Communication to and from devices essentially happens via networks. That network can be private (within an organization) or public (via the Internet). Between the sender of a message and the receiver are a multitude of factors like VPNs, routers, gateways, and the communication channel itself. All of these factors are vulnerable to cyber attackers looking to either snoop the messages for themselves or inject their own malicious ‘packets’. That is why network security proves to be a very pertinent part of your overall cyber security.
In a nutshell, network security is the practice of setting up strict rules and configurations in your network that block unauthorized access to your files and communication.
As technology achieves mind-boggling communication speeds, network architecture becomes more and more complex. The environments in which devices communicate are ever-changing, forcing businesses to adapt fast or fall prey to network threats. As a business-owner, it will likely feel like a daunting task to keep abreast of all these dizzying changes.
That’s why we are going to make it easy for you. In this blog, we will go over components of a basic network, some common network security threats, and types of network security devices you can procure.
Components of a Simple Network
There are both hardware and software components to a network. The components we are about to see form up a basic computer network. The more complex the need, the more complex the architecture of these components.
Servers are high-end, specialized computers that provide and manage resources needed by a network. A network operating system is installed on the server machine, which allows users to interact with the network resources. Generally, there will be designated servers for each basic need. For instance, there are file servers, database servers, print servers etc.
In a big network, there are server farms, which are collections of servers that facilitate high uptime and redundancy in case of a server failure. This is known as HA/FT (High Availability / Fault Tolerance). The more servers you bring in to make your network stronger, the more ‘surface’ you add to your network security fabric.
Clients are the counter-parts to servers. Clients are devices that request network resources from the server. The servers service client requests to facilitate communication.
Clients need not be high-end or as powerful as servers. Unlike servers, they can serve multiple purposes. Client devices are often targeted by network security threats.
Peers are computers that act as both servers and clients. A peer can talk to and request network request from any other peer in the network workgroup.
Transmission media are the network communication channels that transfer data from one device to another. Transmission media may be guided media (wired) like coaxial cables, fibre optic cables etc or unguided media (wireless) like micro-waves, infra-red waves etc.
These are the middleware between networks or between computers in a network. They facilitate inter-network communication or inter-communication within a network. Routers, hubs, repeaters, and gateways are some examples of connecting devices.
Networking Operating System
Network OS is typically installed in servers. It enables devices in a network to share network resources. Unlike other OS, a Network OS does not have a whole bunch of functions it can perform, being limited in its scope.
With such a wide variety of devices communicating in a network, there needs to be some universal method using which these disparate systems can talk and understand each other.
A protocol dictates rules or guideline for communication. A protocol suite is a set of related protocols that all computer networks have to follow. The two popular protocol suites are −
a. OSI Model (Open System Interconnections)
b. TCP / IP Model
You need not know the internal working of any of these components deeply. The above overview will be enough for you to understand how many different security threat points can exist.
Basic Network Security Threats You Should Know
A virus is a malicious program that is installed on victims’ machines without their knowing. On entering a system, a virus latches onto a program and are triggered when that program that executes. Viruses typically aim to corrupt files, steal sensitive data, and/or overload a system’s resources to the point it can’t function. Viruses spread via phishing emails, or transferring files via untrusted USBs. They need manual triggers like opening a phishing attachment or clicking on a fake link.
A worm is a type of virus that enters a system through the gaps in a network security. They don’t piggyback on another application and can self-sustain. The dangerous thing about worms is that they can self-replicate. Worms corrupt files and once their damage is done, leave by creating backdoor accounts for other malware to enter the system.
A trojan horse is a disguised bit of malicious code that looks like perfectly harmless, valid programs. Once you install and run a trojan horse program, it activates and gives remote access to a hacker, who then has total invisible control over your system.
Your databases are possibly the most sensitive data you will have to protect. An SQL injection is a web security threat that can add parameters or tamper with a query an application makes to its database. For example, an SQL injection can fetch data not needed by the application or change a create query with a delete query thereby wiping out valuable information.
DoS / DDos Attacks
Every network request between a client and a server or two peers ‘costs’ certain network resources that are finite to begin with. A Denial-of-Service attack makes network requests by the bulk, thereby overloading the network until it fails. A simple DoS attack uses one computer that runs a batch file which fires rapid requests. Because spam control became popular and could stop most DoS attacks emanating from one machine, hackers improvised another threat to network security: distributed Dos or DDoS. In DDoS, a whole group of machines make continuous requests, making it harder for spam control to detect which machine is making these requests.
Other network threats exist, but they primarily attack via emails. We have explained them in-depth in our blog on email threats.
Types of Network Security Devices
These security devices actively block surplus / malicious traffic. Firewalls, antivirus, and content filtering devices are all active network devices.
These devices just identify and report on possible threats. They take no active part in subverting the threat. For example, intrusion detection appliances are passive network devices.
These devices continuously scan networks and identify potential security problems. They can predict and stop network security threats before they can even attack. For example, penetration testing devices and vulnerability assessment appliances.
Unified Threat Management (UTM)
These are all-in-one security devices. Examples include firewalls, content filtering, web caching, etc.
We will cover network security devices and their working in detail, in another blog. Stay tuned. Logix Infosecurity provides solid network security via its Fortigate UTM Firewalls.