The Internet has evolved from a tightly controlled internetwork of educational and government organizations to a widely accessible means for transmission of business and personal communications. As a result, the security requirements of the network have changed. The network infrastructure, services, and the data contained on network attached devices are crucial personal and business assets. Compromising the integrity of these assets could have serious consequences, such as:
- Network outages that prevent communications and transactions from occurring, with consequent loss of business
- Intellectual property (research ideas, patents, or designs) that is stolen and used by a competitor
- Personal or private information that is compromised or made public without the users consent
- Misdirection and loss of personal or business funds
- Loss of important data that takes a significant labor to replace, or is irreplaceable
There are two types of network security concerns that must be addressed: network infrastructure security and information security.
Securing a network infrastructure includes the physical securing of devices that provide network connectivity, and preventing unauthorized access to the management software that resides on them.
Information security refers to protecting the information contained within the packets being transmitted over the network and the information stored on network attached devices. Security measures taken in a network should:
- Prevent unauthorized disclosure
- Prevent theft of information (Figure 1)
- Prevent unauthorized modification of information
- Prevent Denial of Service (DoS)
In order to achieve the goals of network security, there are three primary requirements, as shown in Figure 2:
- Ensuring confidentiality - Data confidentiality means that only the intended and authorized recipients - individuals, processes, or devices – can access and read data. This is accomplished by having a strong system for user authentication, enforcing passwords that are difficult to guess, and requiring users to change them frequently. Encrypting data, so that only the intended recipient can read it, is also part of confidentiality.
- Maintaining communication integrity - Data integrity means having the assurance that the information has not been altered in transmission, from origin to destination. Data integrity can be compromised when information has been corrupted - willfully or accidentally. Data integrity is made possible by requiring validation of the sender as well as using mechanisms to validate that the packet has not changed during transmission.
- Ensuring availability - Availability means having the assurance of timely and reliable access to data services for authorized users. Network firewall devices, along with desktop and server antivirus software can ensure system reliability and the robustness to detect, repel, and cope with such attacks. Building fully redundant network infrastructures, with few single points of failure, can reduce the impact of these threats.