Thursday, March 09, 2006

What is Network Security?

network security: the protection of a computer network and its services from unauthorized modification, destruction, or disclosure

Network security is a self-contradicting philosophy where you need to give absolute access and at the same time provide absolute security. Any enterprise needs to secure itself from two different access of information/transaction for that matter(ex:ftp,http etc.), internal access and external access. Securing the access of information or resources from the external world(WWW) is quite a task to master, that is where the firewalls pitch in. The firewalls act as gatekeepers who seggregate the intrusive and non-intrusive requests and allow access. Configuring & maintaining a firewall is by itself a task which needs experience and knowledge. There are no hard and fast rules to instruct the firewalls, it depends on where the firewall is installed and how the enterprise intends to provide access to information/resources. So, the effectivity of any firewall depends on how well or how bad you configure it. Please be informed many firewalls come with pre-configured rules, which intend to make the job of securing the information access from external sources. In short firewall gives you information about attacks happenning from the external world.

The toughest job is to secure information from the internal sources. More than securing it, managers need to track the information flow, to identify possible casuatives. The tracking of information flow will come in handy in case of legal situations. Because what seemingly to be a sharing of information could be held against you in the court of law. To enforce this, acts such as HIPAA, GLBA, SOX have been putforth, to ensure that the scam(s) like that of "Enron" does not happen. In short the tracking of information and audit gives you information abouot security breaches and possible internal attacks.

There are a variety of network security attacks/ breaches:

* Denial of Service

* Virus attacks

* Unauthorized Access

* Confidentiality breaches

* Destruction of information

* Data manipulation


Interestingly , all these information are available across the enterprise in the form of log files. But to read it through and making sense out of it, will take a life time. That is where the "Network Security" monitoring also known as "Log Monitoring" softwares pitch in. They do a beautiful job of making sense out of the information spread across various locations and offer the system administrators a holistic view of what is happening in their network, in terms of Network Security. In short they collect,collate,analyze & produce reports which help the system administrator to keep tabs on Network Security.


"Network Security" -Monitoring

No matter how fine your defense systems are, you need to have someone to make sense out of the huge amount of data churned out of a edge device like firewall and the system logs. The typical enterprise logs about 2-3GB/day depending upon the enterprise the size might vary. The main goal of the forensic software is to mine through the vast amount of information and pull out events that need attention. The "Network security" softwares play a major role in identifying the causatives and security breaches that are happenning in the enterprise.

Some of the major areas that needed to be addressed by any network security product is to provide a collective virus attacks across different edge devices in the network. What this offers for an enterprise is a holistic view, of the attacks happening across the enterprise. It offers a detailed overview of the bandwidth usage, it should also provide user based access reports. The product has to highlight sescurity breaches and misuse of internet access, this will enable the administrator to take the necessary steps. The edge devices monitoring product has to provide other stuffs like Traffic trends,insight into capacity planning and Live traffic monitoring, which will help the administrator to find causes for network congestion.

The internal monitoring product has to offer the audit information of users, system security breaches and activity audit trails (ex: remote access) As most of the administrators are ignorant of the requirements for the compliance acts, it is better to cross reference which acts apply to their enterprise and ensure that the product supports reporting for the compliance acts(please refer

href="#Compliance">here for details on compliance)

In altoghether they will have to support archiving, scheduling of reports and a comprehensive list of reports. please follow the next section for more details.