Friday, July 22, 2011

Network Security Essentials


In a perfect world, probably you just install some security hardware and software to protect your business network. In the real world, you would be frustrated you think you have taken the necessary precautions but you don’t make too much of a scene when the inevitable business security breach occurs. Understanding network security essentials will help protect the business network against any security breaches.
There is more to Network security essentials than technology; real network security requires understanding the inherent people and corporate policy issues as well. Therefore corporate realize the need of developing the management of information security that must be enforced to the workforce.
According to Cisco there are three network security essentials issue that face a corporate network today:
  1. Security is not just a technology problem. Many researches found that administrators and users are the cause of many of the security problems that corporations face today.
  2. Network administrators tend to buy technology from a random advertisement they happen to read in a networking magazine or networking websites. Actually spending money at the corporate security problems might not be a good solution. Predictably, many vendors would absolutely love it if they could succeed in making you believe otherwise.
  3. Many organizations lack of well-defined network security policy even some corporations don’t even have security policy. Even if they have such kind of security policy, each department has created their own security policy independently of the others. This is highly ineffective because it creates a myriad of security holes, leaving the network wide open to attacks in a number of places.
An effective network security policy involves a strategic combination of both hardware implementation and a proper information security management.
Speaking about network security essentials, there are four primary threats to network security that define the type of attacker you could be dealing with some day:
Unstructured threats
Probably your users have downloaded information from the internet and want to feel the sense of power this provides them. They don’t know that some of them commonly referred to as Script Kiddies—can be pretty nasty, but most of them are just doing it for the rush and for bragging rights. This is categorized as unstructured threats which typically originate from those curious users. They’re untalented, inexperienced hackers, and they’re really just motivated by the thrill of seeing what they can do.
Structured threats
Hackers who create structured threats are much more sophisticated than Script Kiddies. They are technically competent and calculating in their work, they usually understand network system design, and they are well versed in how to exploit routing and network vulnerabilities. They can and often do create hacking scripts that allow them to penetrate deep into a network’s systems at will. They tend to be repeat offenders. Both structured and unstructured threats typically come from the Internet.
External threats
External threats typically come from people on the Internet or from someone who has found a hole in your network from the outside. These serious threats have become ubiquitous in the last 10 to 15 years, during which time most companies began to show their presence on the Internet. External threats generally make their insidious way into your network via the Internet or via a dial-up server, where they try to gain access to your computer systems or network.
Internal threats
Internal threats come from users on your network, typically employees. These are probably the scariest of all threats because they’re extremely tough to both catch and stop.
And because these hackers are authorized to be on the network, they can do some serious damage in less time because they’re already in and they know their way around. Plus, the profile of an internal threat is that of the disgruntled, angry, and vengeful former or current employee, or even a contractor who wants nothing more than to cause some real pain and suffering! Although most users know this type of activity is illegal, some users also know it’s fairly easy to cause a lot of damage—fast—and that they have a shake at getting away with it. That can be a huge, irresistible temptation to those with the right modus operandi or the wrong temperament!
Suggested readings: