Network Security and Different Ways to Secure Networks - Essay Example

Network Security and Different Ways to Secure Networks Research Report Introduction Network security can be defined as the protocols and security measures taken in order to secure and protect the data in the existing network, so that unauthorised access to the data can be prevented. In order to further understand the concept of network security, the core issues related to it needs to be analysed (William, 2006). The security of the data, at the most basic level, is authenticated by the users or the network administrators who assign a password and an ID to the respective network so that the security of the network is kept intact Assigning a password and an ID to a network is often called one-factor authentication while the two-factor authentication has often been identified when the account or network is secured by a security-token for e.g. an ATM Card or a mobile phone; and the three-factor authentication is distinguished by the use of the security measures such as a fingerprint or a retinal scan (de Jong et al, nd). It can be further secured by a firewall, so that it could only be available to specific users of that network.Most of these utilities are being used by banks, armed forces, and, intelligence agencies etc (Gregg et al, 2003). The Need for Network Security In practice, network security is an important part of many networks at homes, at public places, at colleges and universities and at various offices such as banks, stock exchanges, all kinds of multinational firms and other businesses, law enforcement agencies and even the Government offices and departments where important information is stored (Park & Dicoi, 2003). The level of security needed and indeed, in use, varies from network to network and it depends onthings such as the sensitivity of the data, the structure of the network, the size of the network and the threats to the network. A home user, for example, may not need to employ the same in depth means of securing the network as, for example, a large multinational bank would. The reason for that is that there’s less sensitive data on a home network, there are less threats and there is not much at risk compared to the network of a bank (Ellison, 2002). Now let’s take a look at the history of network security. The need for network security has been around since the time computers have existed, although this need was further emphasized after one of the most famous computer hackers of the world, Kevin Mitnick was arrested and convicted in 1995. Even before that, there were reported crimes related to computers and networks. The requirement for networks and networked computers to be secured was further enhanced after Internet was made publically available in the 1990s. And gradually, in order to protect against loss of intellectual property, monetary loss, loss of sensitive customer data, invasions into personal privacy, disruptions to the working networks of large multinational firms and banks etc, further ways to secure the networks are being implemented (Innella, 2000). Types of Threats There are various ways in which the security of a network can be breached. In broader terms, the attacks can be categorized in two forms first one is a passive attack in which the hacker disturbs the travelling of data using the same network and in active attack the hacker uses different commands to change the network’s normal working (Bhasker, 2006). Both these attacks can have various forms. Some examples are Wiretapping, Idle scan, Port scanning, a Denial of Service attack, spoofing, ARP poisoning, smurf attack, heap overflow and SQL injection. (Herzog, 2003). Further to that, other forms of attacks such as Trojan Horses, Viruses, Worms or Logic Bombs are also sometimes used. Ways to Secure Networks Securing a network depends on the type of network structure in place and the level of security which needs to be implemented (Paquet, 2012). For networks where security is paramount to the daily operations, experts recommend a multi-layered security system instead of just a single layer security (Gibson, 2011). We’ll take a look at how different networks can be secured, ranging from small, home networks to bigger, government networks and even those of large multinational firms and banks. School and University Networks A school or a university network or its security system can primarily be secured by a changeable firewall and proxy with access to authorized users only. The strength of the security system would generally depend on the strength of the firewall in place (Dramicanin et al, 2007). A suitable corporate Antivirus software and Internet Security Software package can be installed across the main servers and across all the networks computers. The wireless connections, if there are any, need to be protected by firewalls as well. In order to further secure the network, users can be restricted from making any updates and changes to the computers they’re using and those can be made by the network administrators according to the usage of the sites and data. Moreover, strict supervision is required by the school teachers, lab administrators on the premises, especially in schools, so that the security risks from vulnerable websites can be avoided. A policy capable of being enforced should be documented; to ensure that the students of the organisation strictly abide by the rules and principles of the certain policy and there’s no confusion. Home Networks Basically, home network security also uses the protocol of firewalls to save the system from any exterior threats. In the current versions of windows, there is already a built-in firewall which just needs to be enabled from the control panel but it only protects against the incoming traffic. Windows users can avail further firewall services by just choosing from the various Firewall packages available on the internet and downloading them, along with Anti-Virus software to prevent their personal data from being accessible to an outsider (Santos, 2007). Moreover, it is recommended to use a strong password for your wireless connections which combines upper and lower case letters, numbers and even special keys. Originally, wireless networks could only be secured by WEP (Wired Equivalent Privacy) which was introduced in the late 1990s (Yang & Zahur, 2005). However, due to its well documented weaknesses and vulnerabilities, it was replaced byWPA (Wi-Fi Protected Access). WPA has been further upgraded and the most recent security protocol in use for wireless networks is WPA 2, which is basically just an upgrade to the latest security standards and protocols and it is the system in use by most home networks and small businesses and shops and it is the one most recommended in the current environment (Nasreldin et al, 2008). Other security measures include using a robust security backed up by your wireless devices for e.g. Routers, like WPA2 can be used with the combination of AES (Advanced Encryption Standard, established in 2001). TKIP (Temporal Key Integrity Protocol) should be only used when WPA2 is not simpatico with AES. It is also recommended for wireless connections that your defaultSSID network name can be altered; also that SSID Broadcast can be disabled because it has long been considered unnecessary by the security experts for the use of home networks as it makes it easier for intruders to tap into it. (Ou, 2005) Router and firewall logs should be often reviewed so that the flow of abnormal network connections can be identified and rectified if necessary. Usage of password is recommended for all sorts of accounts on the computer. Multiple accounts can be used per family member and prior awareness about information of the network security should be raised among family members to abstain from security threats as much as possible, which includes avoiding websites which may represent a security threat or scanning all external drives before being used on the computer (Ives et al, 2004). Firewalls should be set to always-on and antivirus and anti-malware software should automatically scan the system regularly to detect and disable any threats to the system. Government Networks In Government departments, network security is paramount to the daily running and operations because the government networks include very sensitive data which may relate to the citizens, it may relate to the armed forces, dealing with the security of the entire country. One of the important aspects in securing the network here is the physical security of the network. Network should thus be located at an appropriate place inside the building and it should be watched by guards; armed if suitable, and security cameras must also be installed in the premises (Silcock, 2001). The strongest available firewalls can be put in place depending on the sensitivity of information or data which is to be secured and the firewalls can be both on a software level and a hardware level. In such networks, layered security is also vitally important. The client computers in use across the department need to have strong virus protection and the e-mail servers should also have this facility. Incoming e-mails in particular need to be automatically scanned for any malware or viruses. The data being sent and received needs to be encrypted. Wireless connections, if present, should only be available to authorized users. The network type should be Private Network so it’s not visible from the outside of the network. The web servers should be hosted in a DMZ (originating from “demilitarized zone”) or perimeter network so that if an intruder tries to access it from the outside, the access is limited to that zone and there is no access the inside network of the department. Government departments also need to have their data regularly backed up and encrypted so if it’s stolen or destroyed, it can be retrieved through the back-up. Businesses As far as the security system at a business setup is concerned, it can be divided into three categories which could be domestic and small business setup, medium business setup and large business setup. As the names of these networks setup in a business suggest spatial relevance, they are mainly concerned with the availability of workspace. Small business could be allocated at homes or single room so it is quite similar to what we pointed out earlier in home networks. As far as medium business are concerned, there are various new things here. Medium business networks require a relatively better, stronger and usually more expensive firewall compared to homes or small business, and incorporated threat dealing methods, as the importance of security in a medium business network setup is higher compared to a small business or a home network. It is recommended that for authentication, stronger passwords should be used and should also be changed on a weekly or monthly basis so that the security of the system remains integral and safe from threats. It should be made sure that the employees are well aware about the physical security of the network. There should also be an expert manager or administrator assigned solely to monitor the network security system. A VPN (Virtual Private Network) can be used to connect the