WA7. Securing WAN Networks¶
Statement¶
You have recently joined a prominent IT firm as a senior network engineer. Your company has landed a major client who requires a Wide Area Network (WAN) design. The client is a leading financial institution that deals with sensitive financial data and is highly concerned about the security of its network.
In order to test your firm’s expertise in designing a WAN network that meets the client’s requirements, the client has asked your company to propose three possible security measures that should be incorporated into the WAN network design. Based on this the client will confirm the design project.
Task: Explain three possible security measures that should be incorporated into a WAN network design.
Answer¶
A Wide Area Network (WAN) is a network that goes beyond a single building or campus and covers a wide geographical area that can span the entire world. The Internet is the world’s largest WAN, but some WANs connect remote offices of companies or data centers (AWS, 2024).
Designing a secure WAN network is a complex task that involves multiple factors, although there are third-party solutions that are ready to be deployed super-fast (AWS, 2024). To build a WAN from scratch, many security measures should be incorporated; the text will focus on three of them: monitoring, access control, and encryption (Shah, 2020).
Monitoring is crucial for any network as the security response will be as good as the data that is available about the issue. Monitoring goes hand-in-hand with software-defined WAN (SD-WAN), which is a technology that allows network administrators to manage network traffic, configuration, and security policies at the software level while the network is running and without replacing any hardware (AWS, 2024). There are manual monitoring tools that involve engineers evaluating network logs to look for anomalies, but there are also some automated monitoring tools that constantly analyze network traffic and take actions based on predefined rules. Automatic monitoring tools may include Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) that can detect and block malicious traffic or notify the engineers about it.
Access control is another important security measure that involves deploying checkpoints at the boundaries of the network to control who can or cannot access the network. Some engineers go beyond the network boundaries and recommend internal access control checkpoints in between network devices and not just on the boundaries. Access control can be implemented using firewalls, Virtual Private Networks (VPNs), and Access Control Lists (ACLs). Firewalls drop or allow traffic based on predefined security rules, VPNs can mask the IP addresses of devices on the network and create secure tunnels between them, and ACLs allow for more granular control of traffic based on the data in the packets (NordVPN, 2020).
Encryption is the third security measure that should be incorporated into a WAN network design. Encryption is the process of ciphering data so that it does not make sense if it falls into the wrong hands. End-to-end encryption is preferred where only the two ends of the connection can decrypt the packets. Encryption is usually a low-level task that is well-implemented into various network protocols such as SSL/TLS, IPsec, and SSH (NordVPN, 2020).
To conclude, securing a WAN network is indeed a complex task; the three measures mentioned above can make the network safer, but more measures can be added like regular security audits, anti-virus software, and multi-factor authentication. The process of securing a network is a continuous process that should be reviewed and updated regularly as new threats are always emerging.
References¶
- AWS. (2024). What is WAN? - Wide Area Network Explained. Amazon Web Services, Inc. https://aws.amazon.com/what-is/wan
- NordVPN. (2020). Next-generation VPN encryption: How does it work? NordVPN; https://nordvpn.com/features/next-generation-encryption/
- Shah, N. (2020, August 10). 3 Important Measures for WAN Security with SD-WAN | Fortinet Blog. Fortinet Blog. https://www.fortinet.com/blog/industry-trends/prioritizing-concerns-around-wan-security-issues