First, let us define what network security is. Network security is the method used in applying appropriate measures in order to protect the entirety of the network from external unauthorized use, malfunction, improper closure, and modification. With this in mind, it creates a secure integrated platform for the network of computers and users in order to perform essential tasks in a secure computer environment. Furthermore, specific provisions and policies applied in a particular computer network structure comprise network security. This is implemented by the network administrator in order to protect and secure the entire network together with its resources. The subject of network security is a complex matter only to be discussed by computer pundits and software experts. Eventually, as the need for a comprehensive understanding of network security increases, more people are deemed to understand the fundamentals of security in the vast world of networking before engaging in e-commerce and data communications.. In order to do such, it is a staple requisite to understand the basic principles of network security. One must adhere to the basic foundations of networking, and its fundamentals as well. The fundamentals of networking are essential in understanding the concept of network security. This paper aims to explain to ordinary users the basic concepts in order to cope with management risks and troubleshooting in the cyberspace marketplace (Curtin, 1997).
However, this paper is not an instructional manual hands-on document; but rather a refresher course on how to reduce and moderate network security risks in the workplace. It is also aimed at giving a networking neophyte a more comprehensive perspective on what networking and networking security is. An in-depth overview of networking history is considered a probable introduction for networking neophytes. Inter networking and TCP/IP is some of the subjects that should be understood. Networking neophytes are to be briefed with aspects like network threats; firewalls, risk management, and special-purpose secure networking tools. Administrators and managers are always subjected into such aspect of office work due to the fast-paced trading of information through the cyberspace (Curtin, 1997). .
Network Security: An Overview
Network is defined as a particular set of interlinking lines that resembles a net – an interconnected system of a plethora of network alliances. This is a comprehensive definition of what a computer network is – a series of interlinked computers augmenting each other. Most people have ignored the importance of network securities in networks. It has been dismissed as simply deploying an apt firewall in order to protect the entirety of a particular network from external interference. In a recent report by CERT, apparent threats to national infrastructure and a handful of security incidents has become an international obstacle for most companies. The cumulative total of reported cases went from 6 in 1988 to over 82,000 in 2002, with over 82,000 occurring in 2002 alone. Security vulnerabilities are doubling every year. In 2002, over 4,000 security vulnerabilities were reported. Such figures only suggest external networking threats. Internal network threats are hardly reported, and can be more complex and destructive than external threats. The magnitude of such matter is staggering. Bear in mind that every incident, which includes a particular site and a myriad of others can be infected by the apparent sinister network sabotage within a period of time. This becomes a crucial and alarming matter for network service providers, business enterprises, government officials, and end users as far as apt network security is concerned (Richman et al, 2004).
Undoubtedly, network security is the leading concern of many network executives according to a recent survey. With this in mind, it is essential for companies to instigate the formation of security solutions in order to be applied in the company network. This will affect an end-to-end perspective for networks that cross the public telephone network, the Internet, or any Internet protocol (IP) network; due to the fact that security vulnerabilities affect the U.S. Government and major corporations on a daily basis. Factors such as balance of price, features, and the utilization of security solutions should understood by service providers before applying apt network securities. Bell labs has developed the Lucent Network Security Framework in order to address international obstacles of service providers, enterprises, and consumers for wireless, optical, and wire line voice, data, and converged networks. Management information, control/signaling information, and end-user data used by and transported by
The network infrastructure, network services, and network-based applications are all given apt troubleshooting solutions by the Lucent framework. It provides the network administrator a comprehensive and holistic perspective of network security. This will enable the network administrator to apply apt network elements and applications in determining, monitoring, and correcting certain security vulnerabilities. The Lucent framework is one simple example of a network security measure. It is used o assist in the development of network security policies and requirements, as well as to form the basis for a network security assessment (Richman et al, 2004).
