network+security

Network SecuritY

The networks are computer networks, both public and private, that are used every day to conduct transactions and communications among businesses, government agencies and individuals. The networks are comprised of "nodes", which are "client" terminals (individual user PCs) and one or more "servers" and/or "host" computers. They are linked by communication systems, some of which might be private, such as within a company, and others which might be open to public access. The obvious example of a network system that is open to public access is the Internet, but many private networks also utilize publicly-accessible communications. Today, most companies' host computers can be accessed by their employees whether in their offices over a private communications network, or from their homes or hotel rooms while on the road through normal telephone lines.

Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most effective set of tools to combat them.**Threats to network security include** **Network security tools include:** Dedicated network security hardware and software-Tools such as firewalls and intrusion detection systems provide protection for all areas of the network and enable secure connections. None of these approaches alone will be sufficient to protect a network, but when they are layered together, they can be highly effective in keeping a network safe from attacks and other threats to security. In addition, well-thought-out corporate policies are critical to determine and control access to various parts of the network. FireWall = = As we've seen in our discussion of the Internet and similar networks, connecting an organization to the Internet provides a two-way flow of traffic. This is clearly undesirable in many organizations, as proprietary information is often displayed freely within a corporate //intranet// (that is, a TCP/IP network, modeled after the Internet that only works within the organization). In order to provide some level of separation between an organization's intranet and the Internet, //firewalls// have been employed. A firewall is simply a group of components that collectively form a barrier between two networks. A number of terms specific to firewalls and networking are going to be used throughout this section, so let's introduce them all together. **Bastion host.**A general-purpose computer used to control access between the internal (private) network (intranet) and the Internet (or any other untrusted network). Typically, these are hosts running a flavor of the Unix operating system that has been customized in order to reduce its functionality to only what is necessary in order to support its functions. Many of the general-purpose features have been turned off, and in many cases, completely removed, in order to improve the security of the machine.**Router.**A special purpose computer for connecting networks together. Routers also handle certain functions, such as //routing//, or managing the traffic on the networks they connect.
 * Antivirus software packages :** These packages counter most virus threats if regularly updated and correctly maintained.
 * Secure network infrastructure :** Switches and routers have hardware and software features that support secure connectivity, perimeter security, intrusion protection, identity services, and security management.
 * Virtual private networks :** These networks provide access control and data encryption between two different computers on a network. This allows remote workers to connect to the network without the risk of a hacker or thief intercepting data.
 * Identity services :** These services help to identify users and control their activities and transactions on the network. Services include passwords, digital certificates, and digital authentication keys.
 * Encryption :** Encryption ensures that messages cannot be intercepted or read by anyone other than the authorized recipient.
 * Security management :** This is the glue that holds together the other building blocks of a strong security solution.