Network security in itself is a complex topic. There are a few basics that can help you understand what it takes to secure a network from attacks.
In order to understand network security, we need to look at some of the foundations of this topic. True network security is said to have a layered-defense, that is there is no single point of defense. Rather, there are multiple defense strategies that are employed. The common comparison in computer networking is that network defense should be like an onion. You peel away one layer only to find another, and another.
The building blocks of this layered defense can be kept simple at first. As one's skills grow in the area of network security, there are more layers that can be added both in the following areas, as well as newer ones.
Identity
Identity concerns itself with knowing what users and resources are on the network and what rights correspond to them. The outer layer of Identity is the username and password. What rights are assigned to this user is the next layer. In network security, the goal is to assign the least privledge required to each user on the network.
Perimeter Security
Perimeter security deals with the ability to control access to a network's resources and assets. To have a strong perimeter security, one needs to make sure that only legitimate users have access to these assets. The perimeter security of a computer network can be breached through a physical breach (actually sitting down in front of a computer), or through an Internet attack (obtaining access over the Internet). Tools that help secure the perimeter of a computer network are; virus scanners, firewalls, intrusion detection systems, and intrusion prevention systems.
Data Privacy
While some malicious hackers look to illegitimately use the resources on a computer network, some are looking for much more profitable assets. Data theft from computer networks is the number one reason that a network is broken into. Employing encryption technologies is one method used to protect data from prying eyes. This is often the last layer of defense in network security. Even if a malicious attack allowed access to data, the attacker still needs to decrypt the stolen information.
Security Monitoring
No matter how many layers of defense are set up to protect a computer network, monitoring still needs to take place. By watching over a network, a system administrator is able to identify weak points, track trends in attacks, and monitor the overall health of the network.
The following example can show how the layered-defense theory works in protecting a computer network:
A malicious hacker attempts to gain access to a company's network. Layer one - Perimeter Security: the system administrator has closed ports that are commonly used for illegitimate access. The hacker continues and finally works around these closed ports and gains access. Layer two - Identity: since there is a policy in place enforcing strong passwords, the hacker is unable to harness the power of a password cracking program to obtain an administrator or root password. He moves on to obtaining a user account that allows temp workers network access. Layer three - Identity: since this is only a temp worker account, there are few privleges assigned to the account. The hacker cannot upload malware that would allow him repeat access to the network. He does manage to download customer lists. Layer four - Data Privacy: since the lists are encrypted, they are of no use to the hacker. He tries to run the stolen data through different packages to break the encryption but the process is taking too long, so he decides to move on to a network that is less protected.
In real life, it is not often so easy, but this story makes its point. The more layers you employ to protect your computer network, the less likely you are to suffer from a security breach.
