Network Security

Computer network security ensures the integrity of data stored on a network and restricts who has access to it. The necessity to offer service to users and the need to regulate access to information are balanced by network security policies. A network has numerous entry points including hardware and software, and the devices that connect to the network, like PCs, cellphones, and tablets. With these points of access, network security demands the deployment of many defense measures.

Another layer of protection is provided by processes for authenticating users using user IDs and passwords. Isolating network data makes it more difficult to obtain private/personal information than less vital data. Other network security methods include assuring frequent hardware and software upgrades and patches, educating network users about their participation in security operations, and remaining vigilant against external risks perpetrated by hackers and other hostile actors.

Discussion

• Why do we need network security?

With the growth of social networks and e-commerce applications, data transmission is an important undertaking. This is because device to device communication requires a network interface, which is insecure due to the several types of tools and software available to destroy the existing network. A security vulnerability happens during data transit from one node to another in the sphere of network security. And, this is one of the most important difficulties in this field. This network security is justified by the fact that numerous types of data attacks occur on a daily basis. Setting up a new network is straightforward, but protecting the entire network is a major concern.

Communication is the most important aspect of network security, followed by data automation. The problem of network security is closely linked to the concept of data encryption. Due to the advancement of network security, we have gone back to thumb prints instead of signatures. For example, we use a finger print-based lock system, to keep the data secure. Although this technology helps to avoid physical data theft, logical data theft is still a concern in case of data transfer.

• How does network security work?

When it comes to network security in an organisation, there are numerous layers to consider. Attacks can occur at any layer of the network security layers model, so your network security hardware, software, and rules must be built to cover all of them. Three separate controls are usually used to secure a network:

• Physical-Level Network Security: Unauthorized staff gaining physical access to network components such as routers, cabling cabinets, and so on is prevented by physical security mechanisms. In any organisation, controlled access, such as locks, biometric authentication, and other devices, is critical.
• Technical-Level Network Security: Data that is stored on the network or that is in transit across, into, or out of the network is protected by technical security mechanisms. It is necessary to secure data and systems from unauthorised personnel as well as malicious activity by staff.
• Administration-Level Network Security: Security rules and processes that manage user behaviour are referred to as administrative security controls. This includes how users are verified, their level of access, and how IT staff members apply changes to the infrastructure,
• What can network security provide protection against?

Virus is a harmful, downloaded file that can remain inactive and reproduce itself by modifying the code of other computer programmes. Once infected, the files can travel from one machine to another, corrupting/ destroying network data in the process.

Worms can slow down computer networks by consuming bandwidth and decreasing the computer's ability to handle data.

Trojan is a backdoor programme that allows attackers to gain a computer system's access by imitating an original programme but rapidly revealing itself to be dangerous. It can erase files, trigger additional malware, such as a virus, that is concealed on your computer network, and steal valuable data.

Spyware is a computer virus that collects information about a person/ organization without their knowledge and may communicate that information to a third party without their agreement.

Adware can reroute your search requests to advertising websites while also collecting marketing data about you. This is to present tailored advertisements based on your search and purchasing history.

Ransomware is a type of trojan cyberware that encrypts data and blocks access to the user's system This is to steal money from the person/ organization whose computer it is installed on.

• What are types of network security?

Email gateways are the most common source of security breaches. To prevent the loss of critical data, an email security solution stops incoming threats and regulates outbound messages.

Malware infects a network and then remains inactive for days or even weeks. Antimalware systems scan for malware upon arrival, and track files later to look for anomalies, delete malware, and repair damage.

Wireless networks are insecure as compared to conventional networks. Hence, devices created for wireless network security to prevent an exploit from taking hold are needed.

A web security solution will restrict your employees' access to the internet, block web-based dangers, and prevent them from visiting hazardous websites.

A virtual private network (VPN) encrypts the connection between an endpoint and a network, usually over the Internet, in order to authenticate communication between the device and the network.

An intrusion prevention system (IPS) monitors network traffic in order to detect and prevent assaults.

Organizations must ensure that sensitive data is not sent outside the network by their employees. Data loss prevention (DLP) technology can prohibit users from sending, transmitting, or even printing sensitive data in an unsafe way.

• What are the most important network security tools?

