What is Network Security?

What is network security? Network security is a combination of software, hardware, and human actions that protect your network from attack.

What is network security?

Have you ever been in the middle of a breach remediation? While the first priority is handling the initial breach, after it’s resolved the priorities quickly change to mitigating future attacks. You prepare a detailed report with specific actions to take, products to consider, and changes to make to overall policies. And then a senior executive in the company asks, “Is there something I can buy to make all this go away? Some piece of software to install? Some appliance to plug in?” This is not how to look at network security.

Network security is a combination of people, process, and technology. In fact, thinking of network security as a simple IT problem misses the point. Network security is multiple layers of defenses throughout the network. It’s setting up defenses before traffic even reaches the network. It’s knowledge about the environment you’re working in. It’s monitoring the network to detect anomalies. It’s the training of users and technical professionals—and especially management. And yes, it’s hardware and software also.

The importance of network security

The importance of network security can’t be overstated. The lack of adequate network protection for a large corporation can result in the loss of user data and the negative publicity that accompanies it. It can threaten customer personal data. It can cause companies to lose huge amounts of money. It can hurt a company’s brand, cause great embarrassment, and end careers. In extreme cases, it can run a company completely out of business.

In fact, 60% of all small businesses that undergo a cybersecurity attack close and never open their doors again. The estimates for 2021 are that the total cost of cybercrime will hit $6.1 trillion worldwide. The average cost of a major attack is $3.86 million. The worldwide information security market is expected to reach $170 billion this year.

And the average time to discover a breach in a corporate network is 207 days. This last statistic is startling when you think of what a hacker can do once they’re inside your network. If they have 207 days, they can do a lot.

Common network security vulnerabilities

Many network security vulnerabilities are very common. Let’s take a look at a few of the big ones.

Passwords: Many users use simple passwords, common passwords, or passwords that aren’t changed or rotated. Simple password maintenance and enforcement can stop a lot of attacks on these basic vulnerabilities before they lead to real threats and major breaches. In fact, one of the major retail chain breaches was the result of a system with a default password that was never changed. It led to one of the costliest security breaches in history.

Incorrect handling of data: Some employees don’t handle company data correctly. They leave passwords written down on notepads. They leave their desk with their computer logged on. They give out sensitive or secret information to a stranger on a phone call. They leave locked areas open that contain sensitive data. If more people would exhibit a little care, many attacks could be prevented before they become serious.

Old or out-of-date equipment and systems: IT departments often have equipment that’s woefully inadequate for today’s sophisticated hackers. Computer hacking is a full-time, multi-billion-dollar business run by sophisticated organizations and nation states using every resource in their power to discover the next vulnerable target to exploit. Your company needs to be investing in good security technology. If your company has installed a $63 “firewall” from the local big box store on one of its network segments, it’s looking to be breached.

Network operating system updates: Some companies don’t follow the correct update cadence for their network operating systems. When there’s a notification to complete an update, it must be taken seriously. Most of these updates are fixes for security vulnerabilities.

Unauthorized access: Sometimes there are people who simply aren’t allowed on the network. Understanding the types of networks you’re managing keeping the wrong people out of your networks is important. This is accomplished through maintaining proper AAA resources (see AAA systems below), good personnel records, policies that enforce best practices, and authentication systems that can keep up with staff and authorization changes.

Malware and viruses: There are multiple types of software that spread throughout the world to search out vulnerable systems. They exploit these vulnerabilities in a variety of ways and gain entry into the network. Once inside of the network, they cause different kinds of trouble from damaging systems to contacting bad actors and letting them into your network. A common type is ransomware, a virus that gains access to your critical data, locks it up, and holds it for ransom until you pay the amount the hacker is requesting.

Brute force attacks: Brute force attacks are often what people think of when they think of hacking— a hacker specifically targets a company’s defenses and tries to break in through outsmarting or overwhelming its defenses. An example of such attacks are denial of service (DOS) or distributed denial of service DDOS attacks. These attacks overwhelm a company’s security tools causing network failure or allowing an intruder access while the network is down. Brute force attacks comprise only a small percentage of security breaches but their effects can be devastating.