head office with the other branches of the business. This network is a private and a secure means to connect different offices within a business to communicate and exchange data. Although it makes the use of the internet, it is secure because it is encrypted. (Curtin, 1997) Businesses these days are also using UTM or Unified Threat Management to secure their networks. This is achieved through incorporating various network security features into a single solution. Functions such as firewalling, content filtering, data leak prevention etc are all a part of Unified Threat Management. Further to that, general guidelines for the employees should be properly communicated across all users of the network in order to the limit the use of internet that also includes websites which are not related to work, and exchanging of important information via unsecure channels. A back-up policy plays a vital role in recovering the data in case it is damaged or deleted as a result of any hardware damage (Bidgoli, 2004). Expert employees must be assigned to supervise other workers, which trains inexperienced employers to deal with network security issues (Hollingsworth, 2000) For large businesses, such as multi-national firms, the attention and the amount of money spent on network security is, and should be, even higher than the medium sized businesses discussed above, for obvious reasons i.e. their data is more valuable. For this reason, sometimes, Network Guards may be put in place along with the regular firewalls to ensure security of the network. Just like Government networks, physical security is also often paid a lot of significance to in case of large businesses. Other than these measures, a network analyser can also be purchased and set up to analyse the stability of the network and for the troubleshooting of LANs and WANs. It helps the network experts monitor the network effectively and is a worthwhile investment. Conclusion In terms of security of the network, the methods in place are always changing as newer types of threats emerge. A good number of the methods to secure networks in the present day world did not even exist five years ago and it just highlights the fact that information technology, information systems, networks and the threats to these things are all always evolving and the rate of this development is indeed very rapid. Businesses, in particular, are investing more and more capital and personnel into securing their networks as the value of the information being transferred increases day by day. Banks, for example, need to use the most up to date ways to secure their networks because the information being exchanged is very expensive, literally so. Network security is an area that can never be taken lightly because of the variety of threats and the sensitivity of information stored and transferred over the network as there are always newer ways to bypass the latest security protocols and networks thus need to be constantly monitored. References Top of Form Top of Form Top of Form Top of Form Bhasker, B. (2006). Electronic commerce: Framework, technologies and applications. New Delhi: Tata McGraw-Hill. Bidgoli, H. (2004). The Internet encyclopedia: Volume 1. Hoboken, N.J: John Wiley & Sons. Curtin, M. (1997). Introduction to network security. Kent information Inc. de Jong, C., UvA, C. D. L., Hollestelle, G., & Schuurmans, T.(n.d.). Online authentication methods. Dramicanin, D. M., Pejovic, V., & Petrovic, Z. (2007, September). On Design and Exploitation Strategies of Reconfigurable Firewalls. InTelecommunications in Modern Satellite, Cable and Broadcasting Services, 2007. TELSIKS 2007. 8th International Conference on (pp. 597-600). IEEE Ellison, C. (2002). Home network security. Intel technology journal, 6(4), 37-48. Gibson, D. (2011). Microsoft Windows security: Essentials. Indianapolis, Ind: Wiley. Gregg, R. L., Giri, S., & Goeke, T. C. (2003). U.S. Patent No. 6,516,416. Washington, DC: U.S. Patent and Trademark Office. Herzog, P. (2003). Open-source security testing methodology manual.Institute for Security and Open Methodologies (ISECOM). Hollingsworth, G. T. (2000). U.S. Patent No. 6,157,808. Washington, DC: U.S. Patent and Trademark Office. Innella, P. (2000). A brief history of network security and the need for adherence to the software process model. Tetrad Digital Integrity. Ives, B., Walsh, K. R., & Schneider, H. (2004). The domino effect of password reuse. Communications of the ACM, 47(4), 75-78. Nasreldin, M., AsIan, H., El-Hennawy, M., & El-Hennawy, A. (2008, March). WiMax security. In Advanced Information Networking and Applications-Workshops, 2008. AINAW 2008. 22nd International Conference on (pp. 1335-1340). IEEE. Ou, G. (2005, March). The six dumbest ways to secure a wireless LAN | ZDNet. Retrieved April 14, 2013, from http://www.zdnet.com/blog/ou/the-six-dumbest-ways-to-secure-a-wireless-lan/43 Paquet, C. (2012). Implementing Cisco IOS Network Security (IINS 640-554): Foundation learning guide. Indianapolis, Ind: Cisco Press. Park, J. S., & Dicoi, D. (2003). WLAN security: current and future. IEEE Internet Computing, 7(5), 60-65. Santos, O. (2007). End-to-end Network Security: Defense-in-depth. Cisco Press. Silcock, R. (2001). What is e-government. Parliamentary affairs, 54(1), 88-101. William, S. (2006). Cryptography and Network Security, 4/E. Pearson Education India. Yang, T. A., & Zahur, Y. (2005). Security in Wireless Local Area Networks.Ilyas, M. and Ahson, S. Handbook of Wireless Local Area Networks: Applications, Technology, Security, and Standards, 425-446. Bottom of Form Bottom of Form Bottom of Form Bottom of Form Read More