¶ … networking and TCP/IP and internetworking. Also discussed are risk management, network threats, firewalls, and also more special purpose network devices. The paper will provide a better insight on the general aspects of security and also get a better understanding of how to be able to reduce and manage risk personally at the workplace and at home.
In today's world, the Computer has become a common feature in any organization anywhere in the world. This may be due to the fact that a computer can be accessed by anybody who knows how to handle it and also because it can store a lot of information both confidential and general. A computer is connected through a physical network that allows a person or many persons to share any information necessary. (Conceptual Overview of Network Security) Though network security in Information Technology is an issue that has been discussed endlessly, implementation has definitely taken a back seat in this part of the world. There is a lot of discussion on how an unauthorized stranger can access a persons emails and files; on how the management of a company has a need to keep track of employee activities through the monitoring of the network but the fact remains that there is great fear of a virus infection and not every company has done anything regarding network security for the protection of the company. The action, if any, is taken as a reaction to a threat of a virus attack, since viruses are extremely common in these parts of the world. The companies involved keep not even records of such attacks. Hackers have been known to take over persons or a company's bank accounts or even stealing database from its database server that is the sole property of the company. This proves that it is better to be prepared in the event of such an attack. (Network Security - a functional approach)
Body of the Paper
Networks among computers are generally made to share resources such as printers, folders, etc., and within an organization, networks are used for more efficient cooperation between the various departments by the use of e-mail, instant messaging, etc. A local area network can make available folders and other documents to any user on the other side, through a server. In fact, any number of users can avail a single printer; the printer can be shared from one computer on the network and users can print their work without even having to rise from their seats and walking to the computer. (Network Security - a functional approach) The fact is that though they have to get up to collect their printouts, they do not have to copy their work onto a diskette and then carry it to the printer and than get their work done. This type of extra work can easily be avoided in this day. In other words, computer networks make operations easier; communications easier, cut down on expenses and dramatically improve productivity. But all this improvement does not come without a hitch! It entails an increased security risk and the need for definitive measures to be taken to combat this risk. (Network Security - a functional approach)
However, the only problem that may arise is that the information must be accessible to the person for whom it is intended. Anyone who gains access to information from the computer can read and modify it very easily. This is where computer security is needed. Computer security prevents unauthorized persons from gaining illegal access to information that has been stored on the computer while network security protects any one from retrieving information being transmitted through the network. (Conceptual Overview of Network Security)
In the past, network security was considered as a very complicated subject that was handled only by experts in the field. But as more individuals got themselves accustomed to the using of the network, it became essential that they all have a basic knowledge of networking. A network can be defined as a set of interlinking lines that was similar to the net, like a network of roads or an interconnected system or a network of alliances. It is important that to understand the various principles of network security that we have a basic knowledge of computer networks. In the last twenty five years odd, a lot of different kinds of networks and network protocols have been made distinct, out of these the emphasis to be laid upon in this summary is that of two networks, that are both used in public networks. (Introduction to Network Security)
Any individual to connect to these networks and also they can use these networks to connect to their host computers together without actually connecting to the public network system. These different types of network providers use different methods to provide their network support. The UUCP or the Unix -to Unix Copy was first introduced to connect Unix hosts together. But since then it has also been used to connect various other architectures also like PCs, Macs, Amigas, AppleIIs, VMS hosts, and a lot of other architectures. After UCCP there have also been many other principles too that have been developed, and these entire support batch oriented systems. In this system of networking, all the processes are added on to a queue and are executed one after another at a specified time. (Introduction to Network Security)
The Internet can be considered as the world's largest network of numerous networks. The actual fact about the Internet is that when we actually try to connect to the Internet we are not really accessing the Internet but connecting to a network that is eventually connected to the Internet backbone that is a network of extremely fast network components. The Internet is actually a network of networks and not a network of hosts. A very simple and concise network can be assembled using the same protocols without actually connecting it to anything else. There are a number of networks that are actually connected on a backbone that is a network of all networks. This backbone is then connected to various other networks, out of which one of them is connected to the Internet Service Provider or the ISP that has a backbone that is in turn connected to other networks out of which one of them is the Internet backbone. The TCP/IP or the Transport Control Protocol/Internet Protocol is actually the language of the Internet. In the sense anything that can operate on the TCP/IP can work on the Internet. (Introduction to Network Security)
