A “network” is an interconnected system, and computer networks are a connection of different computers, facilitating sharing of data and other information. As networks grow in popularity, they also become the target of increasing attacks from hackers and other unscrupulous elements who target the vulnerabilities inherent in such networks.
Computer network security involves putting in place adequate safeguards to prevent unauthorized access to the computer from the network, and thereby prevent data theft, data loss, or breakdowns.
Denial of Service Attacks
One major dimension of computer network security is ensuring the network stays up and running. Real time network connectivity is the lifeline of many businesses and attacks such as Denial of Service (DoS) can sap the link.
DoS entails flooding the network with requests, slowing down legitimate requests and ultimately refusing all request including legitimate requests owning to inability to cope with the sheer volume of requests.
Safeguards against DoS attacks include
- Using packet filtering to prevent packets from entering the network
- Keeping security patches of operation system and applications up to date
- Not running visible servers at close to capacity levels
Unauthorized Access
The most common types of attacks computer networks face are attackers attempting to gain unauthorized access to some resource of the machine and executing commands illegally. This can lead to loss of data, data theft, confidentiality breaches, data diddling or altering figures in spreadsheets or flowcharts, and more.
Hackers and other attacks scour the internet for unsecured data ports that offer easy access to the network, or some vulnerability in the network to make unauthorized access.
Ways of preventing unauthorized access include:
- Ensuring the security system has multiple layers of security, to avoid intrusions by breaking through any one component
- Updating security patches of operating systems and applications regularly
- Regularly monitoring popular and trusted groups like CERT and CIAC that issues valuable advisories related to network security
- Issuing guidelines to users on what constitutes good network behavior. Examples include refraining from clicking unwanted links, clearing the network cache after browsing, and so on
- Installing security software such as firewalls, network monitoring systems, and Intrusion Prevention Systems
Data Interception
A third major threat for network security is data interception, or hackers intercepting data when in transit over the network.
The Internet Protocol (IP) is a “network layer” protocol that allow computers to “talk” to each other. The IP is susceptible to many attacks such as IP spoofing, where one host claims to have the IP address of another, and IP Session Hijacking, where the attacker takes over a user’s session. The purpose of such attacks is data theft, data interception, and more. IP spoofing and session hijacking entice recipients to click on links from what is seemingly trusted and familiar sources, in a bid to install malware or spyware.
Effective safeguards include using signatures and encrypting the data. Using Crypto-Capable Routers that allows session encryption between specified routers will also offer enhanced protection.
Many large organizations build their own Virtual Private Networks (VPNs) to provide direct connectivity between their remote locations, to prevent risk to data over public networks.
In the age of heightened security concerns, ensuring computer network security is a priority for most enterprises.