A firewall creates a barrier between a network's trusted and suspicious parts. Also, it uses IP subnets to execute access control and macro-segmentation. It may also perform micro-segmentation, which is more granular segmentation.

A load balancer is a device that distributes traffic based on metrics. It can go beyond standard load balancing to provide the ability to absorb certain attacks, like a volumetric DDoS attack, by incorporating specific mitigation strategies.

The conventional IDS/IPS installed behind a firewall performs protocol analysis and signature matching on different portions of a data packet, for protection against well-known attacks like SQL injection. Protocol analysis is a check for conformance to the protocol's publicly published specification.

A sandbox is similar to an IDS/IPS, however it does not use signatures. It can simulate an end-system environment and detect whether malware objects are attempting to do port scans, for instance.

NTA/NDR examines traffic/ traffic records and evaluates irregularities using machine learning algorithms and statistical methodologies to identify if a danger exists. It attempts to establish a baseline first. It detects irregularities like traffic surges or intermittent communication after establishing a baseline.

• What is network security monitoring and is there any real-time application for it?

The term Network Security Monitoring (NSM) refers to the process of detecting security incidents by monitoring network activities. Given the increasing sophistication of cyberwarfare, an NSM system is critical for the security of today's networks. The NSM cycle can be described by four stages: 1) Monitoring, 2) Detection, 3) Forensics/Diagnosis, and 4) Response/Recovery. Its purpose is to monitor the state of a given network to detect abnormal events and, when detected, to manage them in a timely manner.

Poor firewall configuration and monitoring continue to plague networked systems. VisualFirewall aims to help with firewall configuration and network monitoring by displaying four simultaneous views with varied degrees of information and time-scales, as well as appropriately depicting firewall responses to individual packets. Real-time traffic, visual signature, statistics, and IDS alarm are the four implemented views that provide the levels of detail and temporality that system administrators require to adequately monitor their systems in a passive or active way.

• What is the role of IDS in network security?

A critical issue for all of the networks is ensuring security, and several academics have proposed various solutions such as firewalls, cryptography, and restricting network access, to address this issue. They have one major flaw: they are unable to detect intrusions and attacks within the network.

Intrusion detection systems can detect both internal and external attacks. They monitor inbound network traffic for any unusual activity/ abuse by users. With early identification of intrusions, IDS plays a vital role in mitigating the harm caused by these intruders to the network structure/ the data shared across this network.

IDS is capable of detecting intrusions in two ways:

(a) Data from the history of operations and transactions carried out by authorised users and hackers in the networks is used to establish patterns for normal and deviant behaviour to distinguish unauthorised users from authorised users by matching these patterns/ signatures with the patterns of activity of existing users.

(b) IDS can identify hackers who use new tactics to breach the system by utilizing machine learning to classify users based on their network behaviour, traffic amount generated and content downloaded.

• What is a WSN and what is its relevance in network security?

A WSN is a massive network of resource-constrained sensor nodes that perform numerous pre-programmed roles, such as sensing and processing, to achieve various application goals. The sensor nodes and base stations are the most important components of a WSN. In fact, they might be thought of as the network's "sensing cells" and "brain," respectively.

Along with the development of numerous security-sensitive applications in various industries utilizing WSNs, wireless sensor networks (WSNs) security is of critical relevance. WSNs have a number of additional vulnerabilities compared to traditional wireless and wired networks, including changeable network topology, the broadcast nature of the medium, resource restricted nodes, massive network scale, and a lack of physical infrastructure. Because of the open communication environment, WSNs are more vulnerable to a variety of attacks than wired communications, including passive eavesdropping operations that result in intercepted transmissions and active jamming attacks that result in transmission disruption. These additional flaws enable the attacker to carry out more serious and complex attacks.

• Describe BYOD Security.

Bring Your Own Device (BYOD) refers to a group of linked technologies, concepts, and business practises where employees use their own mobile devices, such as smartphones, laptop computers, and tablet PCs, to access company IT resources, including databases and apps. With the introduction of a new IT environment, such as BYOD and smart-work, operational convenience has improved, but also adds to security dangers. There are many security solutions, including NAC (Network Access Control) and MDM (Mobile Device Management) tools, to counteract those dangers.