The actual way that the Network and the Transport layers in the ISO/OSI reference model works is that IP has a lot of important features that actually makes it a very tough and accommodating protocol. While talking about the security of IP or the lack of it, we realize that it is actually possible to attack the IP in numerous ways. Most frequently this is because of the fact that the IP does not really execute a tough mechanism for authentication. In such a network if a packet claims to have originated from a particular address there would be no proof to prove it otherwise or to make sure that what is being put forth is the truth. Though this may not counted as a back lag but at the same time it is a weakness in the model that indicates that it is essential that we bring about a high layer of authentication in the ISO/OSI model. In most application these days where such an authentication is required like in the cryptographic application this is performed in the application layer. (Introduction to Network Security) computer virus is one security risk that attacks a computer easily. A virus can disturb a network and even corrupt it beyond repair. It is amazing that people actually put in a lot of time and effort into attacking or rather, hacking, as it is called. Such people even create software or hardware for such illegal purposes. This fact emphasizes the importance of computer security that can control such activities to a certain extent. The various methods employed by these hackers are outlined as follows: some of the important networks are Ethernet 1, Wireless, and CATV. Some networks use links to broadcast by nature wherein a lot of other people can access what is being transmitted; if the link is actually point to point, the invader can still attack. This is where encryption comes in. This is a method whereby the information sent from person A to person B. could remain confidential; it is called confidentiality. (Conceptual Overview of Network Security)
But the crux of the problem is, how can person A be sure that he is, in fact, communicating with person B. A person, C, could be accessing information from A or B. pretending to be one or the other. He could communicate with A using the IP address of B. this is called IP spoofing. This means that person A and person B. have to ensure the other's authenticity before starting their communication. But this also presents another problem wherein person C. could, after accessing the messages being sent between A and B. can alter, without the persons being aware of it, the content or the sequence of these messages. This makes Internet users realize that security should encompass the authenticity and the integrity of the messages sent by the users of the Internet. A proper authenticity service should provide such security to its users. (Conceptual Overview of Network Security)
All over the world individuals, businesses and governments seem to be communicating with each other with absolutely no hindrances, but the actual reality behind the whole system can be revealed only when noticed closely. A lot of issue that were not given importance earlier is now being looked at with a different perspective and one of these is Security. When a business is thinking of sending data across the globe on the net, they would expect that it reach the desired individual without any mishap. Similarly if an individual were sending private information through the net he would obviously expect complete security. Along with this the fact that by connecting a system to a network sort of compromises on the security. There is a high chance of data loss that could cause a lot of loss and damage to the business. Network security can be divided as secure data as it transits a network and methods that regulate what packets, or what may transit the network. Both these types of network security do affect the traffic in a site but their ultimate objectives are quite different. (Network Security, Filters and Firewalls)
When it comes to security we cannot access as to what would be the best form of security that can be provided, as security just is an inclusion of either absolute security or absolute access. To actually be able to be absolutely secure the best way would be to be off the network and switched off and probably not in use at all, but at the end of it this is of no use. But at the same time a computer with absolute access, is terrible too, as anybody can use it now as it does not have any password or authentication problem and it would not be before long when it is destroyed thanks to the many things possible through the Internet. Therefore it is important that every organization decides as to the level of security it would require for its access. On deciding this then a policy needs to be implemented that will enforce this procedure. After this everything that needs to be done in the name of security needs to be done to make sure that it is done keeping the policy in mind. (Introduction to Network Security)
We will now deal with the different types of threats which exist against networked computers. We shall also deal with the security measures to be adopted from the various threats. (Introduction to Network Security) There is a danger, whenever your computer is linked to the Internet, either by a dial-up (modem) connection or through a broadband (DSL or cable) service. At any hour during the day or at night, Network security attacks can come. Among the millions of computers connected to the Internet, your computer is also one among them. And just one moment is sufficient for the hacker to get in. Anyone with bad aim and basic computer skills can get your private documents and photos, credit card numbers and passwords. Hackers can even leave open a back door so they can turn your computer into a zombie and use it to begin network security attacks, often against prestigious computer systems such as government or financial systems and can also take what they want. They have the capacity to conceal their true location as they open their attacks by taking control of your computer. Virus safety alone is not sufficient. Many people think that, from Internet-borne intimidations, anti-virus software will protect them. (Home Internet security: Protection against network security attacks)
