5.3. Security Features and Solutions
đź’ˇ First Principle: Security features exist at every layer. The right control depends on what you're protecting and what you're protecting it from. Device hardening reduces attack surface; segmentation limits blast radius; access control enforces policy.
What breaks without proper security features: An unhardened switch with default credentials becomes an attacker's pivot point into your network. Without 802.1X, anyone who plugs into a network jack gets access. Without proper firewall rules, internal systems are exposed. Security features are layered defenses—missing one layer doesn't mean immediate compromise, but it shortens the path attackers must travel.
Consider a hospital network: NAC ensures only authorized devices connect, segmentation keeps medical devices separate from guest WiFi, and firewall rules prevent lateral movement. Each control adds time for detection and response.
