A network infrastructure is a general term used to describe both software and hardware devices that enables communication in an organization. These components enable connectivity of both internal and external links to the enterprise. Therefore, system protection is very fundamental in enhancing communication and service delivery in an organization. Some of the hardware resources of a network infrastructure include; routers, LAN and Ethernet cables. Software components of this infrastructure include operating systems and firewall. Network infrastructure is also mandated to provides services such as DSL and IP protocols. Currently, most organizations are being targeted by hackers and other external threats. These system threats normally breach the security frameworks of the networking infrastructure. Cybercriminals normally target loopholes in the infrastructure so as to infiltrate useful data from the organization for their own benefit. They normally use sophisticated methods such as introducing malware and other types of advanced persistent threats(ATP’s) in the system. Therefore, the best method to protect the infrastructure depends on its ability to improve the security baseline of the system. The security baseline of any system is the master control of all communication devices in the organization. It also serves to establish proper structures in which future technological updates can be attached upon. There are so many methods that can be used to enhance protection of the network infrastructure. Some of these methods include; regulation of routing links, use of ACLs and firewall.
Regulation of routing channels
In this method, the number of members connected to a given routing device is regulated. Traditionally, the automatic peer technique was used to employ a default connection in the network. In this connection, the system was designed to trust the peers’ access to the network. This is a more dangerous routing mechanism that can allow unauthorized personnel to infiltrate the system and introduce malware. Service providers such as Cisco have come up with features that can be implemented in the network infrastructure to protect the system from unauthorized updates ( DeCusatis, 2013) . This feature regulates the network access to only trusted peers in the organization. Neighbor authentication is one of the key features of this method. This technique ensures that a member routing to the network is authentic. It also ensures that the associated updates to the system are trusted. However, message-digest-algorism is normally used to identify the authenticity of the member on both ends of the networking infrastructure.
Delegate your assignment to our experts and they will do the rest.
Furthermore, the additional passive-interface feature has also proved to be very vital in improving the security status of the routing device. The passive-interface ensures that whenever a member logs into the network, the access commands are instantly changed to passive to prevent logic commands from updating the routing protocols. This feature ensures that only trusted members of the organization can update the network’s routing system. However, in the event that only trusted peers are supposed to make updates to the routing system, the passive-interface feature is momentarily turned off to allow for necessary updates.
However, the passive-interface feature has its drawbacks based on the routing protocol being used. For instance, in the RIP routing protocol, the passive-interface feature will momentarily restrict automatic update from the unselected peers but does not stop processing commands from the neighbors ( DeCusatis, 2013) . In some routing protocols, the passive-interface feature may automatically block all the updates that are incoming to the system. Therefore, the feature needs to be implemented based on the routing protocol being used.
Filtering of the routing system is another key feature that can be employed to enhance protection of network infrastructure. This feature is very fundamental in allowing only acceptable networks to be advertised on the router. The technique allows for the filtering of information in the communication path of two or more peers. This process only ensures that the communicating parties are authentically recognized in the system. Generally, filters enable the system to block unwarranted updates from cybercriminals and other intruders. This feature is very fundamental in protecting the organization’s confidential data from outsiders.
Access Control Method
Access control list (ACLs) is another method that can be used to protect the network’s infrastructure from cyber-attacks. ACLs offers protection by permitting system control under certain designated traffic limits. This is due to the fact that external and internal attacks normally add traffic to the system’s addressing structures. Increase in the number of elements in the network address boosts the space allocated for task execution. Therefore, in the event that the traffic is increased in the system, the ACLs will block all unrecognized logic commands thus, protecting the system from malware and other threats ( Nelson & Noronha, 2017) . This feature is normally used in networking switches and routing devices. In most cases, the ACLs are normally placed at the edge of the infrastructure where members can easily access the network. Therefore, ACLs play a crucial role of checking the system traffic whenever an individual logs into the website. A good ACL is supposed to establish the allowable traffic in the system before engaging in system control. Therefore, the whole network infrastructure may be rendered insecure if the system fails to recognize the system traffic.
Hence, there is need to build the network addressing system before engaging in the granular set up of the ACL. The discovery aspect of this feature enables easy determination of the required traffic levels permitted by the system ( Nelson & Noronha, 2017) . Therefore, after the ACL establishes this configuration then it can accept or deny access to the system based on the permitted traffic levels. This method has proved to be a success in the protection of the network infrastructure for so many years.
Use of Notification Banners
This is a very viable method that helps to caution users of their access into the system. The notification banners ensure that users in the interactive platforms of the network are reminded of the system policies and rules stipulated. This statements normally help to ward off unauthorized users in the system. This notification features normally cautions the user of any intended illegal activity. Therefore, in the event that the user disobeys the warning, the tracking command is flagged to provide the login history of the user which is very important in the future prosecution of the intruder. However, the notification content normally varies depending on the legal policies that have been implemented by the organization.
The legal notification statements offer protection by cautioning the user against unauthorized access in the system. It also informs the user that any unauthorized activity in the system is recorded as a legal evidence for future prosecution. However, the legal statements should not contain any specifications of the system’s infrastructure since this can be vital for the attackers’ intrusion plans. Furthermore, this network protection feature should be used in cooperation with other security techniques for additional protection of the organization’s network infrastructure.