But the virus protection is only as good as the most recent virus definitions, i.e., they are formed in reply to the latest viruses, but many thousands of people must be contaminated before the makers of anti-virus software can make a protection. Anti-virus software does nothing to safeguard the computer against the direct network security attacks. It is more tough for a hacker, because if you use a dial-up Internet connection (not impossible, just difficult), your computer links to the Internet only when it has something to send, such as e-mail or a request to load a web page. The computer cuts off the call, if there is no more data to be sent, or after a certain amount of idle time. And the computer is allocated a different IP address on each call. Since the computer is always on the network, in the case of Broadband services, ready to send or receive data and its IP address changes less often (if at all), there are more of intention for network attacks. (Home Internet security: Protection against network security attacks)
There are a lot of attacks that are performed on the Internet and the DoS or the Denial of Service attacks can be counted to be the most destructive of the lot. These are considered the worst kind because they can be easily instigated and moreover these are also very difficult to track down and moreover when access is asked it is not easy to refuse it, as it would also require for us to refuse legitimate request for the service. The idea behind these attacks is that the hackers send more number of requests to a particular host then the host is prepared to handle. By doing so the hacker just actually makes a connection with the service post and then after faking the packet's header information they give a different start destination for these and then drop the connection. If the host server is able to answer only 20 request per second nearly 50 are sent, and this is very easy as there are lot of software's available which assist in this and when the host is not able to answer the remaining request of the attacker it will obviously not be able to answer the legitimate requests. These attacks were known to be common in the 1996's and 1997 period and have become fairly less. (Introduction to Network Security) few things that need to be kept in mind to be able to protect ourselves from these denial of service attacks is that firstly we need to not run our visible to the world servers at a level that is too close to the capacity. Secondly it is also important that we use packet filtering to stop the obviously forged packets from entering into the network address space. Most of the forged packets consists of those that actually come from our own hosts out of which most of them are reserved for private networks as stated in the RFC 1918 and the loop back network (127.0.0.0) and it is also important that we keep up-to-date to the security level patches for the host operating system. This is because there could be some information that could probably fall into the hands of a competitor or a rival who could take undue advantage of the information at hand. At times even compromise of a normal users account on machine can be reason enough to cause the initial damage. There are chances that people who actually break into the system network could just be doing it for the fun of it, but then there are others who would probably do it intentionally to get a one -up on the organization considered. (Introduction to Network Security)
It is absolutely undesirable to have a stranger work the server machine of an organization but even this infringement of privacy is of two standards, one where the normal user access is infringed upon or the public administrator access is broken into. When it comes to normal user access, the individual who ahs the access may be able to access the files and make use of them to his advantage. But there are those other kinds who would make changes to the configuration and probably change the IP settings of the system that would cause it to shut down every time it was started and this may destroy the system but his can be done only when the individual has access to the administrator settings. (Introduction to Network Security)
There are two more kinds of destructive break-ins, which can be counted among the destructive few. One of which is the data-diddler. In this the hacker normally changes the data that he ahs access to. The worst thing in such a hacking would be that the computer being hacked into may not even be realized till may be months. For example if the individual was adjusting the figures in the excel sheet or may be he is just changing the account numbers of those that are being auto-deposited. Such changes may not even be guessed immediately and may take a long time before it is even figured out. It may take even a really long time to actually track the problem down and even after it is done it would be a really long time before we are sure that the system can be trusted again. (Introduction to Network Security)
By providing right of entry to the outside world and providing access to network services through your organization, the staff and company get more advantages. But, when more access is given, there is a greater risk that someone will make use of the increased susceptibility that fallout. Defense becomes more and more difficult and intricate, every time a new system, application or network access is added and potential vulnerabilities are added. It is possible to harvest the benefits of greater access while reducing the risks, if you're ready to reasonably tackle the serious risks. You will need a complete plan as well as the assets to carry out it, to achieve this. You must also have a thorough knowledge of the measures that can be taken to safeguard them, as well as the exposure that con happen in all the possible places. (The Interactive Network Design Manual How to Secure Your Network)
