Network security is a concern of just about any IT professional as well as users of
network resources who depend on security to perform their daily tasks. It can range from
the depths of network security including limiting data access to having contingency plans
in the unforeseen event of disaster. Network security is an important concept for IT
professionals to consider even before implementation of a data network. Conceptual
framework should include disaster aids and recoveries. But just what is network security
and how does it really function in everyday business?
Some define network security, or rather a security issue, as anything that prevents
users from properly performing their daily tasks. When considering what network
security is, it must be understood that the only broad definition of the terminology that
can be given is that network security is a method of addressing breakdowns in the secure
operation of a data network. This can include securing data networks against
unauthorized access on one end. However, at the other end is something IT professionals
often don’t consider until it’s too late. That is contingency plans for disaster aid and
recovery. This is an important aspect of network security as well. Everything that falls
in between is essentially “business as usual.”
Security systems are often multi-faceted so as to address many network security
issues at a time. Currently, the most common methods of accessing a network are via the
Internet, FTP (file transfer protocol), and a telnet session. Most commonly, the first and
sometimes the only level of network security is a firewall that protects a LAN. This
prevents access from being gained to outside sources that should not be accessing a
particular LAN. In order to do this, all communication ports are closed so that the
Ben Schultz Page 1 of 7
firewall restricts access to only responses to network devices that are attempting to
legitimately access the Internet from the inside. However, some traffic is often in need of
access to a network. The access list allows specific type of traffic to pass through a
firewall and allows users with specific security rights to access the LAN or internal
network from an outside network or source. The use of NAT (Network Address
Translation) is common is this area. It forwards ports and port ranges so that they reach a
desired destination node.
Additional tools in the first level of network security are traffic and data monitors.
Often, a firewall is only able to restrict access to legitimate traffic passing out of and into
a data network. However, it is often the case that IT professionals need to make
decisions as to what is actually “legitimate” network traffic. For example, allowing every
individual using a data network to access peer-to-peer file sharing is often a costly
undertaking because P2P takes up an enormous amount of bandwidth and often such
traffic is for luxury and not a necessity. As another example, e-mail may be legitimate
traffic, but SPAM is not. As a result, there has to be resources limiting network resources
and filtering only legitimate or desired traffic into and out of a network. Use of packet
shapers allows, prevents, and restricts certain traffic from entering or leaving a network.
It can place caps on bandwidth and deny or restrict access capabilities of certain traffic.
Additionally, e-mail filters designed to check for SPAM is often a security feature that
allows data networks to be more productive and save on wasted resources. Often, such
filters check the origin of the message and determine whether the sender is valid. They
may perform virus checks as well. Through the use of an e-mail filter at King’s, SPAM
has been reduced by 75%.
Ben Schultz Page 2 of 7
The second and third levels of network security are network and server access,
respectively. Network access refers to the ability of LANs internal to an organization to
be accessed for the use of network resources. Server access refers to the ability of users
on a LAN to access a particular server so as to use its resource. Common examples are
file servers and print servers. Whereas server access is the desired contact of a particular
node on a network, network access is the means by which this is accomplished.
Some other challenges to network security involve not merely unauthorized
access to a particular network but can also exploit, manipulate, and even destroy network
data, whether it be contained on a network resource such as a processing or file server or
an individual’s desktop computer. One such challenge is the virus. The other challenge
is a fairly new concept called spyware.
Perhaps the best definition of the term “virus” is provided by Symantec firm,
which is the maker of the popular Norton suites of virus protection and network security.
It states that a virus is “A computer virus is a small program written to alter the way a
computer operates, without the permission or knowledge of the user.” It can infect
nearly every type of device that in any way stores permanent data, such as a computer
hard disk and provide either unnoticeable, nuisance, or even disastrous consequences.
Indeed, it is the virus that poses one of the most imminent threats to data networks and
end users. Viruses can spread through any type of data medium including removable
disks or discs, but today it most commonly spreads across networks through the use of
the Internet and e-mail. The most common method for protecting against and detecting
the presence of viruses is through the use of Antivirus software as well as patches and
Ben Schultz Page 3 of 7
In addition to viruses, spyware is a common challenge to network security.
