Infrastructure and Network Security
Firewalls are an essential part of network security. A firewall controls the traffic flow between networks within a framework of defined rules. The most common purpose of their use is to protect organizations’ internal networks from threats originating from the Internet. The firewall examines the incoming traffic, compares it with predefined rules, blocks or allows the traffic according to comparison results, or forwards it to other network security technologies to be taken another action.
Next-generation firewalls whose logical network segmentation we can design with agile and flexible methods, are one of the solutions that can run many security functions including Application Level Control, User-Based Content Control, Intrusion Prevention and Detection Systems (IPDS), SSL/TLS debugging, URL filtering, APT protection, and DNS protection.
Content filtering is applied to users' e-mail and web access. The aim is to prevent content such as spam, viruses, and malware from damaging systems via e-mail and web access.
Considering that today, new websites are launched all the time, the content of such websites can change instantaneously, and e-mails containing phishing and malicious code are becoming increasingly widespread with everchanging formats; effective content filtering solutions that adapt to this rapid change play a very important role. With content filtering, it becomes possible to prevent users from accessing sites and applications that are not fit for business purposes.
Firewall, IPS, anti-virus, and content filtering solutions, which can detect malicious codes with signature-based methods, are insufficient in detecting malicious software specially developed for organizations. These attacks, which we call APT (Advanced Persistent Threat), are also called "zero-day attacks" since a signature has not been developed yet. It is possible to prevent APT attacks by using malicious code analysis and blocking solutions that run a copy of the traffic on virtual systems, examine its behavior and stop the traffic if a suspicious situation is detected.
It is generally thought that attacks on company networks are of external origin. However, the real danger comes from within the network. If you don't know what's going on in the network, you cannot take precautions against threats. It is necessary to maximize security control at physical network access points (printer, IP phone, camera, smart TV, etc.) in common areas. For example, malicious people can easily infiltrate your system by copying the MAC addresses and/or IP information of the devices from the network access points in common areas such as meeting rooms. It is possible to prevent such intrusion attempts with Network Access Control (NAC) solutions. With NAC technology, you can take automatic measures against possible threats by seeing the details of every device on the network.
DNS is one of the most mission-critical systems of any organization. The inaccessibility of DNS within the organization can render the entire business continuity inoperable.
DNS has become a very common vector used by attackers today. Volumetric DNS attacks, NXDOMAIN attacks, DNS vulnerability exploitation, DNS server hijacking, poisoning, DGA attacks are the most common ones. DNS security is one of the most important parts of ensuring the integrity and accessibility of DNS, as well as protecting against advanced attacks or detecting an inside threat.
The Internet has become a part of every process used in business continuity, from cloud applications to mail traffic, file sharing, and web access.
Sending sensitive and critical data in encrypted format is one of the most basic methods. However, encrypted traffic is often used by attackers to leak malicious content into the corporate network. SSL/TLS visibility is an important technology solution for detecting advanced threats and malware. SSL/TLS visibility platforms are used to open the content of SSL/TLS traffic and send it to the relevant security tools for security audits and controls.
One of the most common attack types of today is DoS and DDoS attacks. These attacks aim to render the target system inaccessible/unusable for a while.
DoS/DDoS protection allows for service-based prevention of attacks on servers running on the web. These solutions make it possible to reduce the response time of opened connections, protect against abnormal traffic, and prevent DoS/DDoS attacks.
A network security distribution platform is a solution that can connect to the network virtually or physically and distribute traffic to relevant security devices or other applications as needed. By taking a copy of the existing network traffic, they can filter according to different criteria and combine more than one traffic. These platforms also have the ability to make multiple copies from a single link. It is also possible for them to redirect to various security analysis solutions by taking meta-data from network traffic.
All settings and rules that you have made on network devices can be completely erased due to a hardware or software problem that may occur on the device. Therefore your network may be left unprotected. You should make a backup of your network device periodically or after each change and keep it in a secure place. Backup and storage may not be a problem for an organization with a few devices. But for organizations with complex structures and devices, you should opt for solutions that automate backup, monitoring, and secure storage.