This may seem to be a crushing load, particularly in smaller organizations that do not have staff on hand versed in all the problems. You might be lured to engage a security consultant and be done with it. Though this a good job to contract out, you still need to know enough to keep the consultant truthful, as you are handing over them your organization's most valuable possessions. Once you are over the primary setup bump, you may want to take over continuing maintenance. You not only need a great knowledge of the technical nuances of the network protocols, operating systems and applications that are accessed but also the up front planning, to make safe your network properly. The strategy is the primary step and is the base for assuring that all the bases are covered. (The Interactive Network Design Manual How to Secure Your Network)
After analyzing the kind of attacks that are found we can list out the high-level practices that can actually prevent security disasters and to be able to control the damage if the preventative measures were not successful in pushing off the attack. (Introduction to Network Security) The level of security for each network resource may differ. This means that this level has to be determined at the very outset. Baseline security offers users a basic security to go about their work with reasonable confidence. Security of a password is one such method of protection. This works in preventing intruders from accessing the protected and confidential database of the users. A network that needs a password for entry is easier to maintain than a network that doesn't need one. A password also ensures that a novice user does not unwittingly cause a lot of damage by his ignorance. (Network Security - a functional approach)
It also ensures protection against experts who would plan an attack on that particular network and access its data. As the Internet has grown over the years, so have the number of users, and so have the security risks involved in the very use of the Internet. When the business uses Internet resources such as emails, the World Wide Web, Internet groups and newsgroups, etc., the risks increase. Web sites can be attacked, emails could carry viruses, and corporate accounts could be pilfered. These attacks are carried out by hackers who are specialists on the other dark side of information technology. Intentional attacks are generally targeted at the network. This would result in denial of service (DOS) that launches a flood of demands on the Internet server that he cannot handle. There are also general attacks like viruses that spread very like an infection to all vulnerable networks without limiting itself to just one particular network. (Network Security - a functional approach)
Network security can be classified as transit security and traffic regulation; the combination of both will ultimately lead to proper network security and the regulation of delivering the exact data to the right place. Along with this there is also a requirement to make sure that the host that receive the information will actually properly process it, which leads to numerous other questions in relation to host security, a specific area allotted to each type of system. At the moment no system that transcends the public network can be said to be secure to keep information safely.
There is lot of method available now to actually regulate the traffic that comes in and goes out of a few coordinate sites but none of these can be said to be really effective. One of the two basic methods used in this area is the Virtual Private Network, which actually works by creating a private network with the help of TCP/IP to actually provide a lower level of second stack of TCP/IP. This concept works the same way that the TCP/IP network works and is a little difficult to comprehend. To put it briefly, the IP traffic actually send numerous physical networks and each of the systems that connects to the physical network implements a standard for sending IP messages across the link. (Network Security, Filters and Firewalls)
The IP transmission has a separate standard for it across different links like the Ethernet and Point-to-Point links (PPP and SLIP). After receiving the IP Packet it is then passed on to the higher levels of the TCPIP stack that again passes it on to UDP, TCP and ultimately the application. While implementing the virtual private network the lowest level of the TCP/IP protocol is implemented in the existing TCP/IP connection. There are a lot of ways to establish the tradeoffs between abstraction and efficiency. The advantage realized when it comes to secure data transfer is not very far away. A VPN actually gives complete control over the actual physical layer but it is at the hands of the network's designer to encrypt the connection at the lower level. After doing this the traffic of any kind on the VPN will be encrypted, whatever it may be the application layer (Mail or news) or the lowest layer of the stack. (IP, ICMP). (Network Security, Filters and Firewalls)
The main advantage of using the VPN is that it allows us to have a private address space, which means we have more machines working on a network at a time, moreover they also let packet encryption or translation overhead to be done on dedicated systems, ultimately actually reducing the load on the production machines. Another way of doing it would be regulate traffic at the higher level in the TCP/IP stack. There are different ways for existing the secure authentication and encryption of the telnet and rlogin sessions (Kerberos, S/Key and DESlogin) that are actually encryption of the highest level of stacks (the application layer).