Anatomy of a Network: Security Threats, Security Layers, and Security Planes
The Lucent Network Security or any security framework identifies security issues both intentional and accidental, which needs to be prevented, detected, and corrected within the network. The four primary security threats are interruption, interception, modification, and fabrication. The following are defined as:
- Interruption – A particular asset of the system becomes unavailable, or unusable. It is an attack on availability. Malicious destruction of a network element, omission of a software program or data file, and malfunction of an operating system file manager are prime examples of this threat (Richman et al, 2004).
- Interception – An unauthorized host gains access to an asset. The external user can be a person, a program, or a computing system. This is an attack on confidentiality. Wiretapping to acquire substantial data and listening to wireless radio transmission are some examples of this threat (Richman et al, 2004).
- Modification- An unauthorized host tampers with a particular asset. A deliberate attack on integrity, examples of theses are: paralyzing the network configuration values in a database and modification of data being transmitted in a network (Richman et al, 2004).
- Fabrication – An unauthorized host gains access in order form counterfeit objects on a network.
- An obvious attack on authenticity, examples of this particular threat are: unauthorized access to the network, as well as omission and commission of unclassified data in the database (Richman et al, 2004).
Security planes are the types of activities, which occur within the network. There are the end-user plane, control plane, and management plane. Comprehension of the planes is required in order to ascertain the integration of these planes in the network (Richman et al, 2004).
- Management Plane – This plane initiates and performs the operations, administration, maintenance, and provisioning (OAM&P) of the network elements, transmission facilities, and back-office systems. This plane supports the fault, configuration, accounting, performance, and security (FCAPS) functions (Richman et al, 2004).
- Control Plane – This plan is concerned with enabling the efficient delivery of information, services, and applications. It also secures of securing and protecting the
- applications across the network. It typically involves end-user data being transported by the service (Richman et al, 2004).
- End-user Plane – This plane explains how customers use and gain access to the service provider’s network. The end-user plane represents
- Actual end-user data flows as well. End-users benefit from such through the use of various network-based applications (Richman et al, 2004).
Aside from the security planes, network frameworks also consist of security layers that consist of a hierarchy of network equipment and facility groupings. The triad of security layers complements each other in order to provide apt security solutions. Security layers comprise infrastructure, services, and applications areas.
- Infrastructure Layer – It consists of network transmission facilities as well as individual network elements and hardware platforms. It includes the hardware and software comprising the network elements and platforms.
- Service Layer – It consists of services, which customers receive from its service providers. The services layer has a wide-array of services such as basic transport and basic IP connectivity or internet access. IP service enablers such as authentication, authorization, and accounting (AAA) services, dynamic host configuration services, and domain name services. Value-added services are also included like voice over IP (VoIP), (VPNs), location services, 800-services, and instant messaging (IM).
- Application Layer – This particular layer emphasizes on the network-based applications, which are accessed by service provider clients, as well as other end-user applications that will need network services. Such applications are made available by network services. Applications which are enabled are: file transport, web-browsing applications, network-based voice messaging, and e-mail. The application layer also carries high-end applications like Peoplsoft, electronic commerce, video collaboration, and customer relationship management.
Encryption and Decryption
Data encryption is an essential tool in making network securities efficient. It is the procedure in which data are transformed into cipher text using a mathematical algorithm and a handful of confidential information or encryption key. On the other hand, decryption decodes this process with another mathematical algorithm, which reverses the outcome of a particular encryption algorithm. Cryptosystem is the term given to encryption algorithm and all its possible keys, plaintexts and cipher texts. A myriad of advance encryption systems, which uses algorithms have been made known to users. For instance, a well-known and very simple algorithm is the Caesar cipher, which encrypts each letter of the alphabet by shifting it forward three places (OpenLearn, 2008). Thus A becomes D, B becomes E, C becomes F and so on. A cipher that uses an alphabetic shift for any number is called as a Caesar cipher (OpenLearn, 2008).It is the most commonly-used cipher in the encryption process.
