Network security
Encyclopedia
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator
to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network
and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.
the user, commonly with a username and a password. Since this requires just one detail authenticating the user name —i.e. the password, which is something the user 'knows'— this is sometimes termed one-factor authentication. With two-factor authentication
, something the user 'has' is also used (e.g. a security token
or 'dongle', an ATM card
, or a mobile phone
); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint
or retinal scan
).
Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worm
s or Trojan
s being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware
. An anomaly-based intrusion detection system
may also monitor the network and traffic
for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high-level analysis.
Communication between two hosts using a network may be encrypted to maintain privacy
.
Honeypots
, essentially decoy
network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation
techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot.
and spamming.
from malicious sources. Attacks
can be from two categories "Passive" when a network intruder intercepts data traveling through the network, and "Active" in which an intruder initiates commands to disrupt the networks normal operation.
Types of attacks include:
Network administrator
A network administrator, network analyst or network engineer is a person responsible for the maintenance of computer hardware and software that comprises a computer network...
to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.
Network security concepts
Network security starts with authenticatingAuthentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
the user, commonly with a username and a password. Since this requires just one detail authenticating the user name —i.e. the password, which is something the user 'knows'— this is sometimes termed one-factor authentication. With two-factor authentication
Two-factor authentication
Two-factor authentication is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi-factor authentication, which is a defense in depth approach to security...
, something the user 'has' is also used (e.g. a security token
Security token
A security token may be a physical device that an authorized user of computer services is given to ease authentication...
or 'dongle', an ATM card
ATM card
An ATM card is a card issued by a bank, credit union or building society that can be used at an ATM for deposits, withdrawals, account information, and other types of transactions, often through interbank networks.Some ATM cards can also be used:* at a branch, as identification for in-person...
, or a mobile phone
Mobile phone
A mobile phone is a device which can make and receive telephone calls over a radio link whilst moving around a wide geographic area. It does so by connecting to a cellular network provided by a mobile network operator...
); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint
Fingerprint
A fingerprint in its narrow sense is an impression left by the friction ridges of a human finger. In a wider use of the term, fingerprints are the traces of an impression from the friction ridges of any part of a human hand. A print from the foot can also leave an impression of friction ridges...
or retinal scan
Retinal scan
A retinal scan is a biometric technique that uses the unique patterns on a person's retina to identify them. It is not to be confused with another ocular-based technology, iris recognition.-Introduction:...
).
Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
s or Trojan
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
s being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
. An anomaly-based intrusion detection system
Anomaly-based intrusion detection system
An Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and will detect any type of...
may also monitor the network and traffic
Deep packet inspection
Deep Packet Inspection is a form of computer network packet filtering that examines the data part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can...
for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high-level analysis.
Communication between two hosts using a network may be encrypted to maintain privacy
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
.
Honeypots
Honeypot (computing)
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems...
, essentially decoy
Decoy
A decoy is usually a person, device or event meant as a distraction, to conceal what an individual or a group might be looking for. Decoys have been used for centuries most notably in game hunting, but also in wartime and in the committing or resolving of crimes.-Duck decoy:The term duck decoy may...
network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot.
Security management
Security management for networks is different for all kinds of situations. A home or small office may only require basic security while large businesses may require high-maintenance and advanced software and hardware to prevent malicious attacks from hackingHacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
and spamming.
Homes & Small Businesses
- A basic firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
or a unified threat managementUnified threat managementUnified Threat Management is a comprehensive solution that has recently emerged in the network security industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations...
system. - For Windows users, basic Antivirus softwareAntivirus softwareAntivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
. An anti-spyware program would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered. - When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES encryption.
- If using Wireless: Change the default SSID network name, also disable SSID Broadcast; as this function is unnecessary for home use. (However, many security experts consider this to be relatively useless).
- Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router.
- Assign STATIC IP addresses to network devices.
- Disable ICMP ping on router.
- Review router or firewall logs to help identify abnormal network connections or traffic to the Internet.
- Use passwords for all accounts.
- For Windows users, Have multiple accounts per family member and use non-administrative accounts for day-to-day activities.
- Disable the guest account
- Raise awareness about information security to children.
Medium businesses
- A fairly strong firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
or Unified Threat ManagementUnified threat managementUnified Threat Management is a comprehensive solution that has recently emerged in the network security industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations...