The main reason behind encrypting traffic at the high level is that the overhead processors are actually removed and the inter-operability with the current application is not influenced and moreover it is also much easier to compile a clients program that supports application layer encryption than one that has to build a VPN. Encrypting of traffic at any of the layers in the IP stack is possible. The most guaranteed is the encryption that is done at the TCP level that provides fairly transparent encryption to most network applications. Both these methods can have performance influence on the hosts that implement the protocols, and on the networks that connect those hosts. (Network Security, Filters and Firewalls)
Security provided by authenticity verification agencies usually lays stress on data security-encompassing security of data and also its privacy. However, networks provide security against natural calamities and physical attacks as this type of security has been redefined over the years. Internet has become more and more popular over the years and now, people rely on the Internet for a whole lot of things. A network protects the users of the Internet against unforeseen circumstances by providing many points of access so that when a single point fails this would not result in disaster. It also remains unaffected in the case of localized problems. The IP networks actually help us react to emergency situations in a more efficient manner because of the security net that it provides. The fact that an extremely secure and functionally excellent ad hoc network is present enables quick and effective emergency response. Ipv6 has proved to be extremely efficient in that it not only provides data security but it also paves the way for a more robust network by essentially simplifying the need for the emergency teams to be used in response. (IPv6 and Network Security)
IP v6 also provides support for the IP sec protocol that in turn provides complete security for data wherein data encryption, data integrity and authentication of users is all taken care of. The fact that IP sec is a part of Ipv6 makes it more easily available to users on Ipv6 nodes than on Ipv4 end nodes where it was previously available. Ipv4 networks through their use of IP sec generally concentrate on site tunneling. Firewalls and filtering are the security measures provided by local networks. These are usually weak and ineffective when compared to the end-to-end security provided by the Ipsec or other such mechanisms may provide. In Ipv4 networks the use of NAT, which violates the use of the end-to-end security used by them, makes it impossible to deploy good security measures. NAT causes more such security risks; it violates the integrity of IP addresses, and also prevents proper identification of remote nodes. Data encryption is also not possible with NAT since ALGs cannot translate addresses and data that have been embedded in the application layers. The Ipv6, by eliminating the necessity of using Ipv4, is able to provide better security for the coverage of end-to-end data mechanisms. (IPv6 and Network Security)
By keeping an eye on the kind of packets that move from between the network actually go to regulate, to see to it that no harmful packet reaches the remote host to affect it. Regulation of the traffic that enters the network sort of provides a screen between the hosts and the remote sites, at three different areas of the network the routers, firewalls and the hosts. Each of these is similar in service at different points in the network. Deciding on as to which packets can go through the sites is not a very difficult concept but to be able to decide as to which particular packet is safe enough to send and which one is not is a very difficult task for any firewall or router to decide upon. Most individuals log on to the net to send packets across and to be able to decide to which is not harmful or otherwise is really difficult if not down right impossible. To come up with a plan for this purpose is very tedious and not easy to explain either. Although it cannot be discussed in detail, a small brief discussion follows. (Network Security, Filters and Firewalls)
All packets except for the ones sent form the lowest levels are sent to the lowest level of destination sockets of the UDP or the TCP. A new method that is being adopted more recently is to dynamically add entire sets of route filters for a remote site when a particular set of circumstance occurs. With the help of this technique the router or the firewall can easily be able to identify suspicious activities like ISS and SATAN and prohibit access to the site or the machine for a stipulated period of time. These are most useful to protect any sort of automated attack. The filters and access list are found on all the types of system but are commonly used in the routers. A new technique has also been to see to it that each packet that goes out has its own IP number hence protecting any outsider to have inside information about the site. Another advantage of this is that there is numerous numbers of internal hosts in a small-allocated space. This is not fully protect proof though and check amounts need to be recalculated as they depend on these IP numbers and also certain upper level protocols depend on these IP numbers. Another disadvantage being that these protocols do not actually work through simple address translation routers. (Network Security, Filters and Firewalls)
The structure and the interface of any network prove to be the determining factors for any attack. They could be attacked on several different layers. After initially isolating the various threats, these layers have to be analyzed for a very effectively functional design of a security provider. This effectively means that security has to be applied in several definite layers for protection from any attack. Primarily, the security has to be both from within as well as from without. The resources on the inside must be provided security by assigning various rights and permissions to the different fields. A right describes what the person can do on the network. Individually assigned Passwords help in providing security to the inside as access is denied to groups or individuals who do not use the password. Using the password would give access to the network. Here too, blunders are made, as for example, when users share passwords. When this is done the purpose of security is lost and there is no more security. It is again stressed that a password is the last line in the defense of the network. (Network Security - a functional approach)
