by choosing inter-network or inter-regional VPN connections via the Internet to provide remote office connections. In addition, it is possible to provide commercial communications without compromising information security by using strong identification and data encryption features over public lines. In this way, there is no need to make large investments in frame-relays and leased lines.
One thing that should not be missed is that when strong diagnostic and encryption technologies are chosen as a remote access solution, this choice may bring new security management challenges. In order to a**** or minimize such possible difficulties, security solutions that can manage all VPN ports through a central console should be preferred.
In addition to the low cost of VPN applications on the Internet, moving network communications from dedicated lines to the Internet can cause unexpected performance degradation and access problems. Therefore, integrated bandwidth management and high availability should be supported for priority links within a virtual private network.
4. Providing network access to business partners through a secured extranet
After connecting your own network resources (remote and mobile users, branch offices) securely, it is time to open your corporate network to your valuable business partners and customers through extranet applications. Required extranet connections can be provided securely by adhering to industry standard protocols and algorithms. However, proprietary technologies should be preferred for such connections.
The accepted standard for Internet-based VPN applications is called IPSec (Internet Protocol Security). IPSec refers to the format of an encrypted and identified IP packet and is required for the next generation of IP communication. It is often used with IKE (Internet Key Exchange) with IPSec to automate the management of encrypted keys.
When a standard-based connection is established, special rights should only be granted for the relevant network resources according to the needs of external users (business partners, private customers). As the rate of outreach of corporate network resources increases, the comprehensive security policy to be implemented about this should be revised periodically.
5. Having your corporate network's sufficient performance, reliability and high availability
As a result of network congestion, which is one of the natural consequences of increased Internet usage in corporate network connections, performance problems may occur in critical applications. As a result of connection errors, gateway crashes, network connection delays and other performance degradation, companies may experience great economic losses.
It is normal to encounter disconnections, weak response times and slow Internet usage problems, depending on the amount of traffic, as a result of excessive use of Internet and Intranet lines by clients and servers. In such cases, a management should be made to actively allocate the existing line over limited bandwidth.
If your local network has heavy traffic, many of your resources (such as a popular public web server) may be negatively affected. Relying on a server for an application can lead to poor response times or even disconnections. Server load balancing provides a scalable solution by distributing the function of an application server across multiple servers. In this way, the performances on the servers are also increased.
Even in some cases where performance is enough, a secure network infrastructure system must be established that can tolerate an error at the gateway level. Nowadays, most organizations prefer network security products that support high availability, confident that they will suffer huge financial losses due to instant access problems in the network.
Products that support high availability guarantee nearly 100 percent accessibility with redundant systems on both software and hardware basis. When a problem arises, components that ensure high availability must make sure that your network is secure and be maintained completely transparent to the end user. Network administrators who will provide real effective solutions should provide reliable services to their internal and external users.
Source: https://www.turkhackteam.org/genel-guvenlik/1621752-ag-guvenligini-saglamak-icin-neler-yapilmali.html
Translator: Dolyetyus
