Computer Science
Network Security
Network security involves the protection of networks and their data from unauthorized access, misuse, or disruption. It encompasses various measures such as firewalls, encryption, intrusion detection systems, and virtual private networks to safeguard the integrity, confidentiality, and availability of network resources. This field is crucial in ensuring the secure and reliable operation of computer networks.
Written by Perlego with AI-assistance
Related key terms
1 of 5
10 Key excerpts on "Network Security"
eBook - PDF- Eric Cole, Ronald L. Krutz, James Conley, Brian Reisman, Mitch Ruebush, Dieter Gollmann, Rachelle Reese(Authors)
- 2012(Publication Date)
- Wiley(Publisher)
The chapter concludes with an introduction to security policies and procedures. 1.1 Importance of Computer and Network Security Computer security involves implementing measures to secure a single com- puter. When securing a single computer, you are concerned with protecting the resources stored on that computer and protecting that computer from threats. Network Security involves protecting all the resources on a network from threats. You must consider not only the computers on the network, but other network devices, network transmission media, and the data being transmitted across the network. In this section, you will learn to appreciate the importance of computer and Network Security by looking at a few examples of attacks that could occur. These examples should get you thinking about what could happen if computer and Network Security is not implemented. We’ll also define security as it will be used in the context of this book. 1.1.1 Exposing Secrets The more wired our society becomes, the more our confidential data is subject to being discovered by those who will use it maliciously or for their own ben- efit. For example, in the spring of 2005, hackers discovered the password to Paris Hilton’s T-Mobile © Sidekick © and published her address book and other personal information on the Internet. Think about the vulnerability of the data you store on your cell phone or on your personal digital assistant (PDA). Do you use passwords that are hard to guess to protect it? Similar confidentiality concerns are raised by the use of credit cards to make purchases over the Internet. Figure 1-1 illustrates two potential attacks on your private financial data. The basic Internet protocols provide no confidentiality protection, so parties located between customer and merchant could capture credit card numbers and use them later for fraudulent purchases. Secure Sockets Layer (SSL) was developed
- Cajetan M. Akujuobi, Matthew N.O. Sadiku(Authors)
- 2007(Publication Date)
- Chapman and Hall/CRC(Publisher)
341 17 Network Security A successful man is one who makes more money than his wife can spend. A successful woman is one who can find such a man. —Lana Turner We use computer networks for everything from banking and investing online to communicating with others through email or chat programs. Due to the value of information on these networks, it has become a lucrative target for unauthorized users or criminals. To protect both the network and the information on it, network managers must consider taking some security measures. Security measures help you to stop unauthorized users from accessing any part of your computer network. As more and more people become “wired” or “connected” and the world becomes more tightly interconnected, Network Security becomes more important. Network Security is the process of preventing and detecting unauthorized use of your network. We begin this chapter by looking at the Network Security requirements. We then discuss the types and sources of threats there are against computer networks. We go on to consider access control methods, cryptography, firewalls, intrusion detection, and security standards. 17.1 SECURITY REQUIREMENTS Security is an important issue for networks for at least two reasons. First, informa-tion that resides on the networks is increasingly being used for education, commerce, health care, national defense, and many other endeavors. Such information may be security sensitive (e.g., tactical military information). Second, whether a computer is used at home, university, business, or government agency, if it is connected via a network to other computers, its resources are at risk. A network-connected computer can reach tens of millions of users in every part of the globe. The vast connectivity poses monumental risks. Since anyone can reach out to the network, almost anyone can reach in.
eBook - PDF- Rob Cameron(Author)
- 2004(Publication Date)
- Syngress(Publisher)
■ Physical security , in which we must build and include physical access systems and coordinate them with our network access systems. ■ Trusted users, who become an important cog in maintaining the integrity of our security efforts. Common Information Security Concepts A generic dictionary definition of security (taken from the American Heritage Dictionary) is, “freedom from risk or danger; safety.”This definition is perhaps a little misleading when it comes to computer and networking security, because it implies a degree of protection that is inherently impossible to achieve in the modern connectivity-oriented computing environment. For this reason, the same dictionary provides another definition specific to computer science: “The level to which a program or device is safe from unautho-rized use” (emphasis added). Implicit in this definition is the caveat that the objectives of security and accessibility—the two top priorities on the minds of many network administrators—are, by their very nature, diametrically opposed. The more accessible your data, the less secure it is. Likewise, the more tightly you www.syngress.com Networking, Security, and the Firewall • Chapter 1 21 secure your data, the more you impede accessibility.Any security plan is an attempt to strike the proper balance between the two. Defining Information Security Over the last couple of decades, many companies began to realize that their most valuable assets were not only their buildings or factories, but also the intellectual property and other information that flowed internally as well as outwardly to suppliers and customers. Company managers, used to dealing with risk in their business activities, started to think about what might happen if their key business information fell into the wrong hands, perhaps a competitor’s. For a while, this risk was not too large, due to how and where that informa-tion was stored.