System - Strong Antivirus softwareAntivirus softwareAntivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
and Internet Security Software. - For authenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
, use strong passwords and change it on a bi-weekly/monthly basis. - When using a wireless connection, use a robust password.
- Raise awareness about physical securityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
to employees. - Use an optional network analyzer or network monitor.
- An enlightened administrator or manager.
- Use a VPN, or Virtual Private Network, to communicate between a main office and satellite offices using the Internet as a connectivity medium. A VPN offers a solution to the expense of leasing a data line while providing a secure network for the offices to communicate. A VPN provides the business with a way to communicate between two in a way mimics a private leased line. Although the Internet is used, it is private because the link is encrypted and convenient to use. A medium sized business needing a secure way to connect several offices will find this a good choice.
- Clear employee guidelines should be implemented for using the Internet, including access to non-work related websites, sending and receiving information.
- Individual accounts to log on and access company intranet and Internet with monitoring for accountability.
- Have a back-up policy to recover data in the event of a hardware failure or a security breach that changes, damages or deletes data.
- Assign several employees to monitor a group like CERTCertCert or CERT may refer to:* Certificate, an official document* Certiorari, a Latin legal term for a court order requiring judicial review of a case...
which studies Internet security vulnerabilities and develops training to help improve security.
Large businesses
- A strong firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
and proxyProxy serverIn computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
to keep unwanted people out. - A strong Antivirus softwareAntivirus softwareAntivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
package and Internet Security Software package. - For authenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
, use strong passwords and change it on a weekly/bi-weekly basis. - When using a wireless connection, use a robust password.
- Exercise physical securityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
precautions to employees. - Prepare a network analyzerNetwork analyzer (electrical)A network analyzer is an instrument that measures the network parameters of electrical networks. Today, network analyzers commonly measure s–parameters because reflection and transmission of electrical networks are easy to measure at high frequencies, but there are other network parameter...
or network monitor and use it when needed. - Implement physical securityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
management like closed circuit television for entry areas and restricted zones. - Security fencing to mark the company's perimeter.
- Fire extinguishers for fire-sensitive areas like server rooms and security rooms.
- Security guards can help to maximize security.
School
- An adjustable firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
and proxyProxy serverIn computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
to allow authorized users access from the outside and inside. - Strong Antivirus softwareAntivirus softwareAntivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
and Internet Security Software packages. - Wireless connections that lead to firewallsFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
. - Children's Internet Protection ActChildren's Internet Protection ActThe Children's Internet Protection Act requires that K-12 schools and libraries in the United States use Internet filters and implement other measures to protect children from harmful online content as a condition for the receipt of certain federal funding...
compliance. (Only schools in the USA) - Supervision of network to guarantee updates and changes based on popular site usage.
- Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internetInternetThe Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
and sneakernetSneakernetSneakernet is an informal term describing the transfer of electronic information, especially computer files, by physically couriering removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another. This is usually in lieu...
sources. - An enforceable and easy to understand acceptable use policy which differentiates between school owned and personally owned devices
- FERPA compliance for institutes of higher education
Large government
- A strong firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
and proxyProxy serverIn computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
to keep unwanted people out. - Strong antivirus softwareAntivirus softwareAntivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
and Internet Security Software suites. - Strong encryptionEncryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
. - Whitelist authorized wireless connection, block all else.
- All network hardware is in secure zones.
- All hostsHost (network)A network host is a computer connected to a computer network. A network host may offer information resources, services, and applications to users or other nodes on the network. A network host is a network node that is assigned a network layer host address....
should be on a private networkPrivate networkIn the Internet addressing architecture, a private network is a network that uses private IP address space, following the standards set by RFC 1918 and RFC 4193. These addresses are commonly used for home, office, and enterprise local area networks , when globally routable addresses are not...
that is invisible from the outside. - Host web servers in a DMZDemilitarized zone (computing)In computer security, a DMZ is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet...
, or a firewall from the outside and from the inside. - Security fencing to mark perimeter and set wireless range to this.
- Inventory controls of government owned mobile .
Types of Attacks
Networks are subject to attacksAttack (computer)
In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
from malicious sources. Attacks
Attack (computer)
In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
can be from two categories "Passive" when a network intruder intercepts data traveling through the network, and "Active" in which an intruder initiates commands to disrupt the networks normal operation.
