Unsophisticated network users are prone to attacks. The nature and level of attacks continues to evolve with time. Network attacks could either be internal or external. However, internal attacks are more lethal than external attacks. Organizations today are dependent on networks in order to facilitate their core business. Today, there is an increased need to access remote sites and mobile workers through virtual private networks (VPNs). This makes information the most essential resource for most organizations. Consequently, tampering with that information could have detrimental effects to organizations as well as governments. This could be complicated by the fact that most organizations have limited network security. As a result, it is necessary to build secure networks. Network security involves protection of both the information and hardware systems that store, transmit and use such information.
Home and personal computers are also vulnerable to attackers these days. This is especially on computers that run Microsoft windows. For PCs that are usually on the internet, attackers can compromise the computer and install Internet Relay Chat. This allows attackers at a remote site to control the bot. Several bots can be combined forming a bot net. The marvellous thing is that botnets can be tracked down and intercepted hence restoring security of a home network (Lockhart, 2007).
Most unauthorized users access networks by entering a unique and password. This can be done to any networked computer. A good means of tackling this can involve locking up the computers networked in a certain place. This makes the computers inaccessible to the attacker. Another means of curbing this involves activating BIOS security (Douligeris & Serpanos, 2007). The user can, therefore, set a unique access name and password for the computer hence minimizing the risk of random access.
Attack on networks occurs on three levels. It takes place through:
Denial of service
Unauthorized manipulation or change of information
Unauthorized access of resources through a network
There are three fundamental network security principles which include integrity, availability, and confidentiality. Confidentiality involves protection against unauthorized disclosure of information. Disclosure could be intentional or unintentional. Unintentional disclosure occurs when incompetent or negligent workers handle information carelessly allowing the information to be accessed by other people.
Integrity alterations occur when there is unauthorized modification of information by users. Again, this could be intentional or unintentional. Integrity could be ensured through maintaining internal and external consistency. Internal consistency involves making sure that the internal data is consistent. For example, if a business has 14 items, then the database should also show 14 items. External consistency involves ensuring that the information laid in the database is coherent with the real world. The database should indicate the same number of items sitting on the shelf.
Availability is maintained by making sure that users (who are authorized) have uninterrupted access to the network system. There are other key things that go hand in hand with the three principles of network security. This includes identification, authentication, accountability and authorization. Identification is essential in maintaining network security and requires having an identifiable logon ID (Cole, 2011).
Authentication is also beneficial in maintaining network security as it enables the system to verify the validity of the user’s claimed identity.
This is made possible via the use of a password for a given user.
Accountability is another key factor in developing a secure network. This involves determination of actions and behavior of a single individual within the system and holding the individual responsible for their actions. Authorization also plays a key role in network security.
This involves allocating privileges to an individual which enables them to access to a computer resource (Cole, 2011).
Design of a network requires the incorporation of principles of data security to make it safe. For example, there is a need for limited access to sender-launched packets. This means that if a packet X is send to user Z, a secure network would have to prevent X from being accessed by other receivers. This can only be done at the design stage of the network system. It is also crucial to encode packets in order to reduce exposure risk. The reason that motivates this is that it is possible packet X could be intercepted by other receivers. A viable means of preventing this is to encrypt the content. If the content, of packet X is encrypted using algorithms known only to the sender as well as the recipient, then unauthorized access is denied.
It should also be possible to inform the sender, on time, when delivery of a packet fails. This enables the sender to develop effective countermeasures in a reasonable time. Therefore, encoding of algorithms should be time conscious. It is essential to develop complex algorithms that would take a long time to break. By the time the algorithm is broken, the packet has already reached its required destination.
Another means of ensuring security of a packet would involve creating multiple copies of a packet which is sent through several routes. This ensures that one of the packets will reach its destination in a timely manner (Ghosh, 2002).
For a networked corporation whereby the computer resources are shared, unique passwords can be assigned for every shared resource. Authorized personnel can only log onto the system by entering the correct password. A server then authenticates the and password combination and may either grant access or deny it depending on the name and password combination entered.
In order to develop the most effective network security, it is necessary to evaluate the following:
What needs to be protected
What the network needs to be protected from
The probability of occurrence of threats
Measures that protect network assets in cost-effective means
There is a wide range of resources that need to be protected from potential attacks. Among them includes equipment (such as routers, switches, firewalls), and intangible resources (such as bandwidth and speed). Other resources that need protection include databases, information servers and end hosts. It is also essential to protect privacy of users and information passing over the network at any given time (Malik, 2003).
Network security entails protection of the network devices as well as information. At the point of entry into a network, there are network “gatekeepers” which entails routers, firewalls, and a switch. In order to protect the router, administrative access may be applied. This entails deciding the ports and interface to be used for administrative connection and the host network on which administration can be performed. It is vital to deny access to those unique locations in a network. It is also vital to ensure that the administration interface is encrypted when left on the internet and possible countermeasures should be ready to prevent hijacking (Douligeris & Serpanos, 2007).
Firewall is the next point of attack after the router. In order to protect the firewall, filters can be used. Firewalls exist when a system interacts with an unsecured network. This usually occurs during internet use. Separation of web servers from database servers through an internet firewall is recommended. A switch is the next target of attack after the firewall. A switch forwards packets to the network. This acts as a protection measure since packet sniffing does not occur within the switched segments (Douligeris & Serpanos, 2007). However, attackers can reconfigure the switching procedure.
In the wake of the threats posed by unscrupulous computer professionals, organizations have come up to develop standards to guide professional conduct in this industry. For example, the Association of Computing Machinery (ACM) has a code of ethics developed for computer professionals. Among the things emphasized by ACM include desisting from using information to harm other people, cultivating honesty and trustworthiness, and making fair decisions that do not discriminate other people. ACM also emphasizes on honoring property rights, respecting the privacy of other people and honoring confidentiality.
Computer professionals have to abide by a code of ethics which guides conduct when handling information and network systems. However, despite the enactment of the code of ethics, malicious attempts to compromise data security is still prevalent today. Governments have also come up to stipulate regulations, which have to be followed. Failure to abide by the regulations is a punishable offence under the civil, criminal and administrative laws. Therefore, it is essential for security professionals to understand how to abide by the government regulations regarding data security. It is also beneficial to abide by the code of ethics which deals with issues regarding the intent and conduct of a professional.
References
Cole, E. (2011). Network Security Bible. New York : John Wiley & Sons.
Douligeris, C., & Serpanos, D. N. (2007). Network Security: Current Status And Future Directions. New York : John Wiley & Sons.
Ghosh, S. (2002). Principles of Secure Network Systems Design. New York : Springer .
Lockhart, A. (2007). Network Security Hacks. Sebastopool, CA: O'Reilly Media, Inc.
Malik, S. (2003). Network Security Principles and Practices. Indianpolis, IN : Cisco Press.
