The Basics Of Network Security

Have you ever considered the cost to your business if you have corrupted data? Or no data? What about cost of recreating data and/ or notifying your users in the event of a compromise?

The cost of data validation and security is less than the cost of repair. Now, are you ready to learn more?

Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. Network security is actually a reasonably simple concept. Unplug all your equipment and lock it away in a vault. Presto! Secure. As absurd as it sounds, there is a level of network security that requires similar specifications for compliance.

The exception to the "unplugged" example is that the machines, lacking all connectivity to and from the outside world, are up and running. This level of security is rare and generally reserved for single, special purpose applications where a security breach is not an option.

We want to use our expensive hardware and make good business use of our precious data. Without the ability to get our hands on it or let others see what we have, it all becomes rather pointless.

How do we stay secure and still have total accessibility?

"The unfortunate answer is, you don't. However, you can pick your risks. Once the risks for your network implementation are identified, it becomes a matter of selecting the risks you are willing to or have need to assume", according to Jon Carleton, owner of M I Services, Inc. With that done,"everything non-essential can be locked down and/or turned off and focus may return to specific approaches to mitigate the "necessary risks"."

A variety of computer networks, both public and private, are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Regardless of how large or small the network, security must be in place.

Network security starts with authenticating the user under the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. Proper security involves the authorization of access to data in a network. Since this requires just one detail authenticating the user name - e.g. the password, which is something the user 'knows'- this is sometimes termed one-factor authentication. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan).

Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected or suspicious content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high-level analysis.

Take a simple approach to a network audit. List every connection point or risk to the system, and place in priority order. Then find a line below which the risks are not worthy of your business and close those risks down. Finding that line can be tedious, but sometimes less so when it becomes clear that managing "open risks" has a cost in employee time and possibly equipment. At the end of the day, it becomes a question of how much one is willing to spend on an ongoing basis to allow borderline services as a convenience.

Honeypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot.

This is a similar approach to an ISO 27001 GAP audit. An ISO 27001 is the globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, maintaining and improving a documented ISMS within the context of the organization's overall business risks. It sets forth a risk based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties.

The bottom line is that in order to protect your business and its information, pick your risks and reinforce your infrastructure. If you need help, hire a professional for an evaluation of your network. Consider the risk and reward as in any other segment of your business. Stay safe!


------

Wetcatwebs.com, Inc. is a cutting-edge website design, development and marketing support firm specializing in effective web strategies that produce sales results by delivering a powerful online presence and tremendous exposure. In addition, find out more about network security at =>
http://www.wetcatwebs.com