2. WHAT WE’LL COVER:
• Definition
• Types of data networks:
Private
Public
• Security:
Explanation
Concepts
Types of attacks on networks
• Compliance and ‘the problem’
• Summary
• Source List
4. Data Networks
“A data network is an electronic communications process that allows
for the orderly transmission and receptive of data, such as letters,
spread sheets, and other types of documents.
What sets the data network apart from other forms of communication,
such as an audio network, is that the data network is configured to
transmit data only.
This is in contrast to the audio or voice network, which is often
employed for both voice communications and the transmission of data
such as a facsimile transmission.”
Wisegeek.com
6. Types of Data Networks
There are two basic types of data networks in operation today.
1. The private data network
“This is essentially a local network that is designed to allow for the
transmission of data between the various departments within a given entity,
such as a company.
All locations of the company may be included as nodes on the network, and
be able to communicate through a common server that functions as the
repository for any and all data files that are used throughout the business.
There are also examples of a private data network that allows for data
sharing between several companies that are part of the same profession or
industry.
Connections to this type of network can be achieved through the creation of
a virtual private network, or VPN that resides on a master server, or by
provisioning the connections through a communications carrier.”
Wisegeek.com
7. Types of Data Networks
The second is quite different.
2. The public data network
“In contrast to the private data network, the public data network will be widely accessible
to both residential and corporate clients of a given carrier network.
The setup of a public network may involve the utilization of multiple servers and
connection to the network through several different processes.
Often, a public data network will require some type of subscription process, such as a
monthly usage fee.
Upon receipt of the fee, the service provider will allow the creation of access credentials
that will allow the consumer to access authorized portions of the network and engage in
several functions commonly involved with data.
These include the ability to retrieve stores documents, create backups of important data
files, and archiving data such as historical information or other data that is understood to
be valuable for future applications."
Wisegeek.com
9. Network Security
Explanation
“In the field of networking, the area of network security consists of the provisions and
policies adopted by the network administrator to prevent and monitor unauthorized
access, misuse, modification, or denial of the computer network and network-accessible
resources.
Network security involves the authorization of access to data in a network, which is
controlled by the network administrator. Users choose or are assigned an ID and
password or other authenticating information that allows them access to information
and programs within their authority.
Network security covers a variety of computer networks, both public and private, that
are used in everyday jobs conducting transactions and communications among
businesses, government agencies and individuals.
Networks can be private, such as within a company, and others which might be open to
public access.
Network security is involved in organizations, enterprises, and other types of institutions.
It does as its title explains: It secures the network, as well as protecting and overseeing
operations being done. The most common and simple way of protecting a network
resource is by assigning it a unique name and a corresponding password.”
Wikipedia
10. Network Security
Concepts
“Network security starts with authenticating the user, commonly with a username and a password.
Since this requires just one detail authenticating the user name —i.e. the password, which is
something the user 'knows'— this is sometimes termed one-factor authentication. With two-factor
authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card,
or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g. a
fingerprint or retinal scan).
Once authenticated, a firewall enforces access policies such as what services are allowed to be
accessed by the network users. Though effective to prevent unauthorized access, this component
may fail to check potentially harmful content such as computer worms or Trojans being transmitted
over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit
the action of such malware.
An anomaly-based intrusion detection system may also monitor the network and traffic for
unexpected (i.e. suspicious) content or behaviour and other anomalies to protect resources, e.g.
from denial of service attacks or an employee accessing files at strange times. Individual events
occurring on the network may be logged for audit purposes and for later high-level analysis.
Communication between two hosts using a network may be encrypted to maintain privacy.
Honeypots, essentially decoy network-accessible resources, may be deployed in a network as
surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate
purposes.
Techniques used by the attackers that attempt to compromise these decoy resources are studied
during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used
to further tighten security of the actual network being protected by the honeypot.”
Wikipedia
11. Network Security
Types of attacks
Networks are subject to attacks from malicious sources. Attacks can be from two categories
1. "Passive" when a network intruder intercepts data traveling through the network
2. "Active" in which an intruder initiates commands to disrupt the networks normal operation.
Types of attacks include:
Passive
Network
1. wiretapping
2. Port scanner
3. Idle scan
Active
1. Denial-of-service attack
2. Spoofing
3. Man in the middle
4. ARP poisoning
5. Smurf attack
6. Buffer overflow
7. Heap overflow
8. Format string attack
9. SQL injection
Wikipedia
Image by: Gloriamundi.blogsome.com
13. Network Compliance
The Problem
“Governments compliance requirements are growing
increasingly complex and federal chief information officers are
tasked with securing data and networks, authenticating users,
and preparing for disasters — all while continually auditing and
reporting on compliance.” Juniper.net
With this problem surrounding the day to day functioning of
security and compliance certain products are needed to ensure
that networks not only abide by government guidelines and rules
but also ensure that networks can still maximise on functionality.
15. Summary
A data network is an electronic communications process
that allows for the orderly transmission and receptive of
data and which is defended or made different to another
network depending on the type of network that it is: Types
of data networks: private or public
By understanding network security and the various
concepts it pertains to, one can try and protect a network
from various types of attacks on networks that are either
passive or aggressive
Compliance and ‘the problem’ can help network owners or
managers to ensure their network is not only compliant
with legal rules and guidelines but is safe from attacks and
can still function to its full capability.
16. Credits
1. Images: CC from Flickr (click on CC pictures for
attribution) and Google CC images
2. Information: Please click on source names in
slideshow for their original source