Authentication, Accounting and Authorization Method
In this method, the access to the system is structured to go through three major processes aimed to enhance system protection. The authentication feature enables the system to identify the user’s credentials such as name and password then matches them to the available records. This feature is meant to promote the integrity of the system in permitting only authorized users in the network. Therefore, the authentication feature protects the system from external users who are not recognized by denying their access through the login requirements. The authorization feature, on the other hand, provides the user with the privilege to access the system. However, this process normally goes through a series of security checks to ensure that the user being granted access is recognized by the system. Finally, the accounting feature enables the network infrastructure to record all the system configuration changes being enacted by the logged in user.
Therefore, the three features are popularly known as the AAA protection of the networking infrastructure. However, for additional protection, the AAA is normally configured in a manner that selects the roles for various users ( Pagan & Short, 2014) . The user may either be given full control of the network or a monitoring role. This is meant to enhance security since the system updates are only reserved for network administrators. Therefore, these roles provide enough protection from the system attackers since the administration role is assigned to a few number of users in the organization. The AAA protection technique is the most common technique for protecting the network infrastructure. However, with advancing technological know-how, the AAA should be properly configured based on the command protocol being used.
Ecosystem Data Sharing Technique
This method allows the ecosystem such as SIEM to share data being processed in the system structures. Therefore, the ecosystem is aware of all the events that are going on in the network thus it has full control over these events based on the level of vulnerability of the connected devices. Therefore, whenever a device is logged on to the system, the ecosystem sends alerts to the vulnerable devices such as scanners to only authorize the intruder on integrity confirmation. Furthermore, the SIEM allows for further analysis of the attack being lodged on the network to evaluate its adversities on the system. Data sharing with the control component is very beneficial since it’s very easy to detect unauthorized access in the system. In some networking infrastructures, detection of unauthorized activity is normally flagged off automatically thus providing the system with much protection from external attack.
User Training Sessions
In any networking infrastructure, users are normally the weakest link. Therefore, for maximum protection of the network, it is important to enhance user training platforms. This will ensure that authorized users are in touch with up to date changes and security updates on the system. Lack of expertise skills in technology can be exploited by attackers to get their access into the networking infrastructure. Therefore, proper training of the system users helps to reduce cases in which personnel can act as a link to infiltrate data from the system. There are practices such the use of strong passwords which can play a crucial role in enhancing protection of the system. Also, in the case that the system has too many security guidelines, then it is important for the users to be educated on some of these key elements to enhance maximum protection.
Increasing System Redundancy
Redundancy in networks not only makes the system bulky but also helps to offer protection ( Quattrociocchi, Caldarelli & Scala, 2014). The redundant elements in a network are very fundamental in providing much flexibility in the system’s ability to control data flow based on the vulnerability of the attached devices. In the event that a given routing link has been corrupted or attacked, the system’s master control can issue alerts to the various connected devices. This alert can be programmed to trigger total dissemination of the components perceived vulnerable from the system. Therefore, redundancy helps to ensure that the system operates normally even when some elements have been disabled. This provides the system with much flexibility to check on its security features. Redundancy also enhances proper distribution of system resources which proves to be vital in reducing denial-of-service intrusions (DOS) ( Malla & Sahu, 2013). Therefore, resource distribution reduces the risks of DOS attacks since limited data may be available for the attackers. Furthermore, the integration of this method with the firewall technique can be very effective in ensuring that the system protection is paramount in the organization.
Generally, the firewall is a software tool that helps to restrict certain elements of the network from the public. It serves to grand or denies access based on the configured preferences in the network platforms. Firewall software is normally categorized into public, private and internal access points. In the public section, the network port can easily be accessed by any person in the public domain. However, in the public networking platforms, the data availed is of general knowledge. This networking platform also helps to shield confidential data from the public.
The private section only allows access by authorized individuals in the system. In this port, the available information is only confined to a few individuals in the organization. furthermore, the information available in the port is further segmented for various personnel in the organization. This can be in categorized based on hierarchy. Finally, in the internal section, data can only be accessed within the system servers. However, in the firewall feature, the ports that are not used are blocked fully to boost the system's protection ( Watt & Leerssen, 2016) . Therefore, the integration of this software with the redundancy feature can help to provide a stronger protection on the whole network. However, these protection technique needs a proper design to seal all loopholes that can be used by attackers to infiltrate the system.
References
DeCusatis, C. (Ed.). (2013). Handbook of fiber optic data communication: a practical guide to optical networking . Academic Press.
Malla, A. M., & Sahu, R. K. (2013). Security attacks with an effective solution for dos attacks in VANET. International Journal of Computer Applications , 66 (22).
Nelson, K. C., & Noronha, M. A. (2017). U.S. Patent No. 9,697,373 . Washington, DC: U.S. Patent and Trademark Office.
Pagan, F. C., & Short, J. E. (2014). U.S. Patent No. 8,713,641 . Washington, DC: U.S. Patent and Trademark Office.
Quattrociocchi, W., Caldarelli, G., & Scala, A. (2014). Self-healing networks: redundancy and structure. PloS one , 9 (2), e87986.
Watt, C. T., & Leerssen, S. A. (2016). U.S. Patent No. 9,258,262 . Washington, DC: U.S. Patent and Trademark Office.