When an attacker has exhausted all other possibilities, only then will he try to decipher a password. A strong password will protect vital data. For example, a password like this- #$%! %^&*() would definitely serve to keep an attacker away, rather than if simple combinations of letters or numbers like your children's names, your spouse's name, and other simple data were used. Such combinations would be easily broken into by the use of the 'underground dictionary' by a professional hacker. However, very complicated passwords would not serve the purpose as they would be easily forgotten and the user would have to write it down to remember it and this would, in fact, defeat the very purpose of an individual password. A user would also have to be warned to not use his internal network password for an outside website. Another layer of security would be the use of anti-virus software that would provide protection from the various viruses and malicious coded data that could invade and corrupt any computer. (Network Security - a functional approach)
Viruses can be automatically detected but the network or the individual computer has to be programmed to scan the drive of a computer from time to time. These can be updated to receive the latest news about viruses as they occur. Almost every day, a new virus is discovered and the anti-virus software has to be constantly updated, failing which; there would be an invasion. The anti-virus software, in fact, has to be updated NOW. This would be an effective way of protecting your computer, rather than buying the latest software and then not using it regularly for updates; this would be as good as not having the software at all. Certain server-based software provide protection on a centrally managed basis, network scanning can be done from either your own network or even from a central location. (Network Security - a functional approach)
The most important fact when it comes to security is that we implement a strategy that would reduce the number and the rigorousness of security incidents. The biggest problem faced is that many individuals and firms do not give security protection as much importance as it should be given. It is because of this that the security problems are still present in various networks and it is most important that we take action to secure these networks. (Minimizing Security Incidents) If we are pre-warned about the danger facing our site then we can take the necessary steps to be armed. If the network security is used correctly then we do not have a major challenge with intruders. But most frequently people leave security to chance and only realize their carelessness when the actual danger occurs. To be able to catch the intruder we need to use intruder tactics and a lot of network intrusion experts use network scanning utilities to first try out before other viable avenues. Finding the target machines is more tedious a task than scanning a network. Scanning the network is the process by which an intruder identifying a public IP addresses may be on a demilitarized zone or the DMZ and may seem secure in the beginning. A network scanner is applications that will scan a TCP/IP stack scan on any target machine. Then this scan will look for any kind of open ports where the service may be currently operated. (Network Security recommendations that will enhance your windows network)
When we think of security back-ups are just not a very good idea. It is the operational requirements that should evaluate the backup policy and this should be made to work closely with the backup policies. At the same time these back-ups can be useful when it comes to recovery from hardware failure, damage of data etc. A security system that can be erupted by breaking a single component is not really very effective. When it comes to security it is important that we have a level of idleness as this can actually aid in preventing a small security breach form becoming a disaster. We can be certain that an individual who wants to break into our system is actually watching our vendor systems. Till date, exploiting bugs is still one of the most effective and common ways of breaking into systems. (Introduction to Network Security) It is important that we keep abreast of the happening on our network and come up with an alarm system that would notify us of an intrusion. The IDSec (Intrusion Deployed Security Software) is one such system that helps us to identify as to if the intruder is scanning the network or attempting an attack. (Network Security recommendations that will enhance your windows network)
Network means entering into an invisible world always thought of as unsecured. This fact enhances the prioritization of the level of security needs. A plethora of vendors providing security tries to persuade the net users in order to take you into discriminatory monetary exploitation. The vendors with much ease provide a ready made security measure accommodating must general needs rather than catering to the specific needs of the customers. It is therefore cautionary to be away of such vendors who tries to pass on their products with a high sounding threat in favor of security needs. It is advisable not to heed to the cautions so made and be panicky with their threats. It is always preferable to be with a reliable professional in this line having an inclination to help looking at the size of the budget rather than depending on the vendors who just try the above methods for pecuniary exploitation. The highest possible security as claimed is neither feasible nor desirable. (Network Security Myths - Think your network is hack proof?)
