W. Shane Wallace
Information Services Librarian, University of New Mexico Health Sciences Library and Informatics Center
Network Security is a cluster of measures and actions undertaken to protect a computer environment from unauthorized access. Some of these measures include infrastructure design, administrative policies, monitoring, and the deployment of security tools such as firewalls and anti-virus applications.
Network Security involves a variety of complex factors, as it represents an effort to protect a sophisticated system from a potentially unlimited number of unknown attackers. Generally speaking, Network Security makes use of common security concepts such as defense-in-depth and trust management to develop policies and practices that are intended to mitigate threats.
Some common types of Network Threats:
- "Denial of Service" attacks have a simple premise: Send more requests to a network than it can handle, thereby overwhelming it and rendering it non-functional.
- "Unauthorized Access" refers to a number of different sorts of attacks, the goal of which is to access a network resource which should not be available. Examples of these sorts of threats include illicit command execution.
- "Data Manipulation" attacks refer to a variety of threats which camouflage, obfuscate, or redirect the flow of network data in order to capture sensitive information without alerting the data transmitter or receiver. Examples of such threats include IP address spoofing and "Man-in-the-middle" attacks.
Some basic Network Security Maxims:
- Backup all sensitive data and functionality
- Don't put data where it doesn't need to be
- Avoid single points of failure
- Stay current with relevant operating system patches
- Develop a security policy
Some key elements of Network Security:
- Strong authentication requirements
- Physical Security
- Network analysis
- Legal Compliance
- DMZ (a firewall from the outside and the inside)
Page last updated: 3/4/2009
NOTE: Questions or comments about the contents of this article should be addressed to the author, W. Shane Wallace, at firstname.lastname@example.org