Businesses are increasingly conducted over IT networks and it is imperative for them to maintain network confidentiality more than ever before. A failure to ensure the security of business IT network can lead to dire consequences. In order to secure these network, a number of changes are made to the infrastructure of the underlying network, and a network administrator is designated to create policies which will protect the network from unauthorized access.
To secure a network, you need to secure all points that could potentially be used for entry. You could liken network security to home security. Most of us know that the doors and windows which lead into our homes are potential areas of entry, and in order to reduce the likelihood of unwanted people entering our homes, we secure these areas with locks and alarm systems. The same basic principle applies to securing a computer network. The difference between computer security and network security is that while computer security is designed to protect a single computer, network security places an emphasis on the network that the computer is connected to.
In truth, computer and network security go hand-in-hand, since preventing unauthorized people from accessing a computer which is connected to a network is equal to blocking unauthorized people from accessing a network. Not only must the network be protected, but you should also secure everything that is connected to the network. This includes printers or storage devices which are attached to the network. The goal of network security is to stop attacks before they enter the system, and be able to do so at the entry point.
There are a number of attributes which are connected to secure networks, and these are discussed further here.
The Security Management for a Network
The security needs of each and every network differ from one another. The level of security that is used for one network may or may not be suitable for another network. For example, the level of security, which will be used by a household network will be a lot lower than the network security that will be used by a company or a government agency.
- Larger organizations tend to require more extensive maintenance procedures, and they make use of highly advanced software in order to ward off attacks that are constantly launched by hackers and spammers.
- The typical household network would basically need a firewall, antivirus software and a strong passwords.
- A moderate-sized business would need a much stronger firewall, stronger antivirus software, and stronger passwords that should be changed on a weekly or monthly basis.
- A moderate-sized business would also need to develop security policies for its employees to follow, and it could use a network analyzer to watch the network traffic.
- A large organization would need the strongest firewall available, the best anti-virus software, powerful passwords that must be changed frequently, physical security measures which everyone must follow, using a network analyzer, implementing physical security devices, and security fencing.
Network Security Attributes
The very first step of securing a network is to authenticate the users of that network. The most common way of doing this is to require users to submit username and password prior to gaining access. After the user has been authenticated, a firewall will be responsible for the enforcement of policies when it comes to what the user can access, and what services are allowed for them. While this method can be useful in preventing unauthorized people from accessing the network, it is still vulnerable to attacks involving worms that are sent over the network. The IPS or Intrusion Prevention System can be used to stop this as well as spyware.
IPS is also capable of analyzing network traffic that it deems to be suspicious. It will look for anomalies in order to prevent the system from becoming a victim of attacks, such as Denial of Service (DOS) attack. Any communication which is made between two or more hosts on a network can be encrypted, and this ensures privacy. Any singular event, which occurs on the network could be analyzed for audit reasons, and it could be analyzed more heavily at a later time. A Honeypot, which is a type of decoy, can be used on a network, and can act as an early warning mechanism.
Any method used by an attacker to weaken the decoys will be analyzed when an attack takes place and after the attack has occurred, and this will be done to study the exploitation methods that are used. This analysis could be useful in the tightening of security in regards to the true network, which the Honeypot will be tasked to protect. However, it is also necessary to manage the security of networks, and this is precisely what many network administrators are responsible for. The security that is used for networks will differ depending on the circumstances and the network that you have.
Types of Network Attacks
There are many ways in attacking a network. With the reasons indicated above, network administrators have to be aware of the different types of attacks so that any small indication of them lurking in the system will be addressed.
The most popular form of network attack is by making use of a virus or a worm. With a single file being introduced to the system, the virus will ultimately affect the files and functions that are set by the virus or the worm creator. It could crawl up to any system and will destroy specific functions, depending on the virus.
Along with viruses, Trojans horses are also a bane for networks. As history tells us, Trojan horses might look okay on the surface but once used, it unleashes a malware that could spy or even ruin the whole system. This malware could be downloaded from a website or could be even passed through a very innocent e-mail. A relative of Trojan horses are phishing attacks wherein information are being “fished” from the user and could be used for an entirely different and illegal reason.
Another form of network attack worth noting is packet sniffers. But there is actually a good side to this attack. Law enforcement agencies use packet sniffers to monitor the system of suspicious persons such as online predators. On the other hand, packet sniffers could be used by hackers to “sniff” over network transactions and monitor the transactions to extract information that is useful to them. Aside from this, networks could be hacked mainly to steal the actual hardware. In essence, everything could be hacked right from the actual computer that is being used by a single user.
Speaking of computers, another type of attack that could happen to a network will not be conducted by an actual person but by a netbot or “zombie” computers. This type of computer is powerful enough to navigate through the system and access sensitive computers, servers and even release malwares to hack into other computers.
In each of these possible attacks, network administrators have to create a security response plan and a network attack prevention strategy so that their network will effectively and securely conduct its daily business without putting anything at risk.
