In order to successfully defend any network from potential attackers, it’s important to take a layered approach to security. There are many different layers to network security ranging from physical security to network device security to user device security to logging and analysis.
The most important part of any network security implementation should be the written Network Security Policies. Network Security Policies are written with specific items in mind. Some examples of Network Security Policies would be an “Acceptable Use” policy or “Equipment Disposal” policy. These policies contain rules and regulations and can provide instruction for performing certain tasks within an organization. They are meant to ensure that people follow a designed procedure to prevent any type of breach that could come from not following a specific policy. Additionally, policies must be created and / or updated as technology changes, and those policies must be reviewed and understood by pertinent users in the organization. Having policies is pointless if no one knows you have them or if they don’t understand them.
Network Security as a whole can be a daunting task for even the most security-conscious engineers, managers, and executives. There are a great many pieces and parts that mesh together to form the overall security infrastructure for any business. Think of network security as being much like a medieval knight’s armor. If there are “chinks” in the armor, you may or may not be able to see them - but they are still there. It’s really not a matter of “if” someone will find those “chinks”, but more a matter of “when”. The only major difference between armor and network security is that you know instantly if an attacker penetrates your armor. You may not know an attacker has penetrated your network until it’s too late.