Microsoft defines spyware the broadest sense as “a general term used for software that
performs certain behaviors such as advertising, collecting personal information, or
changing the configuration of [a user’s] computer, generally without appropriately
obtaining [the user’s] consent.” Though spyware doesn’t directly cause computers to
malfunction or data to be destroyed or manipulated, it does cause system resource
degradation as well as invade users’ privacy, often without their knowledge or consent. It
is rapidly becoming a major problem across the Internet and lives mostly in the world of
free applications and a host of useful as well as pleasurable web sites. Because it
transmits back to web sites, a number of machines infected with spyware can cause
noticeable reductions in if not wholly degrading effects on network resources and
Of course, it is important to understand all of these concepts regarding network
security. But what is the purpose of such knowledge? It is indeed a fact in network
security that the reason for all this prevention and/or limiting of network access and the
monitoring of data is for one of two reasons. The first is to prevent outside intrusion in
order to protect the integrity of the network and its resources and the other is to optimize
network performance and reach a desired productivity level. At the heart of such issues
is network intrusion and excess traffic for one reason or another.
Intrusion detection is often a method of identifying potential security breaches or
holes in a network’s security services. Those that launch such attacks on networks fall
under three categories, although each of the categories can be harmless all the way to
potentially damaging. A hacker pushes the limits of data networks through attempting to
Ben Schultz Page 4 of 7
gain unauthorized access in order to learn something about data stored on a particular
network. A cracker is a more serious hacker who desires to use or alter data stored on a
particular network for their own personal gain or simply to inflict unwarranted damage
on a business and sometimes its customers. Additionally, a phreaker is a cracker who
utilizes phone systems to do damage to a business.
In any of these cases, network security is compromised in such a way that data
has the potential for being used or manipulated for potentially harmful purposes. As
such, identifying the threat levels of breaches in network security is essential to the
survival of a data network. Such a concept of identifying severity of network security
breaches is called intrusion detection. It is based on a set of rules that distributes
information about a particular breach and transports such information to an analysis tool
so as to allow an IT professional to perform further action.
ACID (Analysis Console for Intrusion Databases) and BASE (Basic Analysis and
Security Engine) are two common tools for recording and reporting on network
intrusions. BASE uses web-based, php scripts to classify intrusions. It presents an alert
that can be accessed via hyperlink to the source of the specific rule that was broken (such
as “snort.org” or “Bug traq”) and provides info about that rule. If applicable, BASE can
provide hyperlinks to fix the problem or more permanently patch it so that it cannot
happen again. An exploit describes how and where to find exploited vulnerabilities to
use against data networks. Solutions are the methods by which the problem is fixed or
As noted previously, IT professionals often take network security at face value
and unfortunately limit themselves to network security insofar as it relates to protecting
Ben Schultz Page 5 of 7
data networks against intrusion and security threats. However, not only are these
important concepts for an IT professional to consider, but so are environmental and
unforeseen factors. Such can include natural disasters as well as unexpected data loss.
Before considering how recovery from such instances such as fire, flood, or server
crashes, it is important to contemplate where the most effective reassembly of vital data
will occur. In any case however, it has been generally accepted that in order for a
business to recover efficiently and without any lost business, revenues, profits, etc.,
recovery should take no longer than one week.
Important environmental factors to consider in implementing a disaster and
recovery plan are the best location of both daily use and backup equipment. It usually
not the case that backup equipment will be located in the same place as that of the main
business if a natural disaster should occur. However, certain backups should be done
onsite as well as distributed to offsite areas as well, some as far as even whole states
away, depending on the vitality of the information stored, as in the recent case of
Florida’s misfortune with repeated hits from hurricanes.
In addition to backup, there are factors in human resources. At least two
individuals should be aware of any network’s security setup as well as the layout of each
of its components, no matter how seemingly trivial. In the event of inconvenience,
serious illness, or even death, this can make all the difference in the world. Such
undistributed knowledge is often a factor in bargaining or even personal injury when an
IT professional has decided to leave a particular business.
Indeed, there are so many important and numerous facets to network security.
Because of such challenges, a network administrator or IT professional must not only be
Ben Schultz Page 6 of 7
informed but must also be savvy in protecting data network by spotting problem areas
quickly and addressing them as soon as possible. It is no doubt that the job of network
administrators and IT professionals will become more demanding as hardware and
software become more capable in more areas. When additional improvements and
enhancements are made to hardware and software, the role of such persons involved in
their secure operation will ultimately become the most important part of an organization.
Ben Schultz Page 7 of 7