Reasons for Network Attacks
There are only a small number of reasons why networks are being attacked but the main reason they do so is to extract sensitive data that are transmitted within the network. Although we provide information to our clients, this information is kept in confidentiality and is only revealed to the right person. The information is usually sensitive and very personal. But when a network is attacked and personal information is extracted without proper authorization, information about a specific person could be stolen. This will not only be a bad thing for the customers whose information will be used without their knowledge, this is also a very bad business situation for any company. If they are not able to protect the information provided to them by their clients, they will end up with nothing.
Another reason for a network attack is to spy on a company. Although information might never be extracted, company secrets and processes could be closely monitored when the network undergoes intrusion. In the end it is also a classic case of data intrusion but it is considered more serious, since it even goes to monitor company trade secrets.
Lastly, network attacks are conducted for the sheer destruction of network users. May it be a personal or business move, network attacks could cause the release of a virus that would affect the system, files and applications that are run personally or within the network. No data is extracted but everything is destroyed which could even shutdown the whole operation of the company.
Certain measures have to be done not only to remedy these types of attacks but to ultimately prevent them. Network administrators have to work round the clock to monitor their networks and address even a single security flaw.
Constant Guard against Intrusion
In today’s business setting, one of the most important aspects in the company is the ability to properly streamline information. We used to base this ability by using paper documents and forwarding them to the appropriate persons for further updates. Business setting however, demands a very fast turnaround of information that paper pushing is almost a thing in the past. Today, everything is done through a computer or more specifically, through a network. The network streamlines all possible information so that anyone who has the proper authentication could access the needed files automatically. No need to look for the right person and get the information.
Although this automation is very beneficial to any business, it has also created a new set of problems. Among the problems encountered are the possible attacks that could happen at any time. Without warning, network attacks could happen and having no remedy for that problem would place the network in a very vulnerable position.
System versus Network Intrusion
Network security against all types of intrusion is the top priority of any network administrator. It is through the network that everyone communicates and it is through this same network that information is properly streamlined to people concerned. Transactions and communications are faster this way.
Any type of attack to the network should be averted as much as possible by network administrators since it might have catastrophic effects if the company is relying on the network for their business processes. Protecting the network from different types of attacks is made possible with different types of firewalls, IPS (intrusion prevention system), routers, switches and other related hardware and applications for network security.
Systems, on the other hand, require an entirely different security to be successful. Even though the system is not primarily the concern for the network administrator’s security at all, system security is a big part of securing the entire network. When the system is attacked, the entire network is at danger of being affected. Since everyone is connected through the network, any system intrusion could easily transfer from a single type of system to another. Each user has their own system to take care of and without proper security, they would end up downloading unknown content and unleashing deadly Trojans, viruses and the like to the network. Users will have to be active in monitoring their files and applications they will be using to ensure information and system security.
Discovering System Intrusion
Network administrators and users should guard their systems against system intrusions. It is a 24/7 challenge for network administrators and a constant awareness for users. Discovering them is always a task for both the administrators and users.
Discovering system intrusions is basically very easy. Most of the time, users of computers and the internet for personal reasons see to it that proper security is installed in their system before they start any personal configuration. Network security could usually be installed with the aid of hardware such as routers and switches. On the other hand, system security that aids in the discovery of intrusions is software-based, and the only thing the user has to do is to install system security applications.
Types of system intrusion prevention measures however vary depending on the purchase price (if any) and its functions. For example, an anti-virus program could be downloaded and installed for free however; it doesn’t provide real time protection. This type of program is free but it only scans the system at an appointed time. On the other hand, real time scanning for viruses, spyware and malware is still possible but it usually comes with a license fee.
Securing the System
System security should be implemented as soon as the system is set up. As the system is brand new, there is no information available to be hacked and monitor and it’s the perfect time to scan the system if there are any intrusion in the first place. It will also be easier for the security tools to scan the entire system since there is less information to be scanned.
Securing the system is not only limited to scanning the hard drives and system where the information will be placed. A big part of system security entails encryption of data that will be placed in the system. Without encryption, any hacker could easily read and extract any information for illegal use. The challenge however, is for the network administrator to be able to speed up the network processes. Encrypting data is very safe but it comes with a price: another step is added for the network as it will decode the encrypted data first before it is being made available for different users. But this could be easily addressed if the hardware capability of the network is upgraded.
System Security Upgrade
Installing and fully implementing security measures for system use is not sufficient. Network administrators have to be aware that different types of system attacks are created every day. Any security measure implemented in the system should have the ability to upgrade itself everyday so that it could check with the vendor’s database with the new list of attacks.
Aside from security applications that would detect Trojans, viruses, malware and spywares, administrators should also create protocols for every user. Password types and account upgrade is always a must so that the system would always be updated with the files and applications that are installed. User account protocols should be controlled as well so that developers are able to delete unnecessary user accounts. These are usually the location wherein files could be accessed since no one is actively monitoring them.
Administrative and network permission should likewise be controlled by network administrators. If everyone will have the privilege of accessing information that is not useful for their scope of work, it would open up the possibilities of hacking, and system information might be used by unauthorized persons illegally but with only minimal detection.