Module 5

Network Management Security and Network Access Control

____________________________________________________________________
MUSA NOTES
Network Management Security

What is Network Security?

Network security is a computer networking system policy to assure the security of its
organization’s assets, software, and hardware resources. The term network security
also emphasizes monitoring and controlling of unauthorized access, misuse, and any
unwanted modification in the networking system.

The most common authentication process practiced everywhere is to assign an

exclusive user ID and password to the user for authentication and to access the
resources of the network.

As organizations move to the cloud, they’re focusing more on securing their cloud
applications and data. But even though the perimeter is not as defined as in the past,
network security remains one of the fundamental information security best practices.

Since environments today are complex, many organizations rely on a centralized

approach for managing their network security. Let’s explore what is network security
management and what network security controls you should consider.

What is Network Security?

First, the basics. A subset of cybersecurity, network security refers to the set of
practices, processes, and technology that you implement to protect your IT
infrastructure from threats.

The objective of network security is to prevent unauthorized access to your network and
IT resources, block malicious actors from stealing your data, and protect your network
from threats such as malware.

Security practitioners sometimes like to use the analogy of a castle to explain how
cybersecurity works. Although that analogy is becoming outdated in today’s dynamic
world, it’s still a useful visual illustration. If you think of your business as a castle, the
network security’s role is to protect everything within the castle walls. That includes
your data, devices and other hardware, operating systems, software, and so on.
Why is Network Security Management Important?

The network is a common attack vector that cybercriminals use to gain access into an
organization. Given the growing magnitude of cybercrime, network security is essential
to defending against data breaches, ransomware, and other escalating threats.

One challenge that many businesses face is the proliferation of the multiple network
security monitoring and defense solutions. When these tools operate in siloes, they
create visibility gaps and inconsistency in how IT security policies are enforced.

That’s why some organizations invest in centralized network security management,

which allows a network security manager, among other things, to gain consistent
visibility across the network from one location, eliminate duplicated tasks, and improve
efficiency.

SNMPv3

SNMP stands for Simple Network Management Protocol. It is basically an

Internet Standard Protocol which is used for monitoring and organizing information
about the devices on IP network by sending and receiving requests. This protocol is
used for organizing information from devices like switches, modems, routers, servers,
printers etc.
Currently, there are 3 versions of SNMP – SNMPv1, SNMPv2, SNMPv3.

Uses of SNMP in Networking:

• It is mainly used for monitoring and organizing networking resources.
• It is a standard internet protocol that is to be followed by everyone. It sets a
standard for everyone network management, database management, and
organizing data objects.
• Administrator computers (managers) use SNMP for monitoring the clients in the
network.
• This protocol allows for management activities using applications like
Management Information Base (MIB).
Special Features about SNMPv3 :
• v3 is the latest version of SNMP which involves great management services with
enhanced security.
• The SNMPv3 architecture makes the use of User-based Security Model (USM) for
security of the messages & the View-based Access Control Model (VACM) for
accessing the control over the services.
• SNMP v3 security models supports authentication and encrypting.
• SNMPv3 supports Engine ID Identifier, which uniquely identifies each SNMP
identity. The Engine ID is used to generate a unique key for authenticating
messages.
• v3 provides secure access to the devices that send traps by authenticating users &
encrypting data packets which are sent across the network.
• It also introduces the ability to configure and modify the SNMP agent using SET
for the MIB objects. These commands enable deletion, modification, configuration
and addition of these entries remotely.
• USM – For facilitating remote configuration and management of the security
module.
• VACM – For facilitating remote configuration & management for accessing the
controlling module.

The SNMPv3 message format is shown in Figure

• Version – It is an Integer that identifies the version of SNMP. For SNMPv3, it is 3.

• ID – This field contains the SNMP message identifier which is a unique ID associated
with the message. The msgID field is different from the reqID field available in the
PDU.
• Max Size – This field represents the maximum size of message which the requesting
SNMP entity can accept.
• Flags – This field contains the message security level. 0 – message is authenticated, 1
– message uses privacy, 2 – a report PDU is expected for the message
• Security Model – This field indicates the security model used to generate the
message. When USM is used, it has a value of 3
• Engine ID – This field has the SNMPEngineID of the authoritative SNMP entity
involved in the transaction. When a request PDU is generated from an SNMP engine,
the remote peer (agent for Get request and manager for Trap request) is the
authoritative SNMP entity.
• Engine Boots – This field has the snmpEngineBoots value of the authoritative SNMP
entity involved in the transaction
• Engine Time – This field has the snmpEngineTime value of the authoritative SNMP
entity involved in the transaction
• User Name – This field contains the principal who originated the request.
• Security Parameters – This field contains the security parameters that are security
model dependent. It contains the authentication parameters and the privacy
parameters for USM.
• Context Engine ID – Within an administrative domain, the contextEngineID
uniquely identifies an SNMP entity that may realize an instance of a context with a
particular contextName.
• Context Name – A contextName is used to name a context. Each contextName must
be unique within an SNMP entity.
• PDU – The SNMP PDU (Protocol Data Unit) is used for communication between the
SNMP entities.

