From the course: CISSP Cert Prep (2021): 4 Communication and Network Security

Restricting network access

From the course: CISSP Cert Prep (2021): 4 Communication and Network Security

Start my 1-month free trial

Restricting network access

- [Instructor] One of the major tasks facing security professionals is restricting access to networks. When controlling access to networks, administrators typically have two main objectives. First, they want to keep unwanted remote users out of the network entirely. This goal is known as network perimeter security and it uses firewall technology to keep out unwanted traffic with access control lists or ACLs. The firewalls used to do this may come from a variety of vendors. Some of the more common vendors include Cisco, Palo Alto and Checkpoint. Second, security administrators want to limit physical network access to authorized users and devices. And they do this using technology known as network access control. Before we dive into the specific technologies used to enforce network security, let's talk a bit about how we define our security policies. We need to be able to explain what we don't want on our network in technical terms, before we can use security devices to enforce those requirements. The simplest form of restriction comes in the form of rules. These rules are expressed in technical terms or in business logic, and they explicitly list all of the types of activity that are, or are not allowed on the network. You've already learned how firewalls do this using firewall rules. We can also restrict access based upon the identity of a user and their role within the organization. This is known as role-based restriction. For example, we might limit access to personnel files to individuals within the human resources department. Some network restrictions are based upon time of day. With time-based restrictions, we might grant some users access to information only during business hours. And we might also implement location-based restrictions that look at a user's physical location before granting access. For example, we might restrict access to sensitive product plans to users who are physically located in our offices. Once we've developed policies based upon rules, roles, time and location, we can then turn to security technologies to enforce those policies.

Contents