0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
23 Ansichten7 Seiten
Network security relates directly to an organization's business continuity. Network security breaches can disrupt e-commerce, cause the loss of business data. Maintaining a secure network ensures the safety of network users and protects commercial interests.
Network security relates directly to an organization's business continuity. Network security breaches can disrupt e-commerce, cause the loss of business data. Maintaining a secure network ensures the safety of network users and protects commercial interests.
Network security relates directly to an organization's business continuity. Network security breaches can disrupt e-commerce, cause the loss of business data. Maintaining a secure network ensures the safety of network users and protects commercial interests.
In July 2001, the Code Red worm attacked web servers globally, infecting over 350,000 hosts. The worm not only disrupted access to the infected servers, but also affected the local networks hosting the servers, making them very slow or unusable. The Code Red worm caused a Denial of Service (DoS) to millions of users.
If the network security professionals responsible for these Code Red-infected servers had developed and implemented a security policy, security patches would have been applied in a timely manner. The Code Red worm would have been stopped and would only merit a footnote in network security history.
Network security relates directly to an organization's business continuity. Network security breaches can disrupt e-commerce, cause the loss of business data, threaten people's privacy (with the potential legal consequences), and compromise the integrity of information. These breaches can result in lost revenue for corporations, theft of intellectual property, and lawsuits, and can even threaten public safety.
Maintaining a secure network ensures the safety of network users and protects commercial interests. To keep a network secure requires vigilance on the part of an organization's network security professionals. Network security professionals must constantly be aware of new and evolving threats and attacks to networks, and vulnerabilities of devices and applications. This information is used to adapt, develop, and implement mitigation techniques. However, security of the network is ultimately the responsibility of everyone who uses it. For this reason, it is the job of the network security professional to ensure that all users receive security awareness training. Maintaining a secure, protected network provides a more stable, functional work environment for everyone.
"Necessity is the mother of invention." This saying applies perfectly to network security. In the early days of the Internet, commercial interests were negligible. The vast majority of users were research and development experts. Early users rarely engaged in activities that would harm other users. The Internet was not a secure environment because it did not need to be.
Early on, networking involved connecting people and machines through communications media. The job of a networker was to get devices connected to improve people's ability to communicate information and ideas. The early users of the Internet did not spend much time thinking about whether or not their online activities presented a threat to the network or to their own data.
When the first viruses were unleashed and the first DoS attack occurred, the world began to change for networking professionals. To meet the needs of users, network professionals learned techniques to secure networks. The primary focus of many network professionals evolved from designing, building, and growing networks to securing existing networks.
Today, the Internet is a very different network compared to its beginnings in the 1960s. The job of a network security professional includes ensuring that appropriate personnel are well-versed in network security tools, processes, techniques, protocols, and technologies. It is critical that network security professionals manage the constantly evolving threats to networks.
As network security became an integral part of everyday operations, devices dedicated to particular network security functions emerged.
One of the first network security tools was the intrusion detection system (IDS), first developed by SRI International in 1984. An IDS provides real-time detection of certain types of attacks while they are in progress. This detection allows network security professionals to more quickly mitigate the negative impact of these attacks on network devices and users. In the late 1990s, the intrusion prevention system or sensor (IPS) began to replace the IDS solution. IPS devices enable the detection of malicious activity and have the ability to automatically block the attack in real-time.
In addition to IDS and IPS solutions, firewalls were developed to prevent undesirable traffic from entering prescribed areas within a network, thereby providing perimeter security. In 1988, Digital Equipment Corporation (DEC) created the first network firewall in the form of a packet filter. These early firewalls inspected packets to see if they matched sets of predefined rules, with the option of forwarding or dropping the packets accordingly. Packet filtering firewalls inspect each packet in isolation without examining whether a packet is part of an existing connection. In 1989, AT&T Bell Laboratories developed the first stateful firewall. Like packet filtering firewalls, stateful firewalls use predefined rules for permitting or denying traffic. Unlike packet filtering firewalls, stateful firewalls keep track of established connections and determine if a packet belongs to an existing flow of data, providing greater security and more rapid processing.
The original firewalls were software features added to existing networking devices, such as routers. Over time, several companies developed standalone, or dedicated firewalls that enable routers and switches to offload the memory and processor-intensive activity of filtering packets. Cisco's Adaptive Security Appliance (ASA) is available as a standalone context-aware firewall. For organizations that do not require a dedicated firewall, modern routers, like the Cisco Integrated Services Router (ISR), can be used as sophisticated stateful firewalls.
Traditional security relied on the layering of products and using multiple filters. However, as threats became more sophisticated, these filters were required to look deeper into Network and Application Layer traffic. Security requirements included more dynamic updates of information and quicker response times to threats. For this reason, Cisco designed the Security Intelligence Operations (SIO). SIO is a cloud-based service that connects global threat information, reputation-based services, and sophisticated analysis to Cisco network security devices to provide stronger protection with faster response times. YEAR SECURITY TECHNOLOGY Late 1988 DEC Packet Filter Firewall 1989 AT&T Bell Labs Stateful Firewalls 1991 DEC Seal Application Layer Firewall 1994 Check Point Firewall 1995 NetRanger IDS August, 1997 RealSecure IDS 1998 Snort IDS Late 1999 First IPS 2006 Cisco Zone-Based Policy Firewall 2010 Cisco Security Intelligence Operations
In addition to dealing with threats from outside of the network, network security professionals must also be prepared for threats from inside the network. Internal threats, whether intentional or accidental, can cause even greater damage than external threats because of direct access to, and knowledge of the corporate network and data. Despite this fact, it has taken more than 20 years after the introduction of tools and techniques for mitigating external threats to develop tools and techniques for mitigating internal threats.
A common scenario for a threat originating from inside the network is a disgruntled employee with some technical skills and a willingness to do harm. Most threats from within the network leverage the protocols and technologies used on the local area network (LAN) or the switched infrastructure. These internal threats fall into two categories: spoofing and Denial of Service (DoS).
Spoofing attacks are attacks in which one device attempts to pose as another by falsifying data. There are multiple types of spoofing attacks. For example, MAC address spoofing occurs when one computer accepts data packets based on the MAC address of another computer.
DoS attacks make computer resources unavailable to intended users. Attackers use various methods to launch DoS attacks.
As a network security professional, it is important to understand the methods designed specifically for targeting these types of threats and ensuring the security of the LAN.
Evolution of LAN Security
In addition to preventing and denying malicious traffic, network security also requires that data stay protected. Cryptography, the study and practice of hiding information, is used pervasively in modern network security. Today, each type of network communication has a corresponding protocol or technology designed to hide that communication from anyone other than the intended user.
Wireless data can be encrypted (hidden) using various cryptography applications. The conversation between two IP phone users can be encrypted. The files on a computer can also be hidden with encryption. These are just a few examples. Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.
Cryptography ensures data confidentiality, which is one of the three components of information security: confidentiality, integrity, and availability. Information security deals with protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Encryption provides confidentiality by hiding plaintext data. Data integrity, meaning that the data is preserved unaltered during any operation, is achieved by the use of hashing mechanisms. Availability, which is data accessibility, is guaranteed by network hardening mechanisms and backup systems. Encrypting Data
Evolution of Data Protection Technologies Year Security Technology 1993 Cisco GRE Tunnels 1996 Site-to-Site IPSec VPNs 1999 SSH 2000 MPLS VPNs 2001 Remote-Access IPSec VPN 2002 Dynamic Multipoint VPN 2005 SSL VPN 2009 Group Encrypted Transport VPN (GET VPN)