Technical Explainer
the words network security surrounded by various IT-related icons Alamy
Security>Network Security

What Is Network Security? Basics and Types of Security for Networks

This guide examines the basics of network security, explaining common threats, key benefits, and foundational tools.

At its most basic level, network security is the practice of protecting all resources within a network from various threats. These protected resources include network hardware and the data that it contains. At the same time, network security practices can extend to humans, as attackers frequently target individuals through methods like phishing messages or social engineering attacks to gain access to the network.

Network Security Threats

When developing a network security policy, it is important to consider the array of threats that could compromise your network. Without a clear understanding of the potential risks, it is impossible to adequately secure your network.

Malware and viruses

Related: Network Security Engineer: Job Description, Requirements, and Training

Malware and viruses are among the greatest threats to network security. There are many different types, with some posing more danger than others. At the less severe end of the scale, malware infections may result in sluggish computer performance, unwanted ads, or disruptions to application performance. On the opposite end of the scale, potent forms of malware can overwrite critical data, launch ransomware attacks, or act as a backdoor for unauthorized access by attackers to your system.

Attackers

The term "attackers" usually refers to cybercriminals aiming to gain unauthorized access to a network. However, there are also attackers whose goal is to disable or destroy a network without necessarily accessing it.

Related: Cybersecurity Basics: A Quick Reference Guide for IT Professionals

Phishing emails serve as a common method for attackers to breach a network. If a user clicks a malicious link within such an email, they might inadvertently install a backdoor, enabling the attacker to access the system.

Additionally, attackers use social engineering attacks to trick users into disclosing passwords or other sensitive information.

Threats

Numerous threats to network security extend beyond those posed by malware and attackers. For example, an organization may face insider threats. An insider threat is a situation where a user with authorized access to certain systems decides to misuse that access to either steal data or harm the organization.

Hackers

Hackers and attackers share a common goal of seeking unauthorized access to network resources. However, their methods differ significantly. While attackers often rely on malware, phishing attacks, and other methods, hackers use skill and an in-depth knowledge of computer systems and their defenses. Hackers aim to identify and exploit weaknesses within the systems they target.

Malware attacks

Malware attacks can happen in a variety of ways. For example, users might accidentally trigger an attack by clicking a malicious link or opening an infected document. Similarly, visiting a compromised website can lead to a malware infection.

It is worth noting that either attackers or hackers can initiate malware attacks. After gaining unauthorized access to a network, criminals may plant and then manually trigger a malware attack. For instance, an attacker might unleash ransomware to sabotage the organization’s network, aiming to extort a ransom payment.

Security breaches

A security breach is a broad term for any instance where someone gains unauthorized access to a network, whether through stolen credentials or by using a backdoor or other mechanism to circumvent established security controls. Any unauthorized entry into a network is considered a security breach, regardless of whether the attacker accessed any data. If the intruder does manage to gain access to data, the incident is then classified as a data breach.

Risks

Risks are a generic term for any factor that could potentially undermine a network’s security, regardless of whether the related actions are intended to be malicious.

Shadow IT is a classic example of such a risk. Users, feeling constrained by the IT department’s restrictions, may attempt to “go around” these restrictions to get their jobs done more easily. This can mean installing unauthorized software or setting up unapproved cloud subscriptions. In any case, shadow IT is problematic because it places data outside of an IT department’s control and oversight, potentially making it vulnerable to attack.

Vulnerabilities

There are two main types of vulnerabilities.

The first type is a software vulnerability, where a flaw in a piece of software could be exploited by an attacker to gain access to the system. Software vendors routinely release patches to address these vulnerabilities as they are discovered.

The second type is associated with misconfiguration. For example, an administrator might accidentally disable a security feature or grant excessive permissions, creating a vulnerability that an attacker could exploit.

The Importance of Network Security

In today’s world, network security is absolutely essential, with many organizations even going so far as to adopt a “security first” approach when implementing IT systems. To be effective, network security must achieve several key objectives.

Network security protects valuable information

An organization’s data is immensely valuable to attackers, who may attempt to take control of it to coerce the organization into paying a ransom. The value of data extends even beyond ransomware and extortion, however. Cybercriminals have been known to sell an organization’s stolen data to competitors. Additionally, personally identifiable information within the data is often sold on the dark web and used in identity theft schemes.

Network security improves the security of computers

For network security technology to be successful, it must prioritize network endpoint security. The devices, such as computers and tablets, used daily by employees often act as entry points for attackers. Attackers will seek to gain access to an end user’s device through methods like malware or stolen credentials. Once access has been established, the attacker uses the compromised device as a launching pad to escalate their credentials and gain entry to other network resources.

Network security increases the security of the perimeter system

Network perimeter defenses are not quite as important as they once were due to trends like cloud services, bring-your-own-device (BYOD), and remote work. These trends have placed a considerable portion of an organization’s IT resources outside of the traditional network perimeter.

Even so, resources that reside within the network perimeter tend to be some of the organization’s most sensitive assets. As such, the importance of maintaining effective perimeter defenses cannot be ignored.

Network security increases the security of Wi-Fi networks

Nearly every organization has a Wi-Fi network, which has its own security challenges that must be addressed. While an organization can use native Wi-