Network security refers to all provisions and policies established and adopted to protect any network infrastructure and network resources from being accessed by an unauthorized person (s). The Network administrator is charged with the responsibility of establishing a combination of effective measures aimed at securing the network.
While computer security is aimed at protecting individual personal computers from intrusion by outsiders, network security aims at securing all computers on the network and other shared resources such as scanners, printers, and storage devices attached to the network from being accessed by intruders. In principle, network security aims at stopping attacks at the point of entry before they spread to other peripherals within the network.
Characteristics of a Secure Network
User authentication is the starting point of a secure network. This comes to inform of a passcode, in this case, user name, and a password, which a person is required to provide to get access to the network. The passcodes are used to confirm the identity of the user as a trusted network user. In most cases, the network Administrator generates unique passcodes automatically which are then assigned to users.
Once authentication is successful, the firewall, in form of software or appliances enforces access policies by inspecting all network traffic passing through it to the network. Based on the set of rules or commands, the firewall will permit or denies the passage of traffic. The function of the firewall is to regulate the flow of data between computers on the network based on the levels of trust. An internal network, for example, is a zone of higher trust, compared to the Internet, which is a zone of low or no trust. The firewall prevents the private network from intrusion.
A firewall can be useless if it is not configured properly. To configure a firewall to suit the need of an organization, a clear understanding of network endpoints and configuration is required. All firewalls use a standard security practice known as default-deny which allows all traffic to pass unless they are specifically is blocked. This initial configuration is not enough to guarantee protection. When a firewall is used without proper configuration, it will most likely compromise the whole network system.
Types of Firewalls
Firewalls are classified according to where the communication is taking place, where it’s being intercepted and the state of traffic being traced.
Packet Filters, also known as Network layers operates by not allowing traffic packets to pass through the firewall unless they match all the set rules. The default rules may apply or the network administrator may define the rules. Packet filter firewall is further categorized into a Stateful firewall and Stateless firewall. Stateful firewalls take advantage of the active session and use information derived from that state in speeding up the processing of traffic packets. Any packet that does not match the existing connection is assessed according to the rules set for new connections. Those packets that match existing connections based on comparison with firewall states are allowed to pass without being subjected to further processing.
A stateless firewall is used as a simple filter and requires less memory and less time. These firewalls can not be trusted to make complex decisions based on the communication stage between the host computers. In modern firewalls, traffic is filtered based on various packet attributes such as source internet protocol address, destination IP, source port, destination services like FTP or world wide web (www), and the domain name of the source.
Application Layer Firewalls
This kind of firewall works on the application level of browser traffic, telnet traffic, and FTP traffic. It also intercepts all traffic packets traveling to and from an application. Application firewalls are effective in restricting and preventing the spread of
Trojans and worms by preventing unwanted traffic from reaching protected computers. They perform their functions by blocking and dropping outside packets without informing the sender. Due to the complexity and diversity of application layer firewalls, not many organizations use them as firewalls.
Proxy devices are installed in a general-purpose machine or operated as stand-alone hardware. The proxy acts as a firewall by responding quickly to input packets, and at the same time blocking all other traffic packets. When used as a firewall, a proxy makes it difficult for the internal system to be tampered with. The Proxy is designed to work in a way such that, any misuse or tampering of a specific internal system does not cause a security breach within the entire system. However, intruders may use a system that is accessible to the general public to access the targeted system in the network through internet protocol spoofing.
Intrusion Prevention System
Firewalls are very effective in blocking unauthorized access, but they are not very effective in checking to prevent harmful Malwares that are transmitted over the network. In this case, Intrusion Prevention System (IPS) is used in the detection and prevention of such Malwares and to monitor any suspicious network traffic.
An Intrusion Prevention System is set to operate completely indiscernibly on the network. The IPS does not have a claim over any IP address on the network but is designed to respond swiftly, in real-time to any traffic in different ways like; alert generation, connection reset, packet dropping, and quarantining of intruders. IPS systems also provide deeper insights and information on inappropriate content, overly active host (OAH), bad logins, and much more information. A notable advantage of Intrusion Prevention Systems is the fact that they are designed to operate in line with traffic flow and prevent any attacks in real-time. Most IPS (s) are capable of decoding layer 7 protocols like FTP, SMTP, and HTTP, leading to greater awareness.
