The networking offers endless possibilities and opportunities to every user of it, along with convenience. But this convenience and endless benefits are not free from risks as there are many risks to network security.
While ensuring network security, the concerns are to make sure that only legal or authorized users and programs gain access to information resources like databases.
Also, certain control mechanisms are setup to ensure that properly authenticated users get access only to those resources that they are entitled to use.
Under this type of security, mechanisms like authorization, authentication, encrypted smart cards, biometrics and firewalls etc. are implemented.
The problems encountered under the network security can be summarised as given in the following table:
|Network Security Problem||Description|
|Physical security holes||When individuals gain unauthorized physical access to a computer and temper with files. Hackers do it by guessing passwords of various users and then gaining access to the network systems.|
|Software security holes||When badly written programs or privileged software are compromised into doing things that they should not be doing|
|Inconsistent Usage holes||When a system administrator assembles a combination of hardware and software such that the system is seriously flawed from a security point of view.|
To counter or reduce the network security threats received, many protection methods are used. Here are some popular network security protection methods used:
Let's take a brief look at all of the above network security protection methods.
Authorization determines whether the service provider has granted access to the web service to the requestor.
Basically, authorization confirms the service requestor's credentials. It determines if the service requestor is entitled to perform the operation, which can range from invoking the web service to executing a certain part of its functionality.
Authorization is performed by asking the user a legal login id. If the user is able to provide a legal login id, then he/she is considered an authorized user.
Authentication ensures that each entity involved in using a web service, the requestor, the provider, and the broker (if there is one), is what it actually claims to be.
Authentication involves accepting credentials from the entity and validating them against an authority.
Authentication is also termed as password protection as the authorized user is asked to provide a valid password, and if he/she is able to do this, then he/she is considered to be an authentic user.
Passwords in a remote login session generally pass over the network in unencrypted form, any hacker or cracker can simply record it and can use it later maliciously to corrupt data/files or to harm anyone etc. To counter such threats, newer approaches are suggested such as encrypted smart cards.
An encrypted smart card is hand-held smart card that can generate a token that a computer system can recognise. Every time a new and different token is generated, which even-though cracked or hacked, can not be used later.
The biometric systems form the most secure level of authorization.
The biometric systems involve some unique aspect of a person's body such as fingerprints, retinal patterns etc. to establish his/her identity.
Firewall is a system designed to prevent unauthorized access to or from a private network.
Firewalls can be implemented in both hardware and software, or a combination of both.
Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.
All the messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
A firewall is considered a first line of defense in protecting private information. For greater security, data can be encrypted.
There are various types of firewall techniques, listed below:
Let's take a brief look at all the above listed firewall techniques one by one.
Packet filtering looks as each packet entering or leaving the network and accepts or rejects it based on user-defined rules.
Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing
Circuit-level gateway applies security mechanisms when a connection is established. Once the connection has been made, packets can flow between the hosts without further checking
Proxy server intercepts all the messages entering and leaving the network.
The proxy server effectively hides the true network addresses.