From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Restricting network access
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Restricting network access
- [Narrator] One of the major tasks facing security professionals is restricting access to networks. When controlling access to networks, administrators typically have two main objectives. First, they want to keep unwanted remote users out of the network entirely. This goal is known as network perimeter security and uses firewall technology to keep out unwanted traffic with access control lists or ACLs. These firewalls may come from a variety of vendors. Some of the more common firewall vendors include Cisco, Palo Alto, and Check Point. Second, security administrators want to limit physical network access to authorized users and devices using technology known as network access control. We'll discuss both firewalls and NAC more as move throughout this course. Before we dive into the specific technologies used to enforce network security, let's talk a bit about how we define our security policies. We need to be able to explain what we don't want on our network in technical terms before we can use security devices to enforce those requirements. The simplest form of restriction comes in the form of rules. These rules are expressed in technical terms or business logic and explicitly list all of the types of activity that are or are not allowed on the network. We can also restrict access based upon the identity of a user and their role within the organization. This is known as role-based restriction. For example, we might limit access to personnel files to individuals within the human resources department. Some network restrictions are based upon the time of day. With time-based restrictions, we might grant some users access to information only during business hours. And we might also implement location-based restrictions that look at a user's physical location before granting access. For example, we might restrict access to sensitive product plans to users who are physically located in our offices. Once we've developed policies based upon rules, roles, time and location, we can then turn to security technologies to enforce those policies.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.