In the field of networking, the area of network security
[1] consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources Contents 1 !he first step to information security " Network security concepts # $ecurity management o #1 $mall homes o #" %edium businesses o ## &arge businesses o #' $chool o #( &arge government The first step to information security !he term network security and information security are often used interchangeably Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders )hackers* Information security, however, e+plicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of data loss prevention ),&-* techni.ues /ne of these techni.ues is to compartmentalize large networks with internal boundaries Network security concepts Network security starts from authenticating the user, commonly with a username and a password $ince this re.uires 0ust one thing besides the user name, ie the password which is something you 1know1, this is sometimes termed one factor authentication 2ith two factor authentication something you 1have1 is also used )eg a security token or 1dongle1, an 3!% card, or your mobile phone*, or with three factor authentication something you 1are1 is also used )eg a fingerprint or retinal scan* /nce authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users ["] !hough effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or !ro0ans being transmitted over the network 3nti-virus software or an intrusion prevention system )I-$* [#] help detect and inhibit the action of such malware 3n anomaly-based intrusion detection system may also monitor the network and traffic for une+pected )ie suspicious* content or behavior and other anomalies to protect resources, eg from denial of service attacks or an employee accessing files at strange times Individual events occurring on the network may be logged for audit purposes and for later high level analysis 4ommunication between two hosts using a network could be encrypted to maintain privacy Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools as the honeypot will not normally be accessed !echni.ues used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new e+ploitation techni.ues $uch analysis could be used to further tighten security of the actual network being protected by the honeypot ['] Security management $ecurity %anagement for networks is different for all kinds of situations 3 small home or an office would only re.uire basic security while large businesses will re.uire high maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming Small homes 3 basic firewall or a unified threat management system 5or 2indows users, basic 3ntivirus software 3n anti-spyware program would also be a good idea !here are many other types of antivirus or anti-spyware programs out there to be considered 2hen using a wireless connection, use a robust password 3lso try to use the strongest security supported by your wireless devices, such as 2-3" with 36$ encryption If using 2ireless7 4hange the default $$I, network name, also disable $$I, 8roadcast9 as this function is unnecessary for home use ):owever, many security e+perts consider this to be relatively useless http7;;blogszdnetcom;/u;inde+php<p='# * 6nable %34 3ddress filtering to keep track of all home network %34 devices connecting to your router 3ssign $!3!I4 I- addresses to network devices ,isable I4%- ping on router >eview router or firewall logs to help identify abnormal network connections or traffic to the Internet ?se passwords for all accounts :ave multiple accounts per family member, using non-administrative accounts for day-to-day activities ,isable the guest account )4ontrol -anel@ 3dministrative !ools@ 4omputer %anagement@ ?sers* >aise awareness about information security to children [(]
Medium businesses 3 fairly strong firewall or ?nified !hreat %anagement $ystem $trong 3ntivirus software and Internet $ecurity $oftware 5or authentication, use strong passwords and change it on a bi-weekly;monthly basis 2hen using a wireless connection, use a robust password >aise awareness about physical security to employees ?se an optional network analyzer or network monitor 3n enlightened administrator or manager Large businesses 3 strong firewall and pro+y to keep unwanted people out 3 strong 3ntivirus software package and Internet $ecurity $oftware package 5or authentication, use strong passwords and change it on a weekly;bi-weekly basis 2hen using a wireless connection, use a robust password 6+ercise physical security precautions to employees -repare a network analyzer or network monitor and use it when needed Implement physical security management like closed circuit television for entry areas and restricted zones $ecurity fencing to mark the company1s perimeter 5ire e+tinguishers for fire-sensitive areas like server rooms and security rooms $ecurity guards can help to ma+imize security School 3n ad0ustable firewall and pro+y to allow authorized users access from the outside and inside $trong 3ntivirus software and Internet $ecurity $oftware packages 2ireless connections that lead to firewalls 4hildren1s Internet -rotection 3ct compliance $upervision of network to guarantee updates and changes based on popular site usage 4onstant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneakernet sources Large government 3 strong firewall and pro+y to keep unwanted people out $trong antivirus software and Internet $ecurity $oftware suites $trong encryption 2hitelist authorized wireless connection, block all else 3ll network hardware is in secure zones 3ll host should be on a private network that is invisible from the outside -ut web servers in a ,%A, or a firewall from the outside and from the inside $ecurity fencing to mark perimeter and set wireless range to this