Network security

In the field of networking, the area of network security

[1]
consists of the provisions and
policies adopted by the network administrator to prevent and monitor unauthorized
access, misuse, modification, or denial of the computer network and network-accessible
resources
Contents
1 !he first step to information security
" Network security concepts
# $ecurity management
o #1 $mall homes
o #" %edium businesses
o ## &arge businesses
o #' $chool
o #( &arge government
The first step to information security
!he term network security and information security are often used interchangeably
Network security is generally taken as providing protection at the boundaries of an
organization by keeping out intruders )hackers* Information security, however, e+plicitly
focuses on protecting data resources from malware attack or simple mistakes by people
within an organization by use of data loss prevention ),&-* techni.ues /ne of these
techni.ues is to compartmentalize large networks with internal boundaries
Network security concepts
Network security starts from authenticating the user, commonly with a username and a
password $ince this re.uires 0ust one thing besides the user name, ie the password
which is something you 1know1, this is sometimes termed one factor authentication 2ith
two factor authentication something you 1have1 is also used )eg a security token or
1dongle1, an 3!% card, or your mobile phone*, or with three factor authentication
something you 1are1 is also used )eg a fingerprint or retinal scan*
/nce authenticated, a firewall enforces access policies such as what services are allowed
to be accessed by the network users
["]
!hough effective to prevent unauthorized access,
this component may fail to check potentially harmful content such as computer worms or
!ro0ans being transmitted over the network 3nti-virus software or an intrusion
prevention system )I-$*
[#]
help detect and inhibit the action of such malware 3n
anomaly-based intrusion detection system may also monitor the network and traffic for
une+pected )ie suspicious* content or behavior and other anomalies to protect resources,
eg from denial of service attacks or an employee accessing files at strange times
Individual events occurring on the network may be logged for audit purposes and for later
high level analysis
4ommunication between two hosts using a network could be encrypted to maintain
privacy
Honeypots, essentially decoy network-accessible resources, could be deployed in a
network as surveillance and early-warning tools as the honeypot will not normally be
accessed !echni.ues used by the attackers that attempt to compromise these decoy
resources are studied during and after an attack to keep an eye on new e+ploitation
techni.ues $uch analysis could be used to further tighten security of the actual network
being protected by the honeypot
[']
Security management
$ecurity %anagement for networks is different for all kinds of situations 3 small home
or an office would only re.uire basic security while large businesses will re.uire high
maintenance and advanced software and hardware to prevent malicious attacks from
hacking and spamming
Small homes
3 basic firewall or a unified threat management system
5or 2indows users, basic 3ntivirus software 3n anti-spyware program would
also be a good idea !here are many other types of antivirus or anti-spyware
programs out there to be considered
2hen using a wireless connection, use a robust password 3lso try to use the
strongest security supported by your wireless devices, such as 2-3" with 36$
encryption
If using 2ireless7 4hange the default $$I, network name, also disable $$I,
8roadcast9 as this function is unnecessary for home use ):owever, many security
e+perts consider this to be relatively useless
http7;;blogszdnetcom;/u;inde+php<p='# *
6nable %34 3ddress filtering to keep track of all home network %34 devices
connecting to your router
3ssign $!3!I4 I- addresses to network devices
,isable I4%- ping on router
>eview router or firewall logs to help identify abnormal network connections or
traffic to the Internet
?se passwords for all accounts
:ave multiple accounts per family member, using non-administrative accounts for
day-to-day activities ,isable the guest account )4ontrol -anel@ 3dministrative
!ools@ 4omputer %anagement@ ?sers*
>aise awareness about information security to children
[(]

Medium businesses
3 fairly strong firewall or ?nified !hreat %anagement $ystem
$trong 3ntivirus software and Internet $ecurity $oftware
5or authentication, use strong passwords and change it on a bi-weekly;monthly
basis
2hen using a wireless connection, use a robust password
>aise awareness about physical security to employees
?se an optional network analyzer or network monitor
3n enlightened administrator or manager
Large businesses
3 strong firewall and pro+y to keep unwanted people out
3 strong 3ntivirus software package and Internet $ecurity $oftware package
5or authentication, use strong passwords and change it on a weekly;bi-weekly
basis
2hen using a wireless connection, use a robust password
6+ercise physical security precautions to employees
-repare a network analyzer or network monitor and use it when needed
Implement physical security management like closed circuit television for entry
areas and restricted zones
$ecurity fencing to mark the company1s perimeter
5ire e+tinguishers for fire-sensitive areas like server rooms and security rooms
$ecurity guards can help to ma+imize security
School
3n ad0ustable firewall and pro+y to allow authorized users access from the
outside and inside
$trong 3ntivirus software and Internet $ecurity $oftware packages
2ireless connections that lead to firewalls
4hildren1s Internet -rotection 3ct compliance
$upervision of network to guarantee updates and changes based on popular site
usage
4onstant supervision by teachers, librarians, and administrators to guarantee
protection against attacks by both internet and sneakernet sources
Large government
3 strong firewall and pro+y to keep unwanted people out
$trong antivirus software and Internet $ecurity $oftware suites
$trong encryption
2hitelist authorized wireless connection, block all else
3ll network hardware is in secure zones
3ll host should be on a private network that is invisible from the outside
-ut web servers in a ,%A, or a firewall from the outside and from the inside
$ecurity fencing to mark perimeter and set wireless range to this