Network Security
Network Security
With more devices than ever connected to different networks, hacking and corporate espionage on the rise, and increasingly sophisticated ways of people stealing data, it is really important to secure networks as much as possible against attack. Most networks will have a network manager who is responsible for the day-to-day running of the network, and part of their role is to manage the security and make sure only authorised people can connect to the network.
Fortunately there are a number of different ways of doing this.
These include:
- authentication
- encryption
- firewall
- MAC address filtering
Each one is important for different reasons, and using them together provides a greater level of security than using them in isolation.
Encryption
Encryption is turning data into an unreadable format, that can only be understood by using a key to decrypt it. This means that if a laptop (for example) is stolen, the thief cannot simply remove the hard drive and take all the data from it. They will need to also have access to the key to make the data readable.
Encryption can be easily used alongside authentication. For example, on Mac computers, data is encrypted on the hard drive by the operating system. When a user types in their password to access their account, the data is unencrypted, and they are able to read what is there. However, if another person comes along to try and take it, they would have to get into the user’s account before they could access any of the data.
Encryption is increasingly used for communication too. For example, WhatsApp uses end-to-end encryption, which means that Governments and other organisations (including WhatsApp) are unable to intercept any messages that are sent between devices in an understandable way, and only the users at either end can read them.
Authentication
Authentication refers to methods that are used to make sure a user is who they say they are. For example, this could be through the use of password protected accounts, security dongles, or even biometric measures such as fingerprints or facial recognition.
Authentication measures are the most basic security feature, and are used in a wide range of places. Different levels of authentication can be used depending on the security level required. For example, in many places two-factor authentication is now needed, where people have to both enter a password, and use another registered device to log in to their account (as an example).
One thing that authentication allows is the use of access rights, which grant different users access to different areas of the network. For example, an administrator (such as the network manager) might have access to all areas of the network, including protected files and settings, whilst a guest account may only have limited access to the internet and no more.
Firewall
A firewall is a piece of software that controls what information is allowed into and out of a network. It is a barrier between a trusted and untrusted network.
For example, most networks are used (in part) to connect devices to the internet, but this poses a massive security risk. By using a firewall, a network manager can decide what data packets can get into and out of the trusted network, and will block any unauthorised packets travelling in either direction.
The security settings are set within the trusted network, so rely on good use of authentication to prevent any unauthorised tampering with the settings.
MAC Address Filtering
All devices with a network adapter are given a permanent physical address known as a MAC Address. This address is unique to each device and cannot be changed, allowing individual devices on a network to be identified easily.
By using this address, a network manager can choose which devices they allow to connect to the network, and which are blocked from access. This is known as MAC address filtering.
For example, in a university, many students will use the internet in halls of residence. However, this can pose a security risk. So what they may do is allow each student to have a certain number of devices registered to their account, and only these devices can then connect. This reduces how many devices are connected to the network, as well as manage which devices are accessing particular content. If the network manager feels that a students’ browsing habits is a potential threat to the University network, they can revoke their rights, and stop their device from being able to connect.
- What type of security does this represent:Scrambling data in such a way that it can only be read using a secure key.
- encryption
- What type of security does this represent:Restricting access to a network based on a physical, permanent address of a device.
- MAC
- What type of security does this represent:Making use of user accounts and password-style measures to check the user is who they say they are.
- authentication
- What type of security does this represent:Blocking unauthorised data packets moving between a trusted and untrusted network.
- firewall