2026-03-08
By Emre SalmanogluNetwork Security: The Complete Guide for Compliance and Security Teams
Learn how to implement network security controls that satisfy ISO 27001, SOC 2, NIS2, and DORA. Covers firewalls, segmentation, IDS/IPS, VPN, DNS security, and compliance evidence.
network security
firewalls
network segmentation
IDS/IPS
compliance
What Is Network Security?
Network security is the discipline of protecting an organisation's network infrastructure, the data travelling across it, and the resources connected to it. It encompasses the technologies, policies, and practices that prevent unauthorised access, detect threats, and ensure the integrity and availability of network services.
Modern network security has evolved beyond the castle-and-moat model. Today's approach combines perimeter controls, internal segmentation, encrypted communications, continuous monitoring, and zero-trust principles to protect increasingly distributed and cloud-hybrid environments.
Network Security Control Layers
| Layer | Controls | Purpose |
|---|---|---|
| Perimeter | Next-gen firewalls, WAF, DDoS protection, email gateways | Block external threats at the boundary |
| Segmentation | VLANs, micro-segmentation, security groups, NACLs | Limit lateral movement and blast radius |
| Access control | NAC, 802.1X, VPN, ZTNA | Control who and what connects to the network |
| Encryption | TLS/mTLS, IPsec VPN, WPA3 | Protect data in transit |
| Monitoring | IDS/IPS, NetFlow, packet capture, DNS logging | Detect threats and anomalies |
| Management | Configuration management, change control, documentation | Maintain security posture and audit evidence |
Firewall Evolution
| Generation | Technology | Capabilities | Limitations |
|---|---|---|---|
| Packet filter | Stateless ACLs | Port/IP-based filtering | No session awareness |
| Stateful inspection | Connection tracking | Session-aware filtering | No application awareness |
| NGFW | Deep packet inspection | Application, user, and content awareness | Performance impact from DPI |
| Cloud-native firewall | Service-native controls | API-driven, auto-scaling, integrated | Provider-specific, limited cross-cloud |
| SASE/SSE | Cloud-delivered security | Unified network + security, identity-aware | Vendor dependency, latency concerns |
Network Segmentation
Segmentation Strategies
| Strategy | Implementation | Security Benefit | Complexity |
|---|---|---|---|
| VLAN-based | Layer 2 separation with routed inter-VLAN access | Basic network isolation | Low |
| Firewall zones | Separate zones with firewall policies between them | Controlled inter-zone access | Medium |
| Micro-segmentation | Per-workload policies using software-defined networking | Granular east-west control | High |
| Zero-trust segmentation | Identity-based policies regardless of network location | Network-agnostic security | High |
Recommended Zones
| Zone | Contains | Access Policy |
|---|---|---|
| DMZ | Public-facing services (web servers, APIs) | Internet ingress, limited internal egress |
| Application tier | Application servers, middleware | DMZ to app tier, app tier to data tier only |
| Data tier | Databases, file storage | Application tier access only, no direct internet |
| Management | Jump boxes, admin tools, monitoring | Restricted admin access, MFA required |
| User network | Employee workstations | Segmented by department, internet via proxy |
| IoT/OT | Industrial and IoT devices | Isolated, minimal connectivity |
Network Monitoring
| Technology | What It Monitors | Detection Capability |
|---|---|---|
| IDS/IPS | Traffic patterns, known attack signatures | Known attacks, protocol anomalies |
| NetFlow/IPFIX | Traffic metadata (source, destination, volume) | Traffic anomalies, data exfiltration |
| Full packet capture | Complete network traffic | Deep forensic investigation |
| DNS logging | DNS queries and responses | C2 communication, data exfiltration via DNS |
| SSL/TLS inspection | Decrypted traffic content | Encrypted threats, data loss |
| Network behaviour analysis | Baseline deviation detection | Insider threats, novel attacks |
Compliance Requirements
Framework Mapping
| Requirement | ISO 27001 | SOC 2 | NIS2 | DORA |
|---|---|---|---|---|
| Network security controls | A.8.20 | CC6.6 | Art. 21(2)(d) | Art. 9(2) |
| Network segmentation | A.8.22 | CC6.1 | Art. 21(2)(d) | Art. 9(2) |
| Web filtering | A.8.23 | CC6.6 | Art. 21(2)(d) | Art. 9(2) |
| Encryption in transit | A.8.24 | CC6.7 | Art. 21(2)(d) | Art. 9(2) |
| Network monitoring | A.8.16 | CC7.2 | Art. 21(2)(b) | Art. 10 |
| Firewall management | A.8.20 | CC6.6 | Art. 21(2)(d) | Art. 9(2) |
| Remote access security | A.8.20 | CC6.1 | Art. 21(2)(d) | Art. 9(4)(d) |
Audit Evidence
| Evidence Type | Description | Framework |
|---|---|---|
| Network architecture diagram | Current topology showing zones, controls, data flows | All frameworks |
| Firewall rule sets | Documented rules with business justification | All frameworks |
| Firewall change records | Change tickets with approval and review | ISO 27001, SOC 2 |
| Segmentation validation | Penetration test or scan proving isolation | ISO 27001, NIS2 |
| IDS/IPS deployment report | Coverage and alert handling procedures | All frameworks |
| VPN/remote access policy | Documented policy for remote connectivity | All frameworks |
| Network security scan results | Regular vulnerability scans of network devices | All frameworks |
Common Mistakes
| Mistake | Risk | Fix |
|---|---|---|
| Flat network with no segmentation | Attacker moves freely once inside | Implement network segmentation by function and data sensitivity |
| Firewall rules never reviewed | Rule bloat, overly permissive access | Review firewall rules quarterly, remove unused rules |
| No east-west monitoring | Lateral movement goes undetected | Deploy IDS and NetFlow monitoring on internal segments |
| Unencrypted internal traffic | Data interception on internal network | Encrypt all traffic with TLS, especially between services |
| Ignoring DNS security | DNS used for C2 and data exfiltration | Implement DNS filtering, logging, and DNSSEC |
| No network device hardening | Default credentials and unnecessary services | Apply CIS Benchmarks for network devices |
How Orbiq Supports Network Security Compliance
Orbiq helps you demonstrate network security controls:
- Evidence collection — Centralise network diagrams, firewall rules, and scan results
- Continuous monitoring — Track network security control effectiveness
- Trust Center — Share your network security posture via your Trust Center
- Compliance mapping — Map network controls to ISO 27001, SOC 2, NIS2, and DORA
- Audit readiness — Pre-built evidence packages for auditor review
Further Reading
- Zero Trust Architecture — Network security in a zero-trust model
- Encryption — Protecting data in transit across networks
- SIEM — Centralising network security monitoring
- Endpoint Security — Protecting devices on the network
- Cloud Security Posture Management — Cloud network security
- Supply Chain Security — Securing network connections with third parties