24
Mar

What Is Network Security? Types of Network Security

Over the past decade, the world has become more interconnected, with the advancement of new networking technologies. Similarly, our dependency on the Internet has reached an unimaginable level. A huge amount of personal, commercial, and confidential data is stored on either private or openly accessible networks. The significance of this intellectual data reflects the importance of network security in our lives. The probable threats to this data are sometimes not easy to detect or prevent. Conversely, the victims face a tough time in terms of time spent to recover the compromised data and money lost due to financial theft.

Evolution of Internet Security

“Things get worse slowly. People adjust” – David D. Clark, the Internet pioneer who is now working as a Senior Research Scientist at MIT’s Computer Science and Artificial Intelligence Laboratory (referring to the flaw in the network security design of the early Internet) [1]

The need for network security dates back to the late 80s after a flaw in the network design slowly incrementalized its process. It started with the very design of the Internet, open and distributed. It was the time when no one felt the need to control communication among its users and mutual mistrust was out of the picture.

David D. Clark realized that humans tend to ignore existing problems, which often transforms into something even more disastrous. The Morris worm of 1988 wasn’t an intentional threat to the network security of that time. A worm is a standalone malware program capable of replicating itself to expand its reach to other computers while remaining active on the infected system. Well, the developer of the worm, Robert Morris intended to determine the size of the internet by propagating a self-written program across the networks, later infiltrating the Unix terminals with a known bug, and at the end, would duplicate itself through three attack vectors: sendmail, fingerd, and rsh/rexec. Little to his knowledge, the last instruction turned out to be a mistake. The Morris worm replicated itself drastically, damaging thousands of machines and vaporizing millions of dollars into thin air. [2]

Note: The Morris worm is one of the first attack programs to use a dictionary attack.

In the aftermath of the incident, Morris was charged with the first felony of the United States 1986 Computer Fraud and Abuse Act. He was not only sentenced to three years of probation but was fined with $10,050 and 400 hours of community service. Later, DARPA funded CERT/CC at Carnegie Mellon University, which improved the security of numerous software and the Internet. The Morris worm is now considered to be a legend for starting a wave of cyberattacks.

In short, what started with a small online community for a few researchers is now accessible to around 3.2 billion people around the globe. And with that, potential security related threats have also increased dramatically. [3]

After all these years, the cyber world is still facing the same challenge with much greater intensity. In fact, the situation is worsening with each passing year.

What Defines Network Security?

Network security is the process of strategizing a defensive approach to secure your data and resources over the computer network infrastructure against any potential threat or unauthorized access. It uses software as well as hardware technologies to achieve the optimal solution for network defense. [4]

A network is secure only when it possesses the components that constitute the “CIA Triad.”

CIA triad is a distinguished model for the development of network security policies within an organization. It deals with the three crucial areas of security, namely, Confidentiality, Integrity, and Availability.

Types of Network Security

Network security acts as a wall between your network and any malicious activity. This wall will remain penetrable until you opt for the best solution to protect it. The following types of network security help you understand which one suits your organization better than the others (based on your organization’s requirements).

1. Antivirus and Antimalware Software

Before directly hopping on to this type of network security, it’s important to know the basic difference between a “virus” and a “malware.” Virus is a specific term defining a kind of malware which replicates and spreads across the network, whereas malware is an umbrella term used for all kinds of malicious code. Everything including viruses, worms, adware, nagware, Trojans, ransomware, and spyware fall under the category of malware.

So, isn’t an anti-malware software capable of handling viruses, too? Why purchase two different software for a similar threat? These are the basic questions that pop up in your head after knowing the elementary fact. The simple answer to all your questions is as follows:

No technology can cover everything, which implies that software is “a jack of all trades and master of none.”

The anti-malware and antivirus (can detect only viruses, unlike anti-malware) software scan for malware and viruses on entry, it later removes the threat and fixes the damage. First antivirus software programs used signature-based malware detection approach to look for a pattern (referred to as signatures) in network traffic or malicious sequences used by malware. It offered good protection from numerous threats, other than being, fast, easily available, and easy to run.

Note: There are times when anti-malware isn’t equipped to restore a virus infected file.

2. Application Security

The name mentions it all. Application security is software meant to secure the loopholes of your application from the perpetrators. It broadly tracks the procedure of finding your application’s vulnerabilities followed by fixing and preventing them from any cyberattack. It uses software, hardware, and processes to keep your assets intact.

3. Behavioral Analytics

Behavioral Analytics can be defined as the use of software tools to detect a pattern change in the network, which appears out of the norm. The analytics tools catch the anomaly and alert the concerned professional for further action. Behavior-based malware detection systems look for indicators that can flag the elements of a program as unauthentic and eventually announce it to be malware. But this approach is not enough to adequately protect your system and network from malware. Well, combining signature- and behavior-based detection can help you come up with a more protective approach.

4. DLP

Data Loss Prevention (DLP) technology is responsible for securing the communication network of an organization in order to protect its sensitive data. These days, employees of an organization are prohibited to upload, forward, or sometimes to print critical information in an unprotected manner.

