Network security is so important to many companies, organizations and government entities that some networking specialists make a living as network security engineers. Their duties include protecting computer networks against threats such as viruses, hackers, espionage and disgruntled employees. Many security breaches have lead to some red-faced network specialists as they realize that the fix for that security hole should have been an obvious one. Alert network specialists can proactively recognize security issues and put countermeasures in place so that they can prevent most casual attacks and react faster when a developing security breach does occur.
Common Network Threats
- Denial of Service (DOS): These are designed to deny service over a network or between minutes. Types include data destroyers that can detect and block data packets, crashers designed to separate a host from the network from the rest of the network, and flooders that send so many packets that any network that tries to respond to them will be overwhelmed. A variation is the Distributed Denial of Service (DDOS) attack, in which the attack will start by taking over several machines, usually third-party computers that weren’t secured very well, and using them as automated “bots” to assist in the attack.
- Port scanners: If you detect a pattern of suspicious traffic from any particular IP address, that might be a potential attacker scanning your TCP ports to discover open ones as a prelude to a more serious attack. So be sure to turn off ports you don’t need and secure ones you do as part of your security regimen.
- Worms: These are self-replicating programs that can jump from host to host.
- Keystroke loggers: A keystroke logging program is an easy way for attackers to pick up passwords and other sensitive data. The strength of your passwords won’t matter much if attackers are picking them up as your network users type them in.
- Phishing: This is a common “social engineering” attack. We’ve all gotten “phishing” emails from somebody pretending to be our bank. These pretend to direct us to the bank’s website, but it’s actually a bogus site meant strictly to snag our bank information. Phishing attacks can take many forms. Don’t fall for these if you don’t want your bank account to be drained or your organization’s important information to be stolen.
- Malware: Malicious software. The damage these can do is limited only by the attacker’s imagination and the strength of your security procedures.
Devices like the Adaptive Security Appliance and Intrusion Protection System (both pictured above courtesy of TigerDirect) can be used as part of your network security efforts.
- Firewalls: These can function at the hardware level and various layers of the OSI model to suit your security needs. Firewalls can be designed to scan ports, protocols and applications for unauthorized activity, set up DMZs that divide what the outside world can access from your internal network, and set up trusted and untrusted zones. Cisco has a device called an Adaptive Security Appliance (ASA) that counters phishing attacks, spam and viruses and also optionally handles NAT, VPN and intrusion protection. Another device is the Intrusion Protection System (IPS), which focuses on prevention, monitors for suspicious activity, monitors logs/reports and blocks/prevents anything that looks suspicious, and upgrades and updates system status.
- Network Hardening: This is a big part of the network security engineer’s duties. Common network hardening tasks include choosing strong antivirus software and firewall components and keeping them updated, making sure routers and switches stay updated, using strong passwords or upgrading to biometrics, and developing security strategies that include role-specific devices such as the ASA and IPS manufactured by Cisco.
- Education and Security Policies: Employees outside of your Information Technology department can take an active part in securing your network. Encourage senior management to hold workshops that show how the average employee can help prevent social engineering attacks and work with them to develop a clearly outlined and enforced security policy.
- Take steps to stop disgruntled employees: Encourage your HR department to update you when an employee is no longer employed by the company so that you can disable any access the former employee has with the company. That includes disabling his security badge if applicable. You don’t need details, you just need to take steps to keep that employee who left under bad circumstances from coming back to haunt you.
- Stop Industrial Espionage: Turn off the USB, floppy drive and CD-ROM ports to prevent people from walking off with USB flash drives and disks full of data. Keep logs of the bandwidth and resources that network users are accessing and check them often. Keep up with each user’s permissions to use network resources, including access to files.
- Proactive approaches to attacks: An alert network specialist can stop an attack that gets through the rest of your defenses. Most specialists are going to be very busy and might not spot an attack for several minutes, hours or even a few days. So it helps to have someone on staff whose job is to monitor your security status and take countermeasures when your defenses are breached. If you don’t think you have the budget, you can either educate senior management on how costly an attack can be and propose hiring a network security engineer who can prevent and react to security threats, or check the security logs on a frequent basis and respond to events.
Start Your Career in Network Security
More Network Security Supplies on eBay