eBook - PDF- Lee Chao(Author)
- 2009(Publication Date)
- CRC Press(Publisher)
Once a computer is connected to a network, especially the public Internet, the computer itself and communication with other computers become vulnerable to hackers and computer viruses. 9.2.1 Network Security Policies Damage caused by a hacker attack or virus infection can be very harmful to an organization’s computing environment. Because most hacker attacks and virus infections are through net-works, protecting the networks is the first priority. A network system is a complicated system that consists of network devices, operating systems, application software, network protocols, and so on. Developing a Network Security solution requires knowledge of various areas such as user and computer authentication, data encryption, network service configuration, network protocol security, and so forth. Therefore, we need to plan carefully before we can physically implement a solution for Network Security. Later, various security measures will be introduced to strengthen the security of networks and computers. To decide when, where, and how to implement these security measures, well-defined security policies should be developed. Security policies identify security threats and regulate network activities. The objectives of security policies are as follows: Identifying potential security vulnerabilities ◾ Identifying what to protect and setting priorities for security protection ◾ Resolving the conflict between the user’s needs and security requirements ◾ Detailing the rules for confidentiality and the rules for auditing ◾ Defining the scope of access ◾ Specifying the responsibilities of users and the security management team members ◾ Identifying the security measures to be used ◾ Identifying the knowledge and technology needed for implementing the security measures ◾ Identifying the software and hardware needed for network protection ◾ Budgeting the cost for implementing the security measures ◾
- Thomas W Shinder(Author)
- 2011(Publication Date)
- Syngress(Publisher)
N OTE This chapter focuses on generic computer and Internet security concepts and how to develop a comprehensive security plan for your organization. The rest of this book will discuss how ISA Server fits into that security plan. Security Overview The term computer security encompasses many related, yet separate, topics. These can be stated as security objectives , and include: ■ Control of physical accessibility to the computer(s) and/or network ■ Prevention of accidental erasure, modification or compromise of data ■ Detection and prevention of intentional internal security breaches ■ Detection and prevention of unauthorized external intrusions (hacking) Network Security solutions are loosely divided into three categories: hardware, software and human . In this chapter, we will provide an overview of basic security concepts. Then, we will examine the four security objectives and look at each of the three categories of security solutions. Defining Basic Security Concepts A generic definition of security is “freedom from risk or danger; safety” (The American Heritage Dictionary). Network Security Basics • Chapter 1 3 www.syngress.com This definition is perhaps a little misleading when it comes to computer and networking security, as it implies a degree of protection that is inherently impossible in the modern connectivity-oriented computing environment. This is why the same dictionary provides another definition specific to computer science: “The level to which a program or device is safe from unauthorized use [emphasis added].” Implicit in this definition is the caveat that the objectives of security and accessibility – the two top priorities on the minds of many network administrators – are, by their very natures, diametrically opposed. The more accessible your data is, the less secure it is. Likewise, the more tightly you secure it, the more you impede accessibility. Any security plan is an attempt to strike the proper balance between the two.
- Syngress(Author)
- 2002(Publication Date)
- Syngress(Publisher)
Knowledge will make you, the investigator, powerful, too—and better able to track down and prosecute unauthorized intruders and attackers. Applying Security Planning Basics Securing a company’s electronic assets from cybercriminals must involve much more than the IT department; it must involve the entire organization—just as a community policing effort, to be effective, must involve the police department as a whole and not just an isolated “community service division.” For cyberinvesti-gators to understand the security planning and implementation process, they need to start at the beginning, with the very basics of computer security.The following sections illustrate how some of the most basic tenets of traditional security can be applied to the context of computer networking. Defining Security A generic dictionary definition of security (taken from the American Heritage Dictionary ) is “freedom from risk or danger; safety.”This definition is perhaps a little misleading when it comes to computer and networking security, because it implies a degree of protection that is inherently impossible in the modern connectivity-oriented computing environment. This is why the same dictionary provides another definition, specific to com-puter science: “The level to which a program or device is safe from unauthorized use” [emphasis added]. Implicit in this definition is the caveat that the objectives of security and accessibility —the two top priorities on the minds of many network administrators—are, by their very natures, diametrically opposed.The more acces-sible the data, the less secure it is. Likewise, the more tightly you secure the data, the more you impede accessibility.Any security plan is an attempt to strike the proper balance between the two objectives. The first step is to determine what needs to be protected, and to what degree.
eBook - PDF- Greg Tomsho(Author)
- 2019(Publication Date)
- Cengage Learning EMEA(Publisher)
Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. CHAPTER 9 Introduction to Network Security 478 administrators to control who has access to the network (authentication) and what users can do after they’re logged on to the network (authorization). A number of authentication protocols can be used, such as Kerberos, RADIUS, and EAP. Authorization includes restricting logon hours and locations and setting file access permissions. • Many network administrators use encryption technologies to safeguard data as it travels across the Internet and even within a company network. This security measure prevents people from using eavesdropping technology, such as a protocol analyzer, to capture packets and use data in them for malicious purposes. • VPNs are an important aspect of Network Security because they secure remote access to a private network via the Internet. • Wireless security involves configuring a wireless network’s SSID correctly, configuring and using wireless security protocols (such as WPA2 and WPA), and using MAC address filtering. • To protect against threats from external networks, you can deploy specialized devices on the network perimeter: firewalls, IDSs, and IPSs. A firewall is a hardware device or software program that inspects packets going into or out of a network or computer, and then discards or forwards these packets based on a set of rules. An intrusion detection system monitors network traffic for malicious packets or traffic patterns and reports identified security breaches to a management station. An intrusion prevention system can take countermeasures if an attack is in progress. • Malware encompasses viruses, worms, Trojan horses, rootkits, and spyware. Malware protection should be a required element on every computer and network.