SNMPv3 Architecture :
The architecture of the v3 consists of –
• Data definition language,
• Definition of MIB
• Protocol definition
• Security and administration.
Mechanism of version 3 :
• 16-byte key between sender & receiver
• Triple Data Encryption Standard
• Advanced Encryption Standard
• Data Encryption Standard (DES) Cipher Block Chaining (CBC) mode
• MD5 message digest algorithm
NAC:Principle elements of NAC

What is Network Access Control?

Network Access Control is a centralized solution to end-point security that focuses on
network visibility and strict access management by enforcing policies across all users
and devices.

NAC aims to do exactly what the name implies—control access to your network.

The objective of Network Access Control is to block unauthorized users or devices from
entering a private corporate network.

Network Access Control provides visibility, access control, and compliance in

accordance with corporate networks.

In short, NAC enables your organization to define and implement strict access
management controls, comply with security regulations, reduce manual labor, and
avoid data breaches.

How does Network Access Control Work?

NAC is a solution that uses a set of protocols and policies to define and implement rules
that determine which devices and users can access the network.

In most cases, a Network Access Control system is designed to deny network access to
non-compliant and unauthorized devices.
NAC allows you to deny or allow network access based on a variety of factors such as
device health or role-based variables.

For instance, all your employees need access to your network. However, not all your
employees need access to all your network.

NAC allows you to define and implement network access policies based on roles within
your organization.

As a result, you can configure NAC so that your employees only have access to data
that is necessary to complete their job functions.

Network Access Control can be configured to comply with several technical, business,
and security policies.

NAC typically consists of a two-stage process: authentication and authorization. If

either step fails, then the user or device is blocked and quarantined.

During authentication, the NAC system prompts the user to enter credentials in order
to verify their identity as an authorized user.

There are several forms of authentication that businesses can use: username/password,
biometric scan, pin, etc.

After authentication, NAC then authorizes access based on local access policies. If the
access policies allow the user or device, access is granted. If not, access is denied.

Use cases for network access control

In the modern world, physical and virtual devices often repeatedly join and leave a
network, and the devices themselves can vary greatly in their risk profile.
Understanding the different use cases for this technology informs a more
comprehensive NAC solution. Common use cases include:

• IoT: The use of IoT devices only continues to grow. This includes their use
in Operational Technology (OT) settings and connections to enterprise networks
from home networks. Such devices can go unnoticed or unmonitored by older
NAC solutions, making them a prime source of exploitation for cybercriminals.
 The right NAC solution will identify and monitor IoT devices, in addition to
traditional devices.
• BYOD (Bring Your Own Device): With employees working remotely from
personal computers or accessing the corporate network from personal phones, a
proper NAC solution must also be able to handle permissions and authentication
of unfamiliar devices attempting to access the network.
• Incident Response: In addition to simply controlling network access, a robust
network access control solution should be able to respond to threats quickly and
effectively. This is where automation comes into play. Automation in
a NAC solution enforces security policies, shares contextual information, and
isolates insecure devices at the point of connection to the network before they can
do any damag
• Contractors: Often, companies want to allow contractors, partners, or
temporary workers access to only certain parts of the network. NAC can be used
to maintain access privileges and prevent unauthorized access to certain parts of
the network while ensuring guest users have smooth connectivity and a good
experience.
• Medicine: In the world of healthcare, there is a growing reliance on the Internet
of Medical Things (IoMT) devices. But healthcare is a highly regulated industry,
and network compliance is vital. Properly structured NAC solutions can provide
the necessary protection of sensitive personal data and medical records in a
network with multiple users and IoMT devices.
• Compliance: Organizations can be fined if they do not meet regulatory
requirements for their respective industries. NAC solutions can be considered a
form of risk mitigation that helps enforce compliance controls under regulations
such as HIPAA, SOX, or PCI-DSS.