By: Nihad Hassan
November 3, 2021
Network Security Policy and Its Role In Defending Against Cyberattacks
By: Nihad Hassan
November 3, 2021
Computer networks have become an integrated part of our digital life in today's information age. Nowadays, most work is done electronically and is facilitated using some form of computer network. For example, whenever you purchase something online, access your social media account, or check your email, you have used a computer network to connect with these online services.
Computer network technology continues to evolve and is considered the backbone of information systems and the primary enabler of digital transformation. Without computer networks, sharing data or resources (applications, hardware devices) is impossible, making utilizing digital technologies too complex and costly.
Any organization that wants to transform its operations digitally needs to use either wired or wireless computer networks. According to their geographical coverage (LAN, MAN, and WAN) and business functions, there are various types of computer networks. However, regardless of their kind, they are a lucrative target for cybercriminals. For instance, all organization data, applications, and other resources are stored on digital systems (servers, hard drives) that need them to access. Therefore, securing computer networks has become a top priority for organizations to utilize IT solutions effectively.
This article will discuss the importance of having a network security policy, its advantages, and its main components.
Defining Network Security Policy
A network security policy (also known as Computer network security) defines the set of measures, best practices, and rules for accessing computer networks that all users must follow to protect their organization network from malicious actors. It also outlines the organization's network infrastructure, how the network security policies will be enforced, and what types of security controls must be deployed to protect it from unauthorized access.
It should address all aspects that can allow hackers to infiltrate an organization's network. For instance, the policy should address the access and identity management (authentication and authorization), email security, web browsing security, Bring Your Own Device (BYOD) security, endpoint and servers' devices security, cloud integration security, data security (encryption and access management) and anything that malicious actors can exploit to gain a foothold in organization network.
A policy is not enough alone to stop the ever-increasing number of data breaches and social engineering attacks. If possible, other security devices must be deployed, such as firewalls, IDS/IPS, and NDR solutions. However, it remains an essential component of any cyber defense plan to prevent different types of threats, especially insider threats and vulnerabilities created by errors in configuring some services, applications, and hardware devices.
A network security policy will contain many components; the following list the most common security policies included in any network security policy.
Top Five Important Network Security Policies
In this section, I will list the top important five policies for securing computer networks.
Account Management Policy
In its basic definition, a user account contains two pieces of information: a username and a password. A user credential grants authorized users access to the protected resources (computers, files, data, and network). The purpose of account policy is to define the standards required to create user accounts, maintain them, and revoke access when a user leaves the organization.
Organizations commonly utilize an Identity and Access Management (IAM) solution to track users' accounts. IAM simplifies managing users' accounts and governing users' access to sensitive resources within the network (applications, files, systems, or databases) or in the cloud.
Email Usage Policy
Email policy aims to set guidelines for users when using work email for sending, receiving, or storing emails. Email policy ensures all users having access to work email are using it in alignment with the business objectives. This means there should be a different email policy for each organization type. However, there are general aspects that we commonly find in any email policy regardless of organization industry or size, such as:
- Use the email system only for work purposes.
- Never access their work email using public –or untrusted- computers.
- Avoid sending sensitive information via email – such as passwords.
- Avoid sending SPAM emails to external addresses or coworkers.
- Use a strong password to secure your email account and never store this password in places other people can easily find (e.g., saving it on a piece of paper and sticking it to a computer screen).
- Never open attachments or execute programs or files attached to the email from unknown senders.
- Never click on links in emails sent by unknown senders. According to the FBI, phishing was the most common type of cybercrime in 2020.
- Make sure your antivirus is up to date on all devices you use to check emails.
Log Management Policy
In the rise of regulatory compliance acts such as GDPR, PCI DSS, and HIPAA, log management has become critical to adhere to such regulatory bodies. A log management policy will define the implemented procedures to aggregate and collect logs across IT infrastructure. For instance, most security solutions will generate usage logs, such as Firewalls, IDS/IPS, and DLP systems, to name a few. The log management policy will help the security team collect and interpret these logs to provide the necessary information for regulatory bodies and other stockholders and discover any indicator of compromise (IoC) before it turns into a direct threat against organization data and systems.
A sample log policy will record the following:
- Who (user, system) access particular network resources and when?
- The type of object (file, application, service, system) the user has accessed.
- Security events – successful and failed user logins.
- Information about a particular entity – for example, how much memory/bandwidth a specific service/application has consumed?
Internet Access Policy
As its name implies, an internet access policy will define which websites a user can access and which are not. For example, an internet usage policy will deny accessing all social media platforms (e.g., Facebook, Twitter) from work devices.
For all employees whose work requires an internet connection, their connection must be monitored, and their devices must be grouped in a dedicated network segment. In addition, endpoint devices that can access the internet are subject to various cyber threats; hence, putting all these devices in one network segment will prevent spreading the infection to all organization's devices if one device gets infected with malware.
VPN and Remote Access Policy
Since the start of the COVID19 pandemic, work from the home model has become common. When allowing employees to work remotely and access the corporate network from their home, their internet connection must be protected with a VPN. It will create an encrypted tunnel between a user device and the remote server (which tends to be located in another location online). This prevents unauthorized parties from intercepting sensitive information online.
Remote Desktop Protocol (RDP), commonly used by employees for remote access, should also be protected with an encrypted tunner. However, RDP is only preserved with a password, so malicious actors could capture its credentials if a user uses an insecure internet connection to access the work network. Consequently, a valid -and approved - one must be established first for all RDP connections.
There is no single solution for protecting networks from cyberattacks. The best solution is having a layered security approach, where multiple defense layers exist to stop cyberattacks. A network security policy is composed of elements, where each aspect ensures a particular security aspect –or component- within a network is secured enough against cyber threats.
This article defines the term Network Security Policy and mentions the five most essential security policies. However, more security policies must be settled in a place to provide complete network security, such as:
- Endpoint device security policy
- Bring Your Own Device (BYOD) policy
- Wireless connection policy
- Internet of Things security policy
- Incident response policy
- Password policy
- Vulnerability assessment policy