Communication encryption between two hosts in the network is another characteristic of a secure network. This is done to maintain privacy. In addition, events occurring within the network are tracked and stored for future audit purposes and high-level analysis. Network Accessible resources decoys, also known as honey pots, are deployed in the network specifically for surveillance and supervision acting as early warning tools. The techniques that intruders and hackers use to attack these decoys are analyzed and studied during and after the attack to come up with better techniques for tightening the security of the actual network from such attacks and monitor new attacks techniques.
Wireless Network Security
With the increased use of wireless networks, there has been an increased need to focus more attention on wireless network security. This has been occasioned by the fact that radio signals can bleed outside the targeted buildings and infrastructures, making physical security arrangements completely irrelevant. Any person within the geographical wireless network zone can detect the traffic and gain unauthorized access to internal network resources. The person may also have access to the internet, send spam and worms, and still have the capability to conduct illegal actions using private networks’ IP addresses.
Modern laptops and other communication devices come with inbuilt wireless networking capability. When the security system within a wireless router is deactivated, it creates a hotspot that is free to such communication devices and laptops. This coupled with the modern Operating System’s ability to easily set a PC to make use of wireless resources makes Wireless network security an urgent issue.
Security Options for Wireless Network
Some of the practical options for securing a wireless network include; Access control, end-to-end encryption, and restricted access networks.
Control at Access Point Level is the simplest technique for securing a wireless network. A network administrator has an option of configuring the Access point to allow access for approved Medium Access Control (MAC) address only. One limitation with this technique is the fact that it does not provide security against sniffing, where intruders spoof MAC addresses. To add to the security measure, a unique secret network name or identity is used as ESSID, although this technique is still open to ESSID sniffing.
Wired Equivalent Privacy (WEP) is incorporated and turned on in modern wireless access routers. This offers improved encryption security although WEP protection can be violated easily using tools that are readily available to the general public. To address this problem, WI-FI protected Access security protocol (WPA & WPA2) have been created although when a weak password is used, the two protocols can be cracked easily.
End to End Encryption
This option makes use of layer 2 and layer 3 encryption methods. To complement the weakness of these encryption methods, SSL, PGP, and SSH technologies are used to provide the solution in authorization and encryption in the application layer. One shortfall of end-to-end encryption is the fact that it fails to cover all traffic.
Restricted Access Networks
In this option, wireless access points are designed to incorporate an in-built router which makes them wireless gateway. As part of restricted access networks, new authentication systems are used to enhance security for wireless networks.
Management of Network Security
Every organization and situation calls for special security network management. A small office/ home office (SOHO) will only require basic security measures while large businesses and government organizations will require advanced hardware and software to manage the network and prevent malicious attacks from spammers and hackers.
For a small office/ home office, a basic firewall, antivirus software, and a unique, complex password are enough to secure the network. For medium businesses, a moderate firewall, antivirus software, internet security software, strong password changed every two weeks, employee security awareness, and a network analyzer will go a long way in securing the network.
For large businesses and government organizations, the following security measures are needed; a strong firewall coupled with a proxy, antivirus, and internet security software, strong authentication password changed regularly, security precaution to all employees, network monitor, Security fencing, CCTV surveillance in restricted area like server rooms, provision of fire extinguishers in sensitive network zones and security guards to safeguard the server rooms and other sensitive areas.
Network security is an important aspect of every organization. Insecure networks, unauthorized access to network resources is prevented. Authentication, firewalls, Intrusion Prevention Systems are some of the most significant components for securing a network. With the increased use of the wireless network, there is a need to continue establishing better techniques to protect the wireless network as the already available measure have weaknesses in one way or the other.
Andrew Lockhart. 2004. Network Security Hacks: 100 Industrial-Strength Tips & Tools, O’Reilly Publishers, New York.
Steven L. Shaffer, Alan R. Simon. 1994. Network Security, AP Professional Publishers Toronto.
William Stallings. 2006. Network Security Essential: Application and Standards, Pearson Prentice Hall Publisher, New Jersey.