Network Method approach or network access control technology, focuses on managing and controlling access to business networks (NAC). It manages the devices that connect to the corporate network and offers a wide range of devices from various locations secure and restricted network access. Some network BYOD solutions, such as those from Cisco Networks and Meru Networks, provide BYOD management guidance.

There are two aspects to BYOD security:

• Safeguarding corporate assets (networks, corporate data, applications, etc.) from any cybersecurity threats coming from BYOD devices used by employees.
• Security measures taken by BYOD endpoints themselves to protect themselves from malware infections, phishing scams, and other security risks that could compromise sensitive data and spread laterally.
• What are cloud vulnerabilities and some countermeasures?

Vulnerabilities:

• Increased resource leverage provides attackers with a single point of attack, which can cause crucial damage.
• Data breaches are highly likely to be intentional, malicious, or accidental.
• Losing access to a privileged account could result in service interruptions.
• Numerous IP flaws, including IP spoofing, ARP spoofing, and DNS poisoning, pose serious risks.
• Certain cloud computing characteristics, such as the usage of the trial period of use to conduct zombie or DDoS attacks, can be utilised for malicious offensive purposes.
• A malicious insider at the cloud provider has the potential to harm numerous customers severely.

Countermeasures:

• Encrypted data cannot be read by the firewall or IDS, so end-to-end data encryption and screening for malicious activity are essential.
• Validation of cloud consumers is necessary to stop malicious attacks from taking advantage of key cloud functionalities.
• APIs provide secure interfaces for management, orchestration, and automation.
• Any vulnerability must be mitigated, according to the cloud provider.
• To prevent insider attacks, cloud providers should exercise caution when hiring employees and contractors and strengthen internal security measures.
• The cloud provider has safe shared resources, including a hypervisor, orchestration software, and monitoring tools, under a shared/multi-tenancy architecture.

Milestones

1971

The first computer worm is generated, with the words "I am the Creeper: catch me if you can" displayed on the screen.

1972

For the United States Air Force, James P. Anderson writes a Computer Security Technology Planning Study. This is split into two parts. The Anderson Report is the name given to this report.

1973

Multics is a timesharing operating system that began as a research project at MIT in 1965. Researchers at MIT investigate the security concerns of Multics running on a Honeywell 6180 computer system in the summer of 1973. They come up with security design principles that are broad in scope. With thanks to J. Anderson, they divide these into three categories: unauthorised release, unauthorised modification, and unauthorised denial.

1982

The first virus, 'Elk Cloner,' is created by a high school student that infects the Apple II operating system.

1986

The United States passes the first Fraud and Abuse Act, which establishes federal computer offences and punishments.

1988

Robert Morris designs a self-propagating virus, and distributes the denial-of-service (DDoS) assault that causes up to $10 million in damage to the early internet. 1990 The Computer Misuse Act is passed in the United Kingdom, making unauthorised efforts to access computer systems illegal. 1999 The Melissa virus attacks users via Microsoft Outlook in 1999, inflicting an estimated$1.2 billion in losses.

2001

The National Institute of Standards and Technology (NIST) releases Underlying Technical Models for Information Technology Security. Availability, Integrity, Confidentiality, Accountability, and Assurance are the five security objectives identified. It emphasises the interdependence of these elements. If confidentiality is broken (for example, a superuser password), integrity is likely to be compromised as well.

2002

Donn B. Parker adds three new items to the CIA Triad: authenticity, possession or control, and utility. It's also essential to grasp these six principles in pairs, according to Parker: confidentiality and possession, integrity and authenticity, and availability and utility. Parkerian Hexad is the name given to these six principles over time. Five DNS root servers were knocked out by a DDoS attack. It was the first time someone tried to shut down the internet.

Author
No. of Edits
No. of Chats
DevCoins
6
2
1732
5
8
587
2409
Words
0
Likes
317
Hits

Cite As

Devopedia. 2023. "Network Security." Version 11, January 17. Accessed 2023-01-17. https://devopedia.org/network-security
Contributed by
2 authors

Last updated on
2023-01-17 03:51:26

Improve this article

Article Warnings

• Readability score of this article is below 60 (36.6). Use shorter sentences. Use simpler words.
• Site Map