The above basic diagram by right turn security shows the high-level security architecture and security components, which can prevent a data breach in many companies. This high-level network architecture includes firewalls, antivirus, DMZ, IDS and Encryption processes. The goal of these components is to provide internal as well as external security to the companies. The proper working of each component is given below :
- Firewalls :
Properly configured firewalls work like a filter between the network and the internet. Its recommended to setup firewall between every server, system, database server linked with Switch.
- Intrusion detection system(IDS):
IDS is setup with each firewall to prevent potential network attacks. It matches the behaviour of traffic with known attacks. if it detects any intrusion inside the network, it automatically reports to the data controller.
- Demilitarized Zone (DMZ}
It covers the servers with a tight set of rules for external traffic. It is a filtered public subnet with strict access around the servers. It separates the internal network from untrusted networks.
The antivirus software provides protection to the company systems from unknown executable files shows any misbehaviours as a listed virus or other types of malware.
Data need to be stored in a proper encrypted form inside the database. Strong encryption keys are needed to encrypt public card numbers and CVV numbers. It provides strong data protection from an insider as well as external attack