Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
An organisation must choose from among the various approaches to network security and take the necessary steps in terms of cybersecurity. A particular approach or paradigm will influence all subsequent security decisions and will determine the requirements for the entire organisation’s network security infrastructure. Network security paradigms can be classified according to the scope of the security measures taken (perimeter, layered) or according to how proactive the system is.
In a perimeter security approach, most of the security effort is focused on the perimeter of the organisation’s network. This focus includes firewalls, proxy servers, password policies, and any technology or procedure that makes unauthorised access to the network less likely. Little or no effort is devoted to protecting systems within the network. In this approach, the perimeter is important and secure, but the various systems within that perimeter generally remain vulnerable.
We would describe this perimeter approach as a flawed perspective. So if it is a flawed approach, why do some companies use it? A small organisation with budget constraints or inexperienced network administrators may focus on the perimeter approach. This method will be sufficient for small organisations that do not store sensitive data. It can, rarely, also be used when considering a large corporate environment in which no critical data exists on electronic systems.
A layered security approach is one in which not only the perimeter is secure, but also the independent systems within the network. All servers, workstations, routers, and hubs on the network must be secured. One way to achieve this is to segment the network and secure each segment as if it were a separate network. This way, if the perimeter security is compromised, not all internal systems are affected. Layered security is a cybersecurity approach that is preferred whenever possible.
You also need to measure your security approach according to how proactive or reactive it is. You do this by determining how much of the system’s security infrastructure and policies are devoted to preventive measures, as opposed to focusing on responding to an attack after it has occurred.
A passive security approach takes few or no steps to prevent an attack. In contrast, a dynamic security approach, or proactive defence, is one of the steps taken to prevent attacks before they occur. One example of proactive defence is the use of an IDS that attempts to detect attempts to circumvent security measures. These systems can tell a system administrator that an attempt to breach security has been made, even if that attempt was unsuccessful. An IDS can also be used to detect the various techniques that intruders use to evaluate a target system.
Networks generally remain on a continuum with elements of more than one security paradigm. In this method, elements from both categories are combined to create a mixed approach.
This can be primarily passive but layered, or built primarily with the perimeter in mind. At the same time it may have a proactive network. When considering approaches to computer security along a Cartesian coordinate system, the x-axis representing the level of passive-to-active approaches and the y-axis showing the range between perimeter and layered defence can be useful. The most desirable hybrid approach is a layered paradigm that is also dynamic.
You May Be Interested In These