Types of attacks include:
- Passive
- Network
- wiretappingTelephone tappingTelephone tapping is the monitoring of telephone and Internet conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on the telephone line...
- Port scannerPort scannerA port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.A port scan or portscan is "An attack...
- Idle scanIdle scanThe idle scan is a TCP port scan method that consists of sending spoofed packets to a computer to find out what services are available. This is accomplished by impersonating another computer called a "zombie" and observing the behavior of the zombie system.This action can be done through common...
- wiretapping
- Network
- Active
- Denial-of-service attackDenial-of-service attackA denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
- SpoofingSpoofing attackIn the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...
- Man in the middleMan-in-the-middle attackIn cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
- ARP poisoning
- Smurf attackSmurf attackThe Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages....
- Buffer overflowBuffer overflowIn computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
- Heap overflowHeap overflowA heap overflow is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data...
- Format string attackFormat string attackUncontrolled format string is a type of software vulnerability, discovered around 1999, that can be used in security exploits. Previously thought harmless, format string exploits can be used to crash a program or to execute harmful code...
- Denial-of-service attack
See also
- Cloud computing securityCloud computing securityCloud computing security is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing...
- CrimewareCrimewareCrimeware is a class of malware designed specifically to automate cybercrime. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs...
- Cyber security standardsCyber security standardsCyber security standards are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. These guides provide general outlines as well as specific techniques for implementing cyber security. For certain specific...
- Data Loss Prevention
- GreynetGreynetWithin the context of corporate and organizational networks, a greynet is an elusive networked computer application that is downloaded and installed on end user systems without express permission from network administrators and often without awareness or cognition that it is deeply embedded in the...
- Information Leak Prevention
- Metasploit ProjectMetasploit ProjectThe Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
- NetsentronNetsentronNetSentron is a network security appliance designed and sold by Kobelt Development Inc. , a Surrey, British Columbia-based IT services company. The NetSentron appliance is a firewall, Website content filter, and Virtual Private Network/remote access device—often referred to as a unified threat...
- Network Security ToolkitNetwork Security ToolkitThe Network Security Toolkit is a Linux-based Live CD that provides a set of open source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks. The distribution can be used as a network security analysis, validation and monitoring tool on...
- TCP Gender ChangerTCP Gender ChangerTCP Gender Changer refers to a method of making an internal TCP/IP based network server accessible beyond their protective firewall.-How it works:...
- TCP sequence prediction attackTCP Sequence Prediction AttackA TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection, which can be used to counterfeit packets.The attacker hopes to correctly guess the sequence number to be used by the sending host...
- Timeline of hacker historyTimeline of hacker historytimeline of computer security hacker history. Hacking and system cracking appeared with the first electronic computers. Below are some important events in the history of hacking and cracking.-1932:...
- Wireless LAN Security
Further reading
- Cisco. (2011). What is network security?. Retrieved from cisco.com
- pcmag.com
- Security of the Internet (The Froehlich/Kent Encyclopedia of Telecommunications vol. 15. Marcel Dekker, New York, 1997, pp. 231-255.)
- Introduction to Network Security, Matt Curtin.
- Security Monitoring with Cisco Security MARS, Gary Halleen/Greg Kellogg, Cisco Press, Jul. 6, 2007.
- Self-Defending Networks: The Next Generation of Network Security, Duane DeCapite, Cisco Press, Sep. 8, 2006.
- Security Threat Mitigation and Response: Understanding CS-MARS, Dale Tesch/Greg Abelar, Cisco Press, Sep. 26, 2006.
- Securing Your Business with Cisco ASA and PIX Firewalls, Greg Abelar, Cisco Press, May 27, 2005.
- Deploying Zone-Based Firewalls, Ivan Pepelnjak, Cisco Press, Oct. 5, 2006.
- Network Security: PRIVATE Communication in a PUBLIC World, Charlie Kaufman | Radia Perlman | Mike Speciner, Prentice-Hall, 2002. ISBN .
- Network Infrastructure Security, Angus Wong and Alan Yeung, Springer, 2009.
External links
- Cyber Security Network
- Definition of Network Security
- Cisco IT Case Studies about Security and VPN
- Definition of Network Security
- Debate: The data or the source - which is the real threat to network security? - Video
- OpenLearn - Network Security