First let’s start with a diagram of possible IO threats.
Securing a network involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Many external network security threats today are spread over the Internet. The most common external threats to networks include:
- Viruses, worms, and Trojan horses – malicious software and arbitrary code running on a user device
- Spyware and adware – software installed on a user device that secretly collects information about the user
- Zero-day attacks, also called zero-hour attacks – an attack that occurs on the first day that a vulnerability becomes known
- Hacker attacks – an attack by a knowledgeable person to user devices or network resources
- Denial of service attacks – attacks designed to slow or crash applications and processes on a network device
- Data interception and theft – an attack to capture private information from an organization’s network
- Identity theft – an attack to steal the login credentials of a user in order to access private data
It is equally important to consider internal threats. There have been many studies that show that the most common data breaches happen because of internal users of the network. This can be attributed to lost or stolen devices, accidental misuse by employees, and in the business environment, even malicious employees. With the evolving BYOD strategies, corporate data is much more vulnerable. Therefore, when developing a security policy, it is important to address both external and internal security threats.
So .. What are the security solutions to all these threats?
No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution. If one security component fails to identify and protect the network, others still stand.
A home network security implementation is usually rather basic. It is generally implemented on the connecting host devices, as well as at the point of connection to the Internet, and can even rely on contracted services from the ISP.
In contrast the network security implementation for a corporate network usually consists of many components built into the network to monitor and filter traffic. Ideally, all components work together, which minimizes maintenance and improves security.
Network security components for a home or small office network should include, at a minimum:
- Antivirus and antispyware – to protect user devices from malicious software
- Firewall filtering – to block unauthorized access to the network. This may include a host-based firewall system that is implemented to prevent unauthorized access to the host device, or a basic filtering service on the home router to prevent unauthorized access from the outside world into the network.
In addition to the above, larger networks and corporate networks often have other security requirements:
- Dedicated firewall systems – to provide more advanced firewall capability that can filter large amounts of traffic with more granularity
- Access control lists (ACL) – to further filter access and traffic forwarding
- Intrusion prevention systems (IPS) – to identify fast-spreading threats, such as zero-day or zero-hour attacks
- Virtual private networks (VPN) – to provide secure access to remote workersSo let’s summarize ..Networks must be reliable. This means the network must be fault tolerant, scalable, provide quality of service, and ensure security of the information and resources on the network. Network security is an integral part of computer networking, regardless of whether the network is limited to a home environment with a single connection to the Internet, or as large as a corporation with thousands of users. No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution.
The network infrastructure can vary greatly in terms of size, number of users, and number and types of services that are supported on it. The network infrastructure must grow and adjust to support the way the network is used. The routing and switching platform is the foundation of any network infrastructure.