The entirety of the encryption process secures data exchange in a particular network. It makes the influx of data more confidential. It prevents traffic from node to node; and avoids instances of eavesdropping as well. Encryption complements a network whenever what portions are to be encrypted and the layers that are included in a specific reference model. It is crucial for packer-switched networks to ascertain the application of encryption to such important network tools such as routers, bridges, and switches. With this in mind, encryption is aptly labeled as “end-to-end encryption”. It will depend on whether it is implemented or re-applied at the end of each link within a certain communication path. It aids the network administrator in distinguishing a wide-array of encryption on a designated OSI layer. Encryption is applied in network layers, which are identified by an internet protocol. Link layer encryption and end-to-end encryption is described at the figure below (OpenLearn, 2008).
Encryption in relation to the protocol layers (Source: based on King and Newson, 1999, p. 104)
The implementation of firewalls is one crucial and essential matter in order to moderate and restrict unwanted access in a particular network. Usually, it is implemented within a gateway. The firewall monitors incoming and outgoing traffic within the boundaries of the zone protected by the firewall. It restricts external parties to gain access in designated unprotected zones. IT also denies internal hosts in gaining access to insecure external services. A firewall is a company’s primary weapon in restricting unwanted external hosts from infiltrating their network system. IT augments their network security, and moderates traffic.
This figure shows how a firewall filters information
The Network Security Framework
Each network security framework has its share of standard security services, which it utilizes to adhere to its particular network security. These security services are found in the ITU-T Recommendation X.800. There are eight basic dimensions of network security, which should be addressed in order to deter various external host attempts in exploiting and sabotaging a company’s network. However, such dimensions are not limited to the network. It also covers from end-users to application. Furthermore, these dimensions concerns service providers that offer security services. The eight dimensions are present in order to integrate all the aspects of network security. These dimensions are as follows:
- Access Management – protects against unauthorized use of network resources. It ensures that only authorized hosts are allowed to gain access to network elements, stored information, information flows, services, and applications.
- Communication Security – ascertains that data only flows between authorized and secure endpoints. Information influx should not be diverted and intercepted during its flow within the endpoints.
- Authentication – It is used to confirm identities of communication hosts. This dimension ascertains that the validity of the claimed identities of hosts. It also determines whether the host is duplicating an authorized host. It addresses the security threat known as fabrication.
- Data Integrity – This dimension ascertains the accuracy of information against instances of unauthorized modification, omission, and replication of activities within the network. It prevents instances of fabrication and modification threats.
- Non-Repudiation – The dimension that provides assurance of the origin of the data or the apparent cause of a network activity. It ascertains the availability of proof that a particular activity has transpired within the network. It also prevents the security threat of fabrication.
- Data Security – It protects data from unauthorized disclosure. It ensures that data remains private, and prevents unauthorized access. Data confidentiality is made possible by encryption, which prevents the security threat of interception.
- Availability – The dimension that ascertains that makes it possible for authorized access for authorized host. It makes network elements present such as: stored information, information flows, services, and applications. It also prevents the security threat of interception.
- Privacy – It provides the essential protection of information, which is derived from network activities observation. It is a protection against direct and covert unauthorized attempts from individual users, service providers, enterprises, or the network infrastructure.
Network Security should be a standard ordinary procedure for any organization or company, which is adamant on securing and protecting its vast database from unwanted authorizations and apparent sabotaging from external hosts. Network security provides holistic network protection and moderation of the influx of data. Activities within the network should be monitored and filtered in order to prevent harmful unauthorized access from external hosts bent on sabotaging an organization’s database. Network security should not be limited to service alone; it should be developed in order to provide holistic end-to-end solution for a network. With this in mind, a network can be secured and protected. A network should revolve around a specific and apt design of network security framework.
Richman,S. McGee,A., Picklesimer,D. et al, (2004). A Framework for Ensuring Network Security. Bell
Labs Technical Journals.
Curtin,M. (1997). Introduction to Network Security. Retrieved April 9, 2008, from
Openlearn.(2008). Network Security. Retrieved April 9, 2008, from