Network Hardening Best Practices
Network hardening: Is the process of securing a network by reducing its potential vulnerabilities through configuration changes, and taking specific steps
Implicit deny: A network security concept where anything not explicitly permitted or allowed should be denied
Analyzing logs: The practice of collecting logs from different network and sometimes client devices on your network, then performing an automated analysis on them
Logs analysis systems are configured using user-defined rules to match interesting or a typical log entries. These can then be surfaced through an alerting system to let security engineers investigate the alert.
Normalizing log data is an important step since logs from different devices and systems may not be formatted in a common way.
If we see a suspicious connection coming from a suspect source address and the firewall logs to our authentication server we might want to correlate that logged connection with the log data of the authentication server. That would show us any authentication attempts made by the suspicious client. This type of logs analysis is also super important in investigating and recreating the events that happened once a compromise is detected. This is usually called a post fail analysis, since it’s investigating how a compromise happened after the breach is detected
- One popular and powerful logs analysis system is splunk, a very flexible and extensible log aggregation and search system. Splunk can grab logs data from a wide variety of systems and in large amounts of formats. It can also be configured to generate alerts and allows for powerful visualization of activity based on log data
Flood guards: Provide protection against DoS or Denial of Service Attacks

For more information on this Video Lecture check out the following links: