Network and infrastructure security focuses on securing the network and its components, including firewalls, intrusion prevention systems (IPS), virtual private networks (VPNs), and network segmentation. These measures help prevent unauthorised access, protect against data breaches, and ensure the security of critical network resources. By securing network infrastructure, organisations can protect their sensitive data, maintain system integrity, and reduce the risk of cyberattacks targeting their network.

———————————————————————————————————

Level 1 Certification

———————————————————————————————————

Measure 7.1: Install a Basic Firewall to Protect the Network

Does your enterprise use a basic firewall to filter and monitor traffic on your network?
Example: Deploy a perimeter firewall (either hardware or software) to protect your internal network from external threats and to control incoming and outgoing traffic.

Measure 7.2: Enable VPN for Remote Workers

Does your enterprise use a Virtual Private Network (VPN) for employees working remotely to ensure secure communication with the organisation’s internal network?
Example: Require all remote workers to use a VPN like NordVPN, ExpressVPN, or a company-managed VPN solution to securely connect to the company network.

Measure 7.3: Implement Basic Network Segmentation

Does your enterprise segment your network to limit access between different parts of the infrastructure?
Example: Use VLANs (Virtual Local Area Networks) to separate critical systems (e.g., accounting, HR) from general office systems, reducing the risk of lateral movement in case of a breach.

Measure 7.4: Use Basic Intrusion Detection

Does your enterprise use intrusion detection systems (IDS) to identify malicious traffic or unauthorised access attempts?
Example: Implement a simple IDS solution like Snort or Suricata to monitor network traffic for unusual activities, providing early alerts on potential attacks.

———————————————————————————————————

Level 2 Certificaton

To achieve Level 2: Level 1 must also be achieved.

———————————————————————————————————

Measure 7.5: Implement Intrusion Prevention Systems (IPS)

Does your enterprise use an Intrusion Prevention System (IPS) to actively block malicious traffic and prevent cyberattacks?
Example: Deploy a network-based IPS such as Cisco Firepower or Palo Alto Networks to automatically block known threats and suspicious traffic before they can infiltrate the network.

Measure 7.6: Deploy Network Access Control (NAC)

Does your enterprise use Network Access Control (NAC) to enforce policies and restrict access to the network based on device compliance or user roles?
Example: Implement NAC solutions like Cisco ISE to enforce access policies, ensuring only authorised and compliant devices can connect to the network.

Measure 7.7: Implement Secure Wireless Networks

Does your enterprise ensure that your wireless network is secure, using encryption and authentication methods to prevent unauthorised access?
Example: Use WPA3 encryption for Wi-Fi networks and enforce strong password policies to secure wireless connections, ensuring that only authorised devices can access the network.

Measure 7.8: Monitor Network Traffic for Anomalies

Does your enterprise actively monitor network traffic for signs of malicious activity or unusual behaviour?
Example: Use network monitoring tools like Wireshark or SolarWinds to continuously inspect network traffic and quickly identify abnormal patterns indicative of a security breach.

———————————————————————————————————

Level 3 Certificaton

To achieve Level 3: Level 2 and Level 1 must also be achieved.

———————————————————————————————————

Measure 7.9: Enforce Strong Network Segmentation and Zero Trust Architecture

Does your enterprise implement advanced network segmentation and a Zero Trust architecture to restrict access to critical systems and data?
Example: Adopt a Zero Trust model where no device or user is trusted by default, requiring continuous authentication and authorisation to access any resources on the network.

Measure 7.10: Deploy Enterprise-Grade Firewalls and Next-Generation Threat Detection

Does your enterprise use next-generation firewalls (NGFW) to protect the network from advanced threats?
Example: Implement NGFWs from providers like Fortinet, which provide deep packet inspection, intrusion prevention, and advanced threat protection to block sophisticated attacks.

Measure 7.11: Implement Distributed Denial of Service (DDoS) Protection

Does your enterprise use protection against Distributed Denial of Service (DDoS) attacks to ensure the availability of network services?
Example: Deploy DDoS protection services from providers like Cloudflare or Akamai to mitigate the impact of traffic flooding attacks and ensure continuous network availability.

Measure 7.12: Automate Security Monitoring and Incident Response

Does your enterprise automate network security monitoring and incident response to detect, respond to, and mitigate threats in real-time?
Example: Use Security Information and Event Management (SIEM) solutions like Splunk or IBM QRadar to aggregate security logs, analyse network activity, and trigger automated responses to security incidents.

Measure 7.13: Enforce Network Security Policies Across All Endpoints

Does your enterprise enforce comprehensive network security policies on all devices, including remote endpoints?
Example: Implement endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions like CrowdStrike or Symantec to ensure that all devices connecting to the network comply with security standards.

———————————————————————————————————