With the increasing number of connected individuals, understanding network security is paramount. This module will familiarize you with various network security methodologies that help protect devices and networks from security threats.
1. Elements of Network Security
Network security is crucial for all computer users to understand. Various threats to network security include phishing, spyware, viruses, spoofing, and malware. This section discusses the elements of network security.
A Network Security Policy (NSP) outlines rules for computer network access, determining how policies are enforced, including data access, passwords, email use, and website access.
For effective network security, the following elements must be present:
- Identity: Accurately identify network users, hosts, applications, services, and resources.
- Perimeter Security: Only authorized users should access the network, controlling access to applications, data, and services.
- Data Privacy: Ensure confidential data is only accessible to authorized users and protected from eavesdropping using tools like tunneling and encryption.
- Security Monitoring: Test and monitor security preparations to identify weaknesses and make necessary corrections.
- Policy Management: Define, distribute, enforce, and audit security policies through browser interfaces as the network grows and becomes more complex.
Check Your Understanding
Test your knowledge of network security aspects by completing this activity. Click here to begin.
2. Network Security Methodologies
Security is paramount in network communication. Network administrators must balance convenience, practicality, and security. Various protocols ensure secure communication:
- Lightweight Directory Access Protocol (LDAP): A group of open protocols for accessing centrally stored information over a network, often referred to as “X.500 Lite.”
- Virtual Private Network (VPN) with Point-to-Point Tunneling Protocol (PPTP): Enables secure data transmission from a local device to a private server by creating a VPN connection across IP-based networks, using strong authentication methods like certificates.
- Layer 2 Tunneling Protocol (L2TP): A standard protocol that carries any Layer 2 data over IP or Layer 3 networks.
- Internet Protocol Security (IPSec): A framework of open standards ensuring private, secure communications over IP networks using cryptographic security services. Each data packet is authenticated and encrypted for secure sessions.
3. Firewalls
A firewall is a network device that grants or rejects network access to traffic flows between an untrusted zone and a trusted zone. It monitors network traffic, granting or rejecting access.
Types of firewalls include:
- Proxy Firewall: Accepts incoming traffic and, if approved, sends information to the destination device. The proxy repackages information with the source address of the proxy server, allowing only one machine to communicate with the outside world.
- Stateful Filtering: The third generation of firewalls, classifying traffic by destination port and monitoring each connection until closed.
- Next Generation Firewalls (NGFWs): Platforms for network security policy enforcement and traffic inspection, developed to address evolving malware sophistication.
When evaluating NGFWs, IT professionals should consider:
- The design of security controls (modular or single pass).
- The impact of enabling all security features.
- The firewall’s ability to scan only relevant threats.
- The ease of managing the firewall.
Understanding network security is crucial as more people connect online. A Network Security Policy (NSP) includes elements like identity, perimeter security, data privacy, security monitoring, and policy management. Authentication and data integrity are key methodologies, and firewalls play a crucial role in managing network access between trusted and untrusted zones.
