Network Security
The terms network security and information security are often used interchangeably. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers). Information security, however, explicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of Data Loss Prevention (DLP) techniques. One of these techniques is to compartmentalize large networks with internal boundaries.
Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one Factor Authentication.
Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.[ Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software help detect and delete such malware.
Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most effective set of tools to combat them.
Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.
A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.
Network security components often include:
• Anti-virus and Anti-Spyware
• Firewall, to block unauthorized access to your network
• Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks
• Virtual Private Networks (VPNs), to provide secure remote access
Firewall
Basically, a firewall is a barrier to keep destructive forces away from your property. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next, that's why its called a firewall.
A firewall is a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewalls use one or more methods to control traffic flowing in and out of the network:
• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
Firewall Configuration
Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
• IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
• Domain Names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names.
• Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:
o IP (Internet Protocol) - the main delivery system for information over the Internet
o TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
o HTTP (Hyper Text Transfer Protocol) - used for Web pages
o FTP (File Transfer Protocol) - used to download and upload files
o UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
o ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
o SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
o SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
o Telnet - used to perform commands on a remote computer
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
• Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.
Intrusion prevention system
Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of ‘’’intrusion prevention systems’’’ are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.
Classifications
Intrusion Prevention Systems can be classified into four different types:
Network-based Intrusion Prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless Intrusion Prevention Systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DdoS) attacks, certain forms of malware, and policy violations.
Host-based Intrusion Prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analysing events occurring within that host.
Detection Methods
The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.
Signature-based Detection: This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action..
Statistical Anomaly-based Detection: This method of detection baselines performance of average network traffic conditions. After a baseline is created, the system intermittently samples network traffic, using statistical analysis to compare the sample to the set baseline. If the activity is outside the baseline parameters, the intrusion prevention system takes the appropriate action.
Stateful Protocol Analysis Detection: This method indentifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of begin activity.”
Virtual Private Networks (VPNs)
Traditionally, for an organization to provide connectivity between a main office and a satellite one, an expensive data line had to be leased in order to provide direct connectivity between the two offices. Now, a solution that is often more economical is to provide both offices connectivity to the Internet. Then, using the Internet as the medium, the two offices can communicate.
The danger in doing this, of course, is that there is no privacy on this channel, and it's difficult to provide the other office access to ``internal'' resources without providing those resources to everyone on the Internet.
VPNs provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private (because the link is encrypted), and the link is convenient, because each can see each others' internal resources without showing them off to the entire world.
No comments:
Post a Comment