
2/9

What is network security?

Network securityconsists of the provisions and policies adopted by a network

administrator to prevent and monitor unauthorized access, misuse, modification,

or denial of a computer network and network-accessible resources. Network

security involves the authorization of access to data in a network, which is

controlled by the network administrator. Users choose or are assigned an ID andpassword or other authenticating information that allows them access to

information and programs within their authority. Network security covers a

variety of computer networks, both public and private, that are used in everyday

jobs conducting transactions and communications among businesses, government

agencies and individuals. Networks can be private, such as within a company, and

others which might be open to public access. Network security is involved in

organizations, enterprises, and other types of institutions. It does as its title

explains: It secures the network, as well as protecting and overseeing operations

being done. The most common and simple way of protecting a network resource

is by assigning it a unique name and a corresponding password.
http://en.wikipedia.org/wiki/Policieshttp://en.wikipedia.org/wiki/Network_administratorhttp://en.wikipedia.org/wiki/Network_administratorhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Network_administratorhttp://en.wikipedia.org/wiki/Network_administratorhttp://en.wikipedia.org/wiki/Policies


3/9

Network Security Defined

So what is the definition of network security? That depends on where you stand.

For the Legal department, network security is the set of controls required to

maintain compliance with regulatory constraints. For product engineers, it may be

the processes and technology to protect intellectual property. Business

management will probably tell you that, while they are concerned with legal and

intellectual property concerns, they also want to make sure critical business

systems remain available.

It can get a little confusing when trying to sort all this out. However, from a

security professional's perspective, all these requirements make sense. They are

covered under the three pillars of information security:

Confidentiality - concerned with making sure the wrong people can't see

sensitive information

Integrity - ensuring all data, whether medical, business, or financial, is accurate

Availability (continuity) - keeping the bad guys from access they can use to take

down a system or entire network (i.e., killing one or more critical business

processes)


4/9

These three outcomes are the objectives of all network security, including

stopping bad stuff from coming into the network and thwarting attacks which

make it past perimeter controls- and they will eventually make it past your well-

planned and implemented defenses.

In the next installment in this series, we'll explore at a high level how various

layers of controls work to protect your network and the data stored in or moving

through it.

Network security concept

Network security starts with authenticating the user, commonly with a username

and a password. Since this requires just one detail authenticating the user name

examples the password, which is something the user 'knows', this is sometimes

termed one factor authentication. With two-factor authentication, something the

user 'has' is also used example a security token or 'dongle', an ATM card, or a

mobile and with three-factor authentication, something the user 'is' is also used

such a fingerprint or retinal scan.

Once authenticated, a firewall enforces access policies such as what services are

allowed to be accessed by the network users. Though effective to prevent

unauthorized access, this component may fail to check potentially harmful

content such as worms or Trojans being transmitted over the network. Anti-virus

software or an intrusion prevention system (IPS) help detect and inhibit the action

of such malware. An anomaly-based intrusion detection systemmay also monitor

the network and traffic for unexpected or suspicious content or behavior and

other anomalies to protect resources, example fromdenial of service attacks oran employee accessing files at strange times. Individual events occurring on the

network may be logged for audit purposes and for later high-level analysis.

Communication between two hosts using a network may be encrypted to

maintain privacy.
http://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Two-factor_authenticationhttp://en.wikipedia.org/wiki/Security_tokenhttp://en.wikipedia.org/wiki/ATM_cardhttp://en.wikipedia.org/wiki/Fingerprinthttp://en.wikipedia.org/wiki/Retinal_scanhttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Anti-virus_softwarehttp://en.wikipedia.org/wiki/Anti-virus_softwarehttp://en.wikipedia.org/wiki/Intrusion_prevention_systemhttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Anomaly-based_intrusion_detection_systemhttp://en.wikipedia.org/wiki/Deep_packet_inspectionhttp://en.wikipedia.org/wiki/Denial_of_servicehttp://en.wikipedia.org/wiki/Denial_of_servicehttp://en.wikipedia.org/wiki/Deep_packet_inspectionhttp://en.wikipedia.org/wiki/Anomaly-based_intrusion_detection_systemhttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Intrusion_prevention_systemhttp://en.wikipedia.org/wiki/Anti-virus_softwarehttp://en.wikipedia.org/wiki/Anti-virus_softwarehttp://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Retinal_scanhttp://en.wikipedia.org/wiki/Fingerprinthttp://en.wikipedia.org/wiki/ATM_cardhttp://en.wikipedia.org/wiki/Security_tokenhttp://en.wikipedia.org/wiki/Two-factor_authenticationhttp://en.wikipedia.org/wiki/Authentication


5/9

Honey pots, essentially decoy network-accessible resources, may be deployed in a

network as surveillance and early-warning tools, as the honeypots are not

normally accessed for legitimate purposes. Techniques used by the attackers that

attempt to compromise these decoy resources are studied during and after an

attack to keep an eye on new exploitation techniques. Such analysis may be usedto further tighten security of the actual network being protected by the honeypot.

