Computer networks are secure through policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or shutdown of the network and the resources available to it. It includes data access authorization, which is controlled by the network administrator. Users choose or assign an ID and password or other authentication information that allows them to access data and programs within their authority.
Network security encompasses the many computer networks, both public and private, that are used in day-to-day operations, conducting transactions and communications between businesses, government agencies and individuals. Networks can be private (for example, within a company) or otherwise (which may be open to the public).
Computer network security is associated with organizations, businesses and other types of institutions. This secures the network and also performs protective and supervisory operations. The most commonand a simple way to protect a network resource is to give it a unique name and an appropriate password.
Managing security for networks can be different for different situations. A home or small office may require only basic security, while large enterprises may require highly reliable service and advanced software and hardware to prevent hacking and unwanted attacks.
Types of attacks and network vulnerabilities
A vulnerability is a weakness in design, implementation, operation, or internal controls. Most of the discovered vulnerabilities are documented in the Common Vulnerabilitiesand Exposures (CVE) database.
Networks can be attacked from various sources. They can be of two categories: "Passive", where a network intruder intercepts data passing through the network, and "Active", in which an attacker initiates commands to disrupt the normal operation of the network or to monitor in order to gain access to data.
To protect a computer system, it is important to understand the types of attacks that can be carried out against it. These threats can be divided into the following categories.
A backdoor in a computer system, cryptosystem, or algorithm is any secret method of bypassing conventional means of authentication or security. They may exist for a number of reasons, includingoriginal design or poor configuration. They can be added by the developer to allow some kind of legitimate access, or by an attacker for other reasons. Regardless of their motives for existence, they create vulnerability.
Denial of Service Attacks
Denial of Service (DoS) attacks are designed to make a computer or network resource unavailable to its intended users. The perpetrators of such an attack can block access to the network for individual victims, for example, by deliberately entering the wrong password many times in a row to cause an account lockout, or by overloading the capabilities of a machine or network and blocking all users at the same time. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of distributed denial of service (DDoS) attacks are possible, where signals originate from a large number of addresses. In this case, the defense is much more difficult. Such attacks can originate from bot-controlled computers, but a variety of other methods are possible, including reflection and amplification attacks, where entire systems involuntarily transmit such a signal.
Direct access attacks
An unauthorized user gaining physical access to a computer is likely to be able to directly copy data from it. Such attackers can also compromise security by making changes to the operating system, installing software worms, keyloggers, hidden listening devicesor using wireless mice. Even if the system is protected by standard security measures, they can be bypassed by booting another OS or tool from a CD or other bootable media. Disk encryption is designed to prevent just such attacks.
Network security concept: main points
Information security in computer networks begins with authentication associated with the introduction of a username and password. This kind of it is one-factor. With two-factor authentication, an additional parameter is additionally used (a security token or "key", an ATM card or a mobile phone), with three-factor authentication, a unique user element (fingerprint or retinal scan) is also used.
After authentication, the firewall applies the access policy. This computer network security service is effective in preventing unauthorized access, but this component may not check for potentially harmful content such as computer worms or Trojan horses transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) can help detect and block such malware.
A data-scanning intrusion detection system can also monitor the network for high-level analysis. New systems combining unlimited machine learning with full network traffic analysis can detectactive online attackers in the form of malicious insiders or targeted external pests that have compromised a user's computer or account.
Also, communication between two hosts can be encrypted for greater privacy.
Computer network security uses countermeasures - actions, devices, procedures, or techniques that reduce a threat, vulnerability, or attack, by eliminating or preventing it, by minimizing harm, or by detecting and reporting its presence.
This is one of the main security measures of computer networks. In software development, secure coding aims to prevent the accidental introduction of vulnerabilities. It is also possible to create software designed from the ground up for security. Such systems are "safe by design". In addition, formal verification is aimed at proving the correctness of the algorithms underlying the system. This is especially important for cryptographic protocols.
This measure means that the software is developed from scratch to ensure the security of information in computer networks. In this case, it is considered the main feature.
Some of the techniques in this approach include:
- Principle of least privilege, in which each part of the system has only certain powers necessary for its functioning. Thus, even if the attackergains access to that part, he will have limited authority over the entire system.
- Code reviews and unit tests are approaches to making modules more secure when formal proofs of correctness are not possible.
- Defense in depth, where the design is such that several subsystems must be breached in order to compromise the integrity of the system and the information it stores. This is a deeper technique for computer network security.
Open Security Architecture defines IT security architecture as "design artifacts that describe the location of security controls (security countermeasures) and their relationship to the overall information technology architecture." These controls serve to maintain system quality attributes such as confidentiality, integrity, availability, liability, and assurance.
Others define it as a unified design for computer network security and information system security that takes into account the needs and potential risks associated with a particular scenario or environment, and determines when and where to apply certain tools.
Its key attributes are:
- relationships of different components and how they depend on each other.
- identify controls based on risk assessment, best practice, finance and legal issues.
- standardization of meanscontrol.
Securing a computer network
The "safe" state of a computer is a conceptual ideal achieved by using three processes: threat prevention, detection, and response. These processes are based on various policies and system components, which include the following:
- User account access controls and cryptography that can protect system files and data.
- Firewalls, which are by far the most common prevention systems in terms of computer network security. This is because they are able (if properly configured) to protect access to internal network services and block certain types of attacks through packet filtering. Firewalls can be either hardware or software.
- Intrusion Detection Systems (IDS), which are designed to detect network attacks during their execution, as well as to provide assistance after an attack, while audit trails and directories perform a similar function for individual systems.
The 'response' is necessarily determined by the assessed security requirements of the individual system and can range from a simple security upgrade to notification to the appropriate authorities, counterattack, etc. In some special cases it is best to destroy a compromised or corrupted system, as that not all vulnerable resources will be discovered.
What is a firewall?
Today the systemcomputer network security includes mostly "preventive" measures such as firewalls or logout procedures.
A firewall can be defined as a way to filter network data between a host or network and another network, such as the Internet. It can be implemented as software running on a machine and plugged into the network stack (or, in the case of UNIX-like systems, built into the OS kernel) to provide real-time filtering and blocking. Another implementation is the so-called "physical firewall", which consists of separate network traffic filtering. Such tools are common among computers that are constantly connected to the Internet, and are actively used to ensure the information security of computer networks.
Some organizations are turning to large data platforms (such as Apache Hadoop) for data availability and machine learning to detect advanced persistent threats.
However, relatively few organizations maintain computer systems with effective detection systems, and they have even fewer organized response mechanisms. This creates problems of ensuring the technological security of a computer network. An over-reliance on firewalls and other automated detection systems can be cited as a major barrier to effectively eradicating cybercrime. However, it is fundamental data collection using packet capture devices that stopattacks.
Vulnerability management is the cycle of identifying, fixing or mitigating vulnerabilities, especially in software and firmware. This process is an essential part of securing computer systems and networks.
Vulnerabilities can be detected using a scanner that analyzes a computer system looking for known “weak spots” such as open ports, insecure software configuration, and exposure to malware.
In addition to vulnerability scanning, many organizations outsource security to perform regular penetration tests on their systems. In some sectors this is a contractual requirement.
While formal validation of computer systems is possible, it is not yet common. Officially tested OSes include seL4 and SYSGO PikeOS, but they make up a very small percentage of the market.
Modern computer networks that ensure the security of information on the network actively use two-factor authentication and cryptographic codes. This significantly reduces the risks for the following reasons.
Hacking cryptography is almost impossible today. It requires some non-cryptographic input (illegally obtained key, plaintext, or other additional cryptanalytic information) to be implemented.
Two-factor authentication is a method of mitigating unauthorized access to a system or sensitive information. Forlogin to a secure system requires two elements:
- "what you know" - password or PIN;
- "what you have" - card, key, mobile phone or other equipment.
This improves the security of computer networks, as an unauthorized user needs both elements at the same time to gain access. The tighter your security measures are, the fewer break-ins can happen.
You can reduce the chances of intruders by keeping systems up to date with security patches and updates, using special scanners. The effect of data loss and corruption can be reduced by careful backup and storage.
Equipment protection mechanisms
Hardware can also be a source of threat. For example, hacking can be done using microchip vulnerabilities maliciously introduced during the manufacturing process. Hardware or auxiliary security of work in computer networks also offers certain methods of protection.
The use of devices and methods such as passkeys, trusted platform modules, intrusion detection systems, drive locks, disabling USB ports, and mobile-enabled access may be considered more secure due to the need for physical access to stored data. Each is described in more detail below.
USB keys are commonly used in the processlicensing software to unlock software features, but they can also be seen as a way to prevent unauthorized access to a computer or other device. The key creates a secure encrypted tunnel between it and the software application. The principle is that the encryption scheme used (for example, AdvancedEncryptionStandard (AES)), provides a higher degree of information security in computer networks, since it is more difficult to crack and replicate the key than just copy your own software to another machine and use it.
Another use for these keys is to use them to access web content such as cloud software or virtual private networks (VPNs). In addition, the USB key can be configured to lock or unlock the computer.
Secure Trusted Platform Devices (TPMs) integrate cryptographic capabilities into access devices using microprocessors or so-called computers on a chip. Used in conjunction with server-side software, TPMs offer an ingenious way to discover and authenticate hardware devices and prevent unauthorized network and data access.
Computer intrusion detection is carried out by means of a push-button switch, which is triggered when the machine body is opened. The firmware or BIOS is programmed to notify the user the next time the device is turned on.
The security of computer networks and the security of information systems can also be achieved by blocking disks. These are, in fact, software tools for encrypting hard drives, making them inaccessible to unauthorized users. Some specialized tools are designed specifically for encrypting external drives.
Disabling USB ports is another common security setting to prevent unauthorized and malicious access to a protected computer. Infected USB keys connected to the network from a device inside a firewall are considered the most common threat to a computer network.
Mobile devices with cellular connectivity are becoming more and more popular due to the ubiquity of cell phones. Built-in capabilities such as Bluetooth, the latest low frequency communication (LE), near field communication (NFC) led to the search for tools aimed at eliminating vulnerabilities. Today, both biometric verification (reading a thumb print) and QR code reader software designed for mobile devices are actively used. All this offers new, secure ways to connect mobile phones to access control systems. This provides computer security and can also be used to control access to protected data.
Features and ACLs
Features of information security in computer networks are based on the separation of privileges and degree of access. Widetwo common models are access control lists (ACLs) and capability-based security.
Using ACLs to restrict programs from running has proven to be unsafe in many situations. For example, the host computer can be tricked into allowing access to a restricted file indirectly. It was also shown that the promise of an ACL to grant access to an object to only one user can never be guaranteed in practice. So there are practical flaws in all ACL-based systems today, but developers are actively trying to fix them.
Feature-based security is mostly used in research operating systems, while commercial operating systems still use ACLs. However, features can only be implemented at the language level, resulting in a specific style of programming that is essentially a refinement of standard object-oriented design.