8 types of network security tools

• Firewalls

Firewalls are one of the most fundamental types of computer network security technology. A firewall is a device or a set of devices that allows certain types of traffic in and blocks all other types of traffic from entering. Firewalls use the concepts of deny all and permit by exception. This basically means that all traffic is assumed a threat, and only specific traffic is allowed.

• IPS/IDS

Intrusion prevention and intrusion detection systems are an extension of the firewall and they reside in the same location on the network. IDS—detection systems—are one of the most important parts of computer network security technologies. They actively scan traffic looking for known signatures of attacks so they can be identified.

IPS—prevention systems—perform a similar function but monitor and act, looking for patterns of traffic and comparing them to signatures of known attacks. IPS act automatically on the detected anomalies where the IDS requires human intervention to act.

• AAA systems

Authentication, authorization, and accounting systems are concerned with allowing the right people into the network. Authentication checks to see if a person is who they’re supposed to be. Authorization checks to see if they’re allowed into the network. Accounting keeps track of the person for audit or remediation of an attack. Generally, these systems work in concert when a person tries to gain access to the network.

• Anti-malware software

Anti-malware software inspects the traffic entering and leaving the network, as well as the traffic inside of the network, and scans for malware, trojans, worms, and viruses. When malware is detected, the software notifies the system through logging, alerts the user, or blocks the intrusion. It’s an automated process that usually sits on local workstations and in the next-generation firewall.

• Data loss prevention systems

Data loss prevention systems look at traffic on the network in addition to databases and other stores of information to scan for leaks or suspicious changes in data profiles. Many times, when a hacker gets into a network it’s months before they’re detected. Data loss prevention helps notice subtle data changes more quickly.

• Encryption tools

Encryption is the use of mathematical algorithms to scramble information so that the owner of the information is the only one that can understand it. The owner will typically have a software key to unscramble the information. A common use of encryption is when a corporate user is on a public network such as a coffee shop and is communicating back to they’re office. They’ll use encryption to protect the communication.

• Network access control

Network access control systems identify devices attempting to connect to the network, and allow or permit access to the network based on a defined set of rules determined by the administrator. They may also provide restricted assets, or define an access profile, based on specific characteristics of the device. Often network access control tools leverage the 802.1X protocol, although not all do.

• Web proxies

Web proxies are dedicated network appliances or software built into next-generation firewalls that intercept, inspect, and enforce a policy on all network traffic. While traditionally used to enforce access control policies (i.e., by blocking inappropriate or time-wasting websites), they can also have important security implications by blocking known malicious web sites.

Network security principles

A critical part of network security is having a set of principles and policies that are consistent, strong, and up to date. This is probably the most important part of computer network security. Without these principles and policies, your network security system is essentially useless.

Layered system: No single network security policy procedure or tool will be effective by itself. So, the first thing you need is to have multiple layers working in concert. This is a critical basic principle.

Consistent strong policies: If your policies don’t lay out a complete cybersecurity solution from top to bottom the best hardware and software will fail. You can’t answer the question of what network security is without first looking at your policies. Your policies and procedures define how you protect your network, who will protect your network, and how it will be measured. Security policies are network security protection.

Auditing and control: You’ll never know if your network is safe if you don’t test and audit it on a regular basis. There’s a common saying in the network security business: You can have an auditor test your network or you can have a hacker test it.

Stay current: You need to continually update your network and train your staff. Computer network security is a moving target. You’re always measuring and improving.

It’s everyone’s problem: Many companies and many people in management think cybersecurity is an IT problem. This is a false assumption. Half of all cybersecurity issues can be traced back to people problems, not technical or IT problems.

Prioritizing network security

Network security is a critical issue. It’s common for a company to have very good IT people, good training, and strong systems—but when you get to management, they’re not well versed in the role they play in cybersecurity protection and defense.

The best way to communicate the criticality of computer network security is to have management that lead from the front. A study from The Economist showed that major network security incidents declined by 30% just by getting upper management involved.

Managers should be talking about it. They should be asking questions to their employees and their peers. Management should participate in cybersecurity training. And they should be involved in the discussions with their IT team about the proper use of tools.

Audits, testing, and policy reviews should be taken seriously. They should be done on a regular basis and enforced. This doesn’t mean looking for people to blame or to punish. It means being involved and up to date. Show your peers and employees that you are genuinely interested. It will pay off.