Network Security

Definition of Network Security^[1]

Network Security is an organization’s strategy that enables guaranteeing the security of its assets including all network traffic. It includes both software and hardware technologies. Access to the network is managed by effective network security, which targets a wide range of threats and then arrests them from spreading or entering in the network. Network security is an integration of multiple layers of defenses in the network and at the network. Policies and controls are implemented by each network security layer. Access to networks is gained by authorized users, whereas, malicious actors are indeed blocked from executing threats and exploits.

Network security is a subgroup of networking. It involves securing the connected network infrastructure from the core to the edge of the network perimeter. Typically managed by a network administrator, network security involves implementing IT security policy and deploying network software and hardware to:

• Protect the network, its infrastructure and all its traffic from external cyberattacks
• Protect all IT assets and resources available via the network from unauthorized access
• Ensure authorized users have adequate access to these network IT assets and resources to effectively perform work^[2]

Evolution of Network Security^[3]

“Things get worse slowly. People adjust” – David D. Clark, the Internet pioneer who is now working as a Senior Research Scientist at MIT’s Computer Science and Artificial Intelligence Laboratory (referring to the flaw in the network security design of the early Internet)

The need for network security dates back to the late 80s after a flaw in the network design slowly incrementalized its process. It started with the very design of the Internet, open and distributed. It was the time when no one felt the need to control communication among its users and mutual mistrust was out of the picture.

David D. Clark realized that humans tend to ignore existing problems, which often transforms into something even more disastrous. The Morris worm of 1988 wasn’t an intentional threat to the network security of that time. A worm is a standalone malware program capable of replicating itself to expand its reach to other computers while remaining active on the infected system. Well, the developer of the worm, Robert Morris intended to determine the size of the internet by propagating a self-written program across the networks, later infiltrating the Unix terminals with a known bug, and at the end, would duplicate itself through three attack vectors: sendmail, fingerd, and rsh/rexec. Little to his knowledge, the last instruction turned out to be a mistake. The Morris worm replicated itself drastically, damaging thousands of machines and vaporizing millions of dollars into thin air.

In the aftermath of the incident, Morris was charged with the first felony of the United States 1986 Computer Fraud and Abuse Act. He was not only sentenced to three years of probation but was fined with $10,050 and 400 hours of community service. Later, DARPA funded CERT/CC at Carnegie Mellon University, which improved the security of numerous software and the Internet. The Morris worm is now considered to be a legend for starting a wave of cyberattacks.

In short, what started with a small online community for a few researchers is now accessible to around 3.2 billion people around the globe. And with that, potential security related threats have also increased dramatically. After all these years, the cyber world is still facing the same challenge with much greater intensity. In fact, the situation is worsening with each passing year.

Network Security Concept^[4]

Network security starts with authentication, commonly with a username and a password. Since this requires just one detail authenticating the user name—i.e., the password—this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g., a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g., a fingerprint or retinal scan).

Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network like wireshark traffic and may be logged for audit purposes and for later high-level analysis. Newer systems combining unsupervised machine learning with full network traffic analysis can detect active network attackers from malicious insiders or targeted external attackers that have compromised a user machine or account.

Communication between two hosts using a network may be encrypted to maintain privacy.

Honeypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot. A honeypot can also direct an attacker's attention away from legitimate servers. A honeypot encourages attackers to spend their time and energy on the decoy server while distracting their attention from the data on the real server. Similar to a honeypot, a honeynet is a network set up with intentional vulnerabilities. Its purpose is also to invite attacks so that the attacker's methods can be studied and that information can be used to increase network security. A honeynet typically contains one or more honeypots.

Principles of Network Security^[5]

There are three principles within the concept of network security—confidentiality, integrity, and availability—which together are sometimes referred to as the “CIA triad.” A network can only be considered secure when it has all three elements in play simultaneously.

Confidentiality works to keep sensitive data protected and sequestered away from where it can be accessed by the average user. This goes hand-in-hand with the principle of availability, which seeks to ensure that data and resources are kept accessible for those who are authorized to access them. Challenges to availability can include DDoS attacks or equipment failure. The principle of integrity seeks to protect information from intentional or accidental changes in order to keep the data reliable, accurate, and trustworthy.

Every decision made regarding network security should be working to further at least one of these principles. This means that MSPs need to ask if each decision will ensure that data is kept confidential, that its integrity will be protected, and that it will be made more easily available to those with authorization to access it.

Benefits of Network Security^[6]

Network security exists to help your organization protect not only its sensitive information, but also its overall performance, reputation and even its ability to stay in business. Continued operational ability and an intact reputation are two key benefits of effective network security.

Companies that fall prey to cyberattacks often find themselves crippled from the inside out, unable to deliver services or effectively address customer needs. Similarly, networks play a major role in internal company processes, and when they come under attack, those processes may grind to a halt, further hampering an organization’s ability to conduct business or even resume standard operations. But perhaps even more damaging is the detrimental effect that a network breach can have on your business’s reputation.

Given the rising tide of identity theft and other dangers related to the theft of personal information, many customers are already hesitant when it comes to sharing data with businesses. And if a cyberattack should occur, many of these customers are likely to withdraw in favor of more secure alternatives. After all, why take the risk?

The loss or corruption of valuable data, along with a significant disruption to customer services and internal process, topped off with reputational injury that may persist long after other damages have been repaired — it’s not hard to see what’s at stake when it comes to network security. In fact, it’s been suggested that 66 percent of SMBs would have to shut down (either temporarily or permanently) after experiencing a data breach. And even larger, more established businesses may be unable to reclaim their former standing.

On the other hand, reliable network security software and hardware, coupled with the right policies and strategies, can help ensure that when cyberattacks occur, their impact will be minimal.