Network Security by leader6


									                                     Network Security

       Network security is a concern of just about any IT professional as well as users of

network resources who depend on security to perform their daily tasks. It can range from

the depths of network security including limiting data access to having contingency plans

in the unforeseen event of disaster. Network security is an important concept for IT

professionals to consider even before implementation of a data network. Conceptual

framework should include disaster aids and recoveries. But just what is network security

and how does it really function in everyday business?

       Some define network security, or rather a security issue, as anything that prevents

users from properly performing their daily tasks. When considering what network

security is, it must be understood that the only broad definition of the terminology that

can be given is that network security is a method of addressing breakdowns in the secure

operation of a data network. This can include securing data networks against

unauthorized access on one end. However, at the other end is something IT professionals

often don’t consider until it’s too late. That is contingency plans for disaster aid and

recovery. This is an important aspect of network security as well. Everything that falls

in between is essentially “business as usual.”

       Security systems are often multi-faceted so as to address many network security

issues at a time. Currently, the most common methods of accessing a network are via the

Internet, FTP (file transfer protocol), and a telnet session. Most commonly, the first and

sometimes the only level of network security is a firewall that protects a LAN. This

prevents access from being gained to outside sources that should not be accessing a

particular LAN. In order to do this, all communication ports are closed so that the

Ben Schultz                                                                      Page 1 of 7
firewall restricts access to only responses to network devices that are attempting to

legitimately access the Internet from the inside. However, some traffic is often in need of

access to a network. The access list allows specific type of traffic to pass through a

firewall and allows users with specific security rights to access the LAN or internal

network from an outside network or source. The use of NAT (Network Address

Translation) is common is this area. It forwards ports and port ranges so that they reach a

desired destination node.

       Additional tools in the first level of network security are traffic and data monitors.

Often, a firewall is only able to restrict access to legitimate traffic passing out of and into

a data network. However, it is often the case that IT professionals need to make

decisions as to what is actually “legitimate” network traffic. For example, allowing every

individual using a data network to access peer-to-peer file sharing is often a costly

undertaking because P2P takes up an enormous amount of bandwidth and often such

traffic is for luxury and not a necessity. As another example, e-mail may be legitimate

traffic, but SPAM is not. As a result, there has to be resources limiting network resources

and filtering only legitimate or desired traffic into and out of a network. Use of packet

shapers allows, prevents, and restricts certain traffic from entering or leaving a network.

It can place caps on bandwidth and deny or restrict access capabilities of certain traffic.

Additionally, e-mail filters designed to check for SPAM is often a security feature that

allows data networks to be more productive and save on wasted resources. Often, such

filters check the origin of the message and determine whether the sender is valid. They

may perform virus checks as well. Through the use of an e-mail filter at King’s, SPAM

has been reduced by 75%.

Ben Schultz                                                                        Page 2 of 7
       The second and third levels of network security are network and server access,

respectively. Network access refers to the ability of LANs internal to an organization to

be accessed for the use of network resources. Server access refers to the ability of users

on a LAN to access a particular server so as to use its resource. Common examples are

file servers and print servers. Whereas server access is the desired contact of a particular

node on a network, network access is the means by which this is accomplished.

       Some other challenges to network security involve not merely unauthorized

access to a particular network but can also exploit, manipulate, and even destroy network

data, whether it be contained on a network resource such as a processing or file server or

an individual’s desktop computer. One such challenge is the virus. The other challenge

is a fairly new concept called spyware.

       Perhaps the best definition of the term “virus” is provided by Symantec firm,

which is the maker of the popular Norton suites of virus protection and network security.

It states that a virus is “A computer virus is a small program written to alter the way a

computer operates, without the permission or knowledge of the user.” It can infect

nearly every type of device that in any way stores permanent data, such as a computer

hard disk and provide either unnoticeable, nuisance, or even disastrous consequences.

Indeed, it is the virus that poses one of the most imminent threats to data networks and

end users. Viruses can spread through any type of data medium including removable

disks or discs, but today it most commonly spreads across networks through the use of

the Internet and e-mail. The most common method for protecting against and detecting

the presence of viruses is through the use of Antivirus software as well as patches and

personal firewalls.

Ben Schultz                                                                      Page 3 of 7
       In addition to viruses, spyware is a common challenge to network security.