It is most important that we have at least one individual who is in charge of security development. It need not be a very technically wise individual but just an individual who is able to keep track of the security warning being issued. In case of any problems the individual would be able to contact security related issues and know if the web software version has any sort of problems. (Introduction to Network Security) The network administrator has to strike a good balance between too much and too little security. For example, if access to a color printer were made easily available by the network manager, it would result in the unlimited use of the printer without a thought for the expenses it would entail. All the employees are happy but the management cannot afford to be happy. If the access to a color printer were to be denied completely, including to those that would actually have to use it, there would be unhappiness all around. The employees and the management would be rendered sad and though costs would be saved, production would decrease. Therefore, to achieve some balance, the printer would have to be used by those that need it and not those that want to use it. When the authorized user uses the printer, he still would have to be monitored by the management. (Network Security - a functional approach)
The auditing system is used now, the system where the resource activities like logons and resource access are all recorded in a file for future perusal. Details like, who logged on at what time, what resources were used by whom, who used the printer, at what times, who created or deleted any files, etc. would be recorded. This is where the importance of a secure network has to be stressed to the employees in such a manner that the understanding of it would make progress in work much quicker rather than if it were not understood and thus hampered work. Internet security generally covers both the Internet and the Intranet. (Network Security - a functional approach)
The Intranet is, basically, the network that covers the local area as well as, in some cases, the wide area network that connects the networks in different cities. The Internet, on the other hand, is a global network comprising the whole world. What happens within the Internet is beyond anybody's control, whereas what happens within or inside or outside of the intranet is easily controlled and the security that has to be provided should encompass the whole Internet if the intranet is connected to it. The security threat against networked computers needs to be studied in order to implement security successfully. (Network Security - a functional approach)
To be able to separate the organizations Internet and the Intranet there are some firewalls provided, these firewalls are just a group of components that actually form a barrier between the two networks. These firewalls are one-way entry points for our networks. (Introduction to Network Security) A firewall is one of the most important security measures that can be used by a networked computer. Hackers and other such anti-social elements can be kept out, while at the same time letting a person carry on with his work. A firewall prevents access to unauthorized persons by implementing a strict control policy on users within two networks where access can be denied or blocked according to the required security measures. A proxy service is also provided by the firewall method whereby the internal IP address of the network that provides the user the Internet service is hidden from public view while at the same time allowing the user to use the Internet. (Network Security - a functional approach)
However, the firewall is not a failsafe method; if there is a traitor within the network or even a novice user, then security can be breached. A firewall can be both software and hardware based, and it should be installed at all points that could come into contact with an external network. These points could be the Internet, a telephone company switch, or an area of network that has been used separately by the user. A firewall that scans the computer through its desktop can also be used. Such a method would provide another layer of security. When virtual private networks are used to connect various offices, the data within should be encrypted so that nobody can read or access those particular files. A VPN does much more than just this but this is the basic service that it provides. (Network Security - a functional approach)
The companies, with many types of security intimidations these days, put themselves at great possibility by executing a point product, such as a firewall, and thinking the network is secure. Setting up a firewall is like bolting the door of a house and leaving all the windows open. Many companies install firewalls at the boundary of the network to protect against external threats, not to protect against internal attacks or accidental damage by employees. But to protect against external threats, a firewall alone is not enough. Some companies who have not included the right checking analysis tools as part of their whole security solution would not be even conscious that their security has been broken. Even if an interloper is able to bypass one access point, overlapping layers of security make sure that the break-in will be stopped by another mechanism, with a multi-layered method. The overlapping security can also stop unintentional or intentional damage to information resources or the network by employees. The ever changing and an active prerequisite is security. Often, new security intimidations come along. (4 key steps to real network security) security system that is flexible and easy to handle, is very important to be employed. Security becomes hard to handle, when companies buy point products from different vendors. Every method has to harmonize with every other security appliance in the network and has to be mechanized to dispense and enforce security policies. There are likely to be disparity if all the products do not act in concert and therefore bigger exposure to malevolent harm. The point security devices like the firewalls were first built-up with traditional Ethernet LAN in mind. But, over the past few years, many small companies have started taking lead of mobility and remote access, wireless LANs, and converged networks, meaning those carrying both voice and data over the same network. Some point-product security sellers are still focused on the world of Ethernet LANs. Their products have not developd to uphold IP telephony, virtual private networks (VPNs), wireless LANs (WLANs), or other up-and-coming technology. Hence, security for these areas of the network must be handles separately. It is necessary to make sure the security extends to these parts of the network also. (4 key steps to real network security)
You’re 82% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.