HOME

TheInfoList



OR:

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor
unauthorized Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More fo ...
access, misuse, modification, or denial of a
computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...
and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses,
government agencies A government or state agency, sometimes an appointed commission, is a permanent or semi-permanent organization in the machinery of government that is responsible for the oversight and administration of specific functions, such as an administratio ...
and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.


Network security concept

Network security starts with
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
, commonly with a username and a
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. Since this requires just one detail authenticating the user name—i.e., the password—this is sometimes termed one-factor authentication. With
two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
, something the user 'has' is also used (e.g., a
security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens incl ...
or '
dongle A dongle is a small piece of computer hardware that connects to a port on another device to provide it with additional functionality, or enable a pass-through to such a device that adds functionality. In computing, the term was initially synonym ...
', an
ATM card An ATM card is a payment card or dedicated payment card issued by a financial institution (i.e. a bank) which enables a customer to access their financial accounts via its and others' automated teller machines (ATMs) and to make approved point of ...
, or a
mobile phone A mobile phone, cellular phone, cell phone, cellphone, handphone, hand phone or pocket phone, sometimes shortened to simply mobile, cell, or just phone, is a portable telephone that can make and receive calls over a radio frequency link whil ...
); and with three-factor authentication, something the user 'is' is also used (e.g., a
fingerprint A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfac ...
or
retinal scan A retinal scan is a biometric technique that uses unique patterns on a person's retina blood vessels. It is not to be confused with other ocular-based technologies: iris recognition, commonly called an "iris scan", and eye vein verification that u ...
). Once authenticated, a
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
s or
Trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...
s being transmitted over the network.
Anti-virus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
or an
intrusion prevention system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
(IPS) help detect and inhibit the action of such
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
. An anomaly-based intrusion detection system may also monitor the network like wireshark
traffic Traffic comprises pedestrians, vehicles, ridden or herded animals, trains, and other conveyances that use public ways (roads) for travel and transportation. Traffic laws govern and regulate traffic, while rules of the road include traffic ...
and may be logged for audit purposes and for later high-level analysis. Newer systems combining unsupervised
machine learning Machine learning (ML) is a field of inquiry devoted to understanding and building methods that 'learn', that is, methods that leverage data to improve performance on some set of tasks. It is seen as a part of artificial intelligence. Machine ...
with full network traffic analysis can detect active network attackers from malicious insiders or targeted external attackers that have compromised a user machine or account. Communication between two hosts using a network may be encrypted to maintain security and privacy. Honeypots, essentially
decoy A decoy (derived from the Dutch ''de'' ''kooi'', literally "the cage" or possibly ''ende kooi'', " duck cage") is usually a person, device, or event which resembles what an individual or a group might be looking for, but it is only meant to lu ...
network-accessible resources, may be deployed in a network as
surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...
and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Honeypots are placed at a point in the network where they appear vulnerable and undefended, but they are actually isolated and monitored. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new
exploitation Exploitation may refer to: *Exploitation of natural resources *Exploitation of labour ** Forced labour *Exploitation colonialism *Slavery ** Sexual slavery and other forms *Oppression *Psychological manipulation In arts and entertainment *Exploi ...
techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot. A honeypot can also direct an attacker's attention away from legitimate servers. A honeypot encourages attackers to spend their time and energy on the decoy server while distracting their attention from the data on the real server. Similar to a honeypot, a
honeynet In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site ...
is a network set up with intentional vulnerabilities. Its purpose is also to invite attacks so that the attacker's methods can be studied and that information can be used to increase network security. A honeynet typically contains one or more honeypots.


Security management

Security management for networks is different for all kinds of situations. A home or small office may only require basic security while large businesses may require high-maintenance and advanced software and hardware to prevent malicious attacks from hacking and
spamming Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose (especial ...
. In order to minimize susceptibility to malicious attacks from external threats to the network, corporations often employ tools which carry ou
network security verifications


Types of attack

Networks are subject to attacks from malicious sources. Attacks can be from two categories: "Passive" when a network intruder intercepts data traveling through the network, and "Active" in which an intruder initiates commands to disrupt the network's normal operation or to conduct reconnaissance and lateral movements to find and gain access to assets available via the network. Types of attacks include: * Passive ** Network ***
Wiretapping Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitorin ...
*** Passive Port scanner ***
Idle scan The idle scan is a TCP port scan method that consists of sending spoofed packets to a computer to find out what services are available. This is accomplished by impersonating another computer whose network traffic is very slow or nonexistent ...
***
Encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
***
Traffic analysis Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, it can be performed even when the messages are encrypted. In general, the greater the number of messages observed ...
* Active: ** Virus **
Eavesdropping Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Etymology The verb ''eavesdrop'' is a back-formation from the noun ''eaves ...
** Data modification


See also


References


Further reading


''Case Study: Network Clarity''
, SC Magazine 2014 *Cisco. (2011). What is network security?. Retrieved fro



(''The Froehlich/Kent Encyclopedia of Telecommunications vol. 15''. Marcel Dekker, New York, 1997, pp. 231–255.) *
Introduction to Network Security
'', Matt Curtin, 1997. * ''Security Monitoring with Cisco Security MARS'', Gary Halleen/Greg Kellogg, Cisco Press, Jul. 6, 2007. * ''Self-Defending Networks: The Next Generation of Network Security'', Duane DeCapite, Cisco Press, Sep. 8, 2006. * ''Security Threat Mitigation and Response: Understanding CS-MARS'', Dale Tesch/Greg Abelar, Cisco Press, Sep. 26, 2006. * ''Securing Your Business with Cisco ASA and PIX Firewalls'', Greg Abelar, Cisco Press, May 27, 2005. * ''Deploying Zone-Based Firewalls'', Ivan Pepelnjak, Cisco Press, Oct. 5, 2006. * ''Network Security: PRIVATE Communication in a PUBLIC World'', Charlie Kaufman , Radia Perlman , Mike Speciner, Prentice-Hall, 2002. * ''Network Infrastructure Security'', Angus Wong and Alan Yeung, Springer, 2009. {{isbn, 978-1-4419-0165-1