WAN Branch Network Solutions

This security segment discusses the role of the enterprise WAN edge in the end-to-end security policy enforcement. The main focus of the enterprise WAN edge is to provide secure and reliable VPN access for remote sites.

Network devices are components of a network that enable endpoint hosts to communicate – this includes hardware and software like switches, hubs, routers, firewalls and so on. Network device security is combination of measures to secure network device itself to ensure proper communication between end hosts like servers, printers and workstations. This includes mitigation techniques like encrypting management access, disabling unused services, configuration management and other functions to secure the management and control planes of a device. Resiliency as a method of providing service availability in case of unusual event such as disaster could also be interpreted as part of network security. Device security also includes physical access security as a method for network continuation and survivability.

Secure connectivity is the most fundamental and important part of a secure corporate WAN. It could provisioned with a VPN setup or other private communication. This includes authentication, encryption and data integrity verification and could be implemented at Layer 2 (MACSec), Layer 3 (IPSec) or at the Application Layer (SSL VPN) of the OSI model. Secure connectivity prevents data interception and unauthorized access to the network.

Network access restriction prevents unauthorized access by defining strict and unambiguous policies and firewall rules. It could be implemented with traffic ACLs, Firewall rules and Intrusion Prevention.

QoS is the ability to provide preferential network service as bandwidth or latency according to specific service requirements. The Resource Allocation mitigation technique category provides protection against resource depletion as well as CPU and Memory Threshold notifications.

Network monitoring and troubleshooting often involves tools for event logging and network management systems. This mitigation technique provides visibility and reporting functions for network management.