5. Email Security

Email gateways are a popular medium for the spread of malware, spams, and mainly phishing attacks. To top it all, social engineering methodologies make these threats appear genuine and sophisticated. An email application security secures the access and data of an email account by blocking incoming attacks and controlling the outbound messages.

6. Endpoint Security

In network security, endpoint security or endpoint protection technology protects a corporate network when accessed from different remote devices. This remote access poses as a potential entry point for security threats.

7. Firewalls

Firewalls monitor the incoming and the outgoing traffic based on a set of predefined rules. It is a barrier that separates trusted networks from untrusted ones. Hardware, software, or both can serve as a firewall.

8. IDS and IPS

Intrusion Detection System (IDS) is a software application that looks for malicious activity or a policy violation over a network or system, whereas Intrusion Prevention System (IPS) is a network threat prevention technology that actively scans network traffic flow to detect potential threats (or vulnerability exploits) and respond to them accordingly.

For simple understanding, IDS is considered to be a monitoring system and IPS as a control system. Both the systems read network packets to compare them with a database dedicated to known threats. But, IDS never acts on its own as it requires a professional to instruct it whereas IPS works according to its ruleset for accepting or rejecting a network packet.

IDS can be classified into two major categories:

  • NIDS

Network Intrusion Detection System (NIDS) is an independent security management method that examines network traffic and monitors several choke points in the network using anti-threat software. In simple words, it acts as an interface between the outside world and the network to be protected.

  • Host-based Intrusion Detection System (HIDS)

Host-based Intrusion Detection System (HIDS) acts as an agent similar to firewalls, antivirus software, and spyware-detection programs on the host system and monitors and analyzes the activities and the state of the host. The sensors used in HIDS usually have a software agent attached with them.

As the definitions suggest, HIDS monitors the specific host-based activities and NIDS analyzes the network traffic. NIDS makes it difficult for the hacker to intrude into the system as NIDS can detect an attack beforehand. On the other hand, HIDS gets to know about the attack only when it has already breached the system. This actually gives an upper hand to NIDS. However, although NIDS can cover broad networks by using scans and probes and HIDS comes into action only after a breach HIDS is still capable of preventing the host from damage. And that is why incorporating both NIDS and HIDS would be the optimal solution to secure your network.

9. Mobile Device Security

All security measures that are designed to protect data, either stored on or transmitted by mobile devices (such as smartphones, laptops, and tablets) fall under the Mobile Device Security type. With IT organizations switching to mobile devices for the support of corporate applications, it is important to control the devices accessing your network.

10. NAC

Network Access Control (NAC) strengthens your network by controlling its access. Not every user is an authorized person to access the network, and by blocking noncompliant endpoint devices, you can save your network against potential security breaches.

11. Network Segmentation

With network segmentation technology, a computer network is classified into subnetworks. Each of these network segments then helps in enforcing easier security policies and it also helps in boosting performance.

12. SIEM

Security Information and Event Management (SIEM) is a combination of Security Information Management (SIM) and Security Event Management (SEM). SIEM products ensure that all relevant information is accumulated in one place for your security staff to identify possible threats and respond to them. Everything including physical and virtual appliances to server software can work as an SIEM product.

13. VPN

The act of encrypting a connection over the Internet from its endpoint to a network is defined as a Virtual Private Network (VPN). This technology allows remote access to secure corporate applications or other resources.

14. Web Security

This network security solution determines the levels of user access, differentiates between authorized and unauthorized users, identifies vulnerabilities of applications, and thus, protects the sensitive data of an organization from being compromised.

15. Wireless Security

With the emergence of the mobile office culture, wireless networks and access points have become another channel for security breaches. Wireless security makes it challenging for any unauthorized access to damage your computer’s data.

Curious to Learn More About Network Security?

EC-Council’s Certified Network Defender training program thoroughly covers network security threats, vulnerabilities, and attacks. The program majorly focuses on network security technologies and operations to help you develop advanced defensive approaches to tackle future security breaches. It is designed based on the NICE framework, which maps to global job roles and responsibilities for system/network administrators. This is a detailed program, which also includes real-time practical sessions, making you the best fit for the professional environment.


Sources

  1. https://www.technologyreview.com/s/405318/the-internet-is-broken/
  2. https://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/?noredirect=on&utm_term=.5edb970b35db
  3. https://en.wikipedia.org/wiki/Global_Internet_usage#/media/File:Internet_users_per_100_inhabitants_ITU.svg
  4. https://www.csoonline.com/article/3285651/what-is-network-security-definition-methods-jobs-and-salaries.html
  5. https://securereading.com/wp-content/uploads/2016/10/Information-security_1_2017.png
Editor's Note:
Reviewed by JoAnne Genevieve Green, Adjunct Professor – Cyber Crimes at the University of Pittsburgh and Dawie Wentzel, Head of Cyber Forensic Investigations at Absa Group Ltd
get certified from ec-council

1 Response

  1. Pingback : Homepage

Write for Us