Network security is the security provided to a network from unauthorized access and risks. It is the duty of network administrators to adopt preventive measures to protect their networks from potential security threats. Show Computer networks that are involved in regular transactions and communication within the government, individuals, or business require security. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password. Types of Network Security DevicesActive DevicesThese security devices block the surplus traffic. Firewalls, antivirus scanning devices, and content filtering devices are the examples of such devices. Passive DevicesThese devices identify and report on unwanted traffic, for example, intrusion detection appliances. Preventative DevicesThese devices scan the networks and identify potential security problems. For example, penetration testing devices and vulnerability assessment appliances. Unified Threat Management (UTM)These devices serve as all-in-one security devices. Examples include firewalls, content filtering, web caching, etc. FirewallsA firewall is a network security system that manages and regulates the network traffic based on some protocols. A firewall establishes a barrier between a trusted internal network and the internet. Firewalls exist both as software that run on a hardware and as hardware appliances. Firewalls that are hardware-based also provide other functions like acting as a DHCP server for that network. Most personal computers use software-based firewalls to secure data from threats from the internet. Many routers that pass data between networks contain firewall components and conversely, many firewalls can perform basic routing functions. Firewalls are commonly used in private networks or intranets to prevent unauthorized access from the internet. Every message entering or leaving the intranet goes through the firewall to be examined for security measures. An ideal firewall configuration consists of both hardware and software based devices. A firewall also helps in providing remote access to a private network through secure authentication certificates and logins. Hardware and Software FirewallsHardware firewalls are standalone products. These are also found in broadband routers. Most hardware firewalls provide a minimum of four network ports to connect other computers. For larger networks − e.g., for business purpose − business networking firewall solutions are available. Software firewalls are installed on your computers. A software firewall protects your computer from internet threats. AntivirusAn antivirus is a tool that is used to detect and remove malicious software. It was originally designed to detect and remove viruses from computers. Modern antivirus software provide protection not only from virus, but also from worms, Trojan-horses, adwares, spywares, keyloggers, etc. Some products also provide protection from malicious URLs, spam, phishing attacks, botnets, DDoS attacks, etc. Content FilteringContent filtering devices screen unpleasant and offensive emails or webpages. These are used as a part of firewalls in corporations as well as in personal computers. These devices generate the message "Access Denied" when someone tries to access any unauthorized web page or email. Content is usually screened for pornographic content and also for violence- or hate-oriented content. Organizations also exclude shopping and job related contents. Content filtering can be divided into the following categories −
Intrusion Detection SystemsIntrusion Detection Systems, also known as Intrusion Detection and Prevention Systems, are the appliances that monitor malicious activities in a network, log information about such activities, take steps to stop them, and finally report them. Intrusion detection systems help in sending an alarm against any malicious activity in the network, drop the packets, and reset the connection to save the IP address from any blockage. Intrusion detection systems can also perform the following actions −
Intrusion prevention and the firewall are part of Network Threat Protection. Network Threat Protection and Memory Exploit Mitigation are part of Network and Host Exploit Mitigation. Intrusion prevention automatically detects and blocks network attacks. On Windows computers, intrusion prevention also detects and blocks browser attacks on supported browsers. Intrusion prevention is the second layer of defense after the firewall to protect client computers. Intrusion prevention is sometimes called the intrusion prevention system (IPS). Intrusion prevention intercepts data at the network layer. It uses signatures to scan packets or streams of packets. It scans each packet individually by looking for the patterns that correspond to network attacks or browser attacks. Intrusion prevention detects attacks on operating system components and the application layer. What is Intrusion Prevention System (IPS)? An Intrusion Prevention System (IPS) is a security solution that provides security against unauthorized access and malicious activities at the network level. Unlike Intrusion Detection System that only monitors the network traffic, an Intrusion Prevention System also ensures protection against intrusions that takes place on the network. Main function of an Intrusion Prevention System is to analyze all the inbound and outbound network traffic for suspicious activities and perform appropriate actions instantaneously to prevent the intruders from entering into the internal network. IPS offers proactive detection and prevention against unwanted network traffic by preventing it to reach to its intended victim. An IPS, when deployed correctly, immediately drops the detected unwanted or malicious data packets that may cause severe damage to the network and the resources that the network may have. An Intrusion Prevention System can be quite handy against various network security attacks such as brute force attacks, Denial of Service (DoS) attacks, vulnerability detection. Moreover, an IPS also ensures prevention against protocol exploits. The other functions that an Intrusion Prevention System can perform include: How Intrusion Prevention System Works? An Intrusion Prevention System is considered to be a pretty secure solution as compared to Intrusion Detection System due to its proactive threat detection and prevention capabilities. An Intrusion Prevention System works in in-line mode. It contains a sensor that is located directly in the actual network traffic route, which deep inspects all the network traffic as the packets passes through it. The in-line mode allows the sensor to run in prevention mode where it performs real-time packet inspection. Because of this, any identified suspicious or malicious packets are dropped immediately. An Intrusion Prevention System can perform any of the following actions as it detects any malicious activity in the network: Intrusion Prevention System uses four types of approaches to secure the network from intrusions which include:
Categories of Intrusion Prevention System
A firewall that has integrated Network-Based IPS feature contains at least two Network Interface Cards (NICs). One is selected as internal NIC and is connected to the internal network of the organization. The other NIC is selected as the external one and is connected to the external link, which in most cases is the Internet. As the traffic is received at either of the NICs, it is deep inspected by the detection engine of integrated NIPS. If the NIPS perceives a malicious data packet, it instantaneously drops the data packet and alerts the network security personnel about the event. After detecting a single malicious packet from the source, it then immediately discards all the other packets arriving from that particular TCP connection, or blocks the session permanently. |