No longer available |Learn moreData Communications and Computer Networks
A Business User's Approach
- Curt White, , , (Authors)
- 2021(Publication Date)
- Cengage Learning EMEA(Publisher)
It allows us to download Web pages from Europe and Asia and order toys for the kids (or ourselves) from electronic stores, but it also exposes all Internet-attached systems to invasion. And the reality is that there are certain Internet users who have a single goal in mind: to access forbidden systems and steal or destroy anything they can get their “ hands ” on. Internet systems are not the only systems that experience security problems. Any system with wireless capabilities is also open to vandalism, just as any corpo-rate office center or educational facility is a potential target for someone wishing to walk in and steal or destroy computer files. Even building a 30-foot wall and a moat around your company and severing all connections to the outside world will not create a secure environment. In fact, many studies show that a majority of business thefts are committed by the employees working at the company. Car-rying a flash drive home in a pocket is a very convenient (and easy) way to remove data files from a corporate computer network. In today ’ s environment, managing computer Network Security is an all-encompassing, never-ending job. This chapter ’ s discussion of Network Security begins by examining the standard system attacks that are launched against computer users and their networks. We will then examine four basic areas of Network Security: implement-ing physical protection of computer networks and equipment, controlling access to computer systems, securing data, and securing communications. The chapter will then conclude with the basic principles of creating a Network Security policy. COMMON SYSTEM ATTACKS As a result of the large number of attacks on computers and networks in recent years, many studies have been performed to try to determine the standard meth-ods of system attacks.
- Nong Ye, Teresa Wu(Authors)
- 2014(Publication Date)
- CRC Press(Publisher)
For example, there may be a political motive for a massive destruction of computer and network assets at a national level, a financial motive for gathering and stealing information at a corporate level, and a personal motive for a technical challenge to gain access to a computer and network system. Objectives can vary from gathering or stealing information to gaining access, disrupting or denying ser-vice, and modifying or deleting data. In general, a threat can come internally or externally. An internal threat or insider threat comes from an attacker who has access rights but abuses them. An external threat comes from an attacker who is not authorized to access a computer 429 Computer and Network Security and network system. An attacker can have no sophisticated skills and little resources but can simply execute a downloaded attack script. Nation- or organization-sponsored attacks can use sophisticated skills and knowledge about computers and networks with unlimited resources. Section 22.2 describes various types of cyber attacks to illustrate various means of producing security threats. A security threat exploiting a vulnerability of a computer and network system produces impacts on computer and network assets. There are three types of assets on a computer and network system: resources, processes, and users. A user calls for a process, which requests and receives service from a resource. There are processing resources (e.g., CPU, processes, and threads), storage resources (e.g., memory, hard drive, and files), and com-munication resources (e.g., network interface and ports) on a computer and network sys-tem at the hardware level and the software level. A resource has a certain state at a given time. For computer and Network Security, we are concerned mainly with the availability, confidentiality, and integrity aspects of a resource state. The availability state of a resource indicates how much of the resource is available to serve a process.
eBook - PDF- James Joshi(Author)
- 2008(Publication Date)
- Morgan Kaufmann(Publisher)
1 Computer networks are typically a shared resource used by many applications representing different interests. The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportu-nistic criminals. Unless security measures are taken, a network conversation or a distributed application may be compromised by an adversary. Consider some threats to secure use of, for example, the World Wide Web. Suppose you are a customer using a credit card to order an item from a website. An obvious threat is that an adversary would eavesdrop on your network commu-nication, reading your messages to obtain your credit card information. How might that eavesdropping be accomplished? It is trivial on a broadcast network such as an Ethernet, where any node can be configured to receive all the message traffic on that network. Wireless communication can be monitored without any physi-cal connection. More elaborate approaches include wiretapping and planting spy software on any of the chain of nodes involved. Only in the most extreme cases, such as national security, are serious measures taken to prevent such monitoring, and the Internet is not one of those cases. It is possible and practical, however, to encrypt messages so as to prevent an adversary from understanding the message contents. A protocol that does so is said to provide confidentiality . Taking the concept a step further, concealing the quantity or destination of communication is called traffic confidentiality —because merely knowing how much communica-tion is going where can be useful to an adversary in some situations. Even with confidentiality there still remain threats for the website customer. An adversary who can’t read the contents of your encrypted message might still be able to change a few bits in it, resulting in a valid order for, say, a completely different item or perhaps 1,000 units of the item.
Index pages curate the most relevant extracts from our library of academic textbooks. They’ve been created using an in-house natural language model (NLM), each adding context and meaning to key research topics.
