Network security is a broad term which usually includes both hardware and software measures to prevent unauthorized access, misuse, modification, or denial to the network or network resources.
Network security has evolved through history starting from a simple authentication, usually a username and password, over the so-called two-factor authentication, which involves a second authentication device, like a security token, card or a mobile phone, to a three-factor authentication which is specific to the user, like a fingerprint or a retinal scan.
The basic way to protect the network security is a firewall, which allows network administrators to both protect vital network structure from malicious attacks as well as assign specific policies to certain users. These have evolved to next-generation firewalls (NGFWs), which also include anti-spyware, anti-spam, content filtering, intrusion detection and prevention systems, as well as remote routing, network address translation (NAT) and virtual private network (VPN) support.
According to Palo Alto Networks, a company focused on delivering network security, the definition of network security is determined by the enforcement mechanism. This means analyzing all network traffic flows and preserving the confidentiality, integrity, and availability of all systems and information on the network.
- Confidentiality – protecting assets from unauthorized entities
- Integrity – ensuring the modification of assets is handled in a specified and authorized manner
- Availability – a state of the system in which authorized users have continuous access to said assets
Most network security companies and experts agree that network security is a complex task that relies on both layers of protection and multiple components focused solely on the overall security of the network.
Network security has to deal with a number of different type of attacks that are usually differentiated into two types: passive and active attacks. Passive attacks focus on intercepting data on the network, while active attacks focus on disrupting the normal operation of the network in order to gain access to the network.
Passive attacks include port scanning, wiretapping, general traffic analysis and similar actions. Active attacks are more common and the list of those include some well-known activities like DNS spoofing, denial-of-service attacks (DDoS), the so-called eavesdropping, application-layer attacks, compromised-key attacks, man-in-the-middle attacks, and others.
Network security is a constantly evolving segment which has to follow a constant rise in cyber-attacks. Luckily, there are plenty of network security companies that are constantly keeping track of those major network security issues and offer both enterprise and consumer-level network security solutions that can prevent most, if not all network attacks.