Security management

Security management for networks is different for all kinds of situations. A home

or small office may only require basic security while large businesses may require

high-maintenance and advanced software and hardware to prevent malicious

attacks from hacking and spamming.

Firewall network

A firewall can either be software-based or hardware-based and is used to help

keep a network secure. Its primary objective is to control the incoming and

outgoing network traffic by analyzing the data packets and determining whether

it should be allowed through or not, based on a predetermined rule set. A

network's firewall builds a brigade between an internal network that is assumed

to be secure and trusted, and another network, usually an external

(inter)network, such as the Internet, that is not assumed to be secure and trusted.

Many personal computeroperating systemsinclude software-based firewalls to

protect against threats from the public Internet. Manyroutersthat pass databetween networks contain firewall components and, conversely, many firewalls

can perform basic routing functions.

The term firewall originally referred to a wall intended to confine a fire or

potential fire within a building. Later uses refer to similar structures, such as the
http://en.wikipedia.org/wiki/Honeypot_(computing)http://en.wikipedia.org/wiki/Decoyhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Hacker_(computer_security)http://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Router_(computing)http://en.wikipedia.org/wiki/Router_(computing)http://en.wikipedia.org/wiki/Router_(computing)http://en.wikipedia.org/wiki/Firewall_(construction)http://en.wikipedia.org/wiki/Firewall_(construction)http://en.wikipedia.org/wiki/Router_(computing)http://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Hacker_(computer_security)http://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Decoyhttp://en.wikipedia.org/wiki/Honeypot_(computing)


6/9

metal sheet separating the engine compartment of a vehicle or aircraft from the

passenger compartment.

Firewall technology emerged in the late 1980s when the Internet was a fairly new

technology in terms of its global use and connectivity. The predecessors to

firewalls for network security were the routers used in the late 1980.

Why You Should Care about Network Security for future

Network security hasn't always been as important as it is today. The history of

network security is a story of the evolution of processing power, connectivity, and

the Internet.

When computers first appeared in business, they were large, multi-user devices

locked behind the doors of a data center- a data center jealously protected by

information technology (IT) staff. In many cases, users didn't even have terminals.

They handed a request to a computer operator and received a report in return.

No real security issues here.

In addition to business user restrictions, early computers were rarely attached to

other computers; and the Internet didn't exist. Opportunities for attacker access

to sensitive information were rare, and personal identity information was stilllargely kept on paper in file cabinets.

Eventually, personal computers began appearing in businesses. Of course,

management wanted these systems connected to the data center systems. Thus,

networks appeared. Early Token Ring and Arc net technologies eventually gave

way to wireless and Ethernet connectivity, providing high-speed access. Add to


7/9

this the current need to connect to the Internet, and opportunities for criminals

across the globe to steal data or hold networks hostage abound.

Previous case studies show below :

Reported network attacked

Type of attack Percentage reportingsuccessful attack

Computer virus/worm 85%

System penetration 40%

Denial of service attacks 40%

web server penetration 38%


8/9

Reference

Dhillon, Gurpreet (2007). Principles of Information Systems

Security: text and cases. NY: John Wiley & Sons. ISBN 978-0-471-

45056-6.

Allen, Julia H. (2001). The CERT Guide to System and Network

Security Practices. Boston, MA: Addison-Wesley. ISBN 0-201-

73723-X.

Discovering COMPUTER Your interactive Guide to the Digital

World (2012) ,Gary B.Shelly,Misty E.Vermaat,JeffreyJ.Quasney,Susan L.Sebok,Steven M.Freund
http://en.wikipedia.org/wiki/International_Standard_Book_Numberhttp://en.wikipedia.org/wiki/Special:BookSources/978-0-471-45056-6http://en.wikipedia.org/wiki/Special:BookSources/978-0-471-45056-6http://en.wikipedia.org/wiki/International_Standard_Book_Numberhttp://en.wikipedia.org/wiki/Special:BookSources/0-201-73723-Xhttp://en.wikipedia.org/wiki/Special:BookSources/0-201-73723-Xhttp://en.wikipedia.org/wiki/Special:BookSources/0-201-73723-Xhttp://en.wikipedia.org/wiki/Special:BookSources/0-201-73723-Xhttp://en.wikipedia.org/wiki/International_Standard_Book_Numberhttp://en.wikipedia.org/wiki/Special:BookSources/978-0-471-45056-6http://en.wikipedia.org/wiki/Special:BookSources/978-0-471-45056-6http://en.wikipedia.org/wiki/International_Standard_Book_Number


9/9

Conclusion

Because networks are so commonplace within organizations, network security is

Important for all administrators. Maintaining good network security is a full-time

task that has to involve the cooperation of all employees within an organization.

Because network security is so important, and involves all aspects of day-today

Operations, it is important that security policies be communicated from

the top down, and that all managers are involved in the planning of network

Security policies

Many organizations, especially small ones, dont feel that they need to worry

about network security. The truth is, any organization that is publicly connected

to the Internet has to make an effort to secure its border.

security for fututre network

Documents