Microsoft defines spyware the broadest sense as “a general term used for software that

performs certain behaviors such as advertising, collecting personal information, or

changing the configuration of [a user’s] computer, generally without appropriately

obtaining [the user’s] consent.” Though spyware doesn’t directly cause computers to

malfunction or data to be destroyed or manipulated, it does cause system resource

degradation as well as invade users’ privacy, often without their knowledge or consent. It

is rapidly becoming a major problem across the Internet and lives mostly in the world of

free applications and a host of useful as well as pleasurable web sites. Because it

transmits back to web sites, a number of machines infected with spyware can cause

noticeable reductions in if not wholly degrading effects on network resources and


       Of course, it is important to understand all of these concepts regarding network

security. But what is the purpose of such knowledge? It is indeed a fact in network

security that the reason for all this prevention and/or limiting of network access and the

monitoring of data is for one of two reasons. The first is to prevent outside intrusion in

order to protect the integrity of the network and its resources and the other is to optimize

network performance and reach a desired productivity level. At the heart of such issues

is network intrusion and excess traffic for one reason or another.

       Intrusion detection is often a method of identifying potential security breaches or

holes in a network’s security services. Those that launch such attacks on networks fall

under three categories, although each of the categories can be harmless all the way to

potentially damaging. A hacker pushes the limits of data networks through attempting to

Ben Schultz                                                                      Page 4 of 7
gain unauthorized access in order to learn something about data stored on a particular

network. A cracker is a more serious hacker who desires to use or alter data stored on a

particular network for their own personal gain or simply to inflict unwarranted damage

on a business and sometimes its customers. Additionally, a phreaker is a cracker who

utilizes phone systems to do damage to a business.

       In any of these cases, network security is compromised in such a way that data

has the potential for being used or manipulated for potentially harmful purposes. As

such, identifying the threat levels of breaches in network security is essential to the

survival of a data network. Such a concept of identifying severity of network security

breaches is called intrusion detection. It is based on a set of rules that distributes

information about a particular breach and transports such information to an analysis tool

so as to allow an IT professional to perform further action.

       ACID (Analysis Console for Intrusion Databases) and BASE (Basic Analysis and

Security Engine) are two common tools for recording and reporting on network

intrusions. BASE uses web-based, php scripts to classify intrusions. It presents an alert

that can be accessed via hyperlink to the source of the specific rule that was broken (such

as “” or “Bug traq”) and provides info about that rule. If applicable, BASE can

provide hyperlinks to fix the problem or more permanently patch it so that it cannot

happen again. An exploit describes how and where to find exploited vulnerabilities to

use against data networks. Solutions are the methods by which the problem is fixed or


       As noted previously, IT professionals often take network security at face value

and unfortunately limit themselves to network security insofar as it relates to protecting

Ben Schultz                                                                        Page 5 of 7
data networks against intrusion and security threats. However, not only are these

important concepts for an IT professional to consider, but so are environmental and

unforeseen factors. Such can include natural disasters as well as unexpected data loss.

       Before considering how recovery from such instances such as fire, flood, or server

crashes, it is important to contemplate where the most effective reassembly of vital data

will occur. In any case however, it has been generally accepted that in order for a

business to recover efficiently and without any lost business, revenues, profits, etc.,

recovery should take no longer than one week.

       Important environmental factors to consider in implementing a disaster and

recovery plan are the best location of both daily use and backup equipment. It usually

not the case that backup equipment will be located in the same place as that of the main

business if a natural disaster should occur. However, certain backups should be done

onsite as well as distributed to offsite areas as well, some as far as even whole states

away, depending on the vitality of the information stored, as in the recent case of

Florida’s misfortune with repeated hits from hurricanes.

       In addition to backup, there are factors in human resources. At least two

individuals should be aware of any network’s security setup as well as the layout of each

of its components, no matter how seemingly trivial. In the event of inconvenience,

serious illness, or even death, this can make all the difference in the world. Such

undistributed knowledge is often a factor in bargaining or even personal injury when an

IT professional has decided to leave a particular business.

       Indeed, there are so many important and numerous facets to network security.

Because of such challenges, a network administrator or IT professional must not only be

Ben Schultz                                                                      Page 6 of 7
informed but must also be savvy in protecting data network by spotting problem areas

quickly and addressing them as soon as possible. It is no doubt that the job of network

administrators and IT professionals will become more demanding as hardware and

software become more capable in more areas. When additional improvements and

enhancements are made to hardware and software, the role of such persons involved in

their secure operation will ultimately become the most important part of an organization.

Ben Schultz                                                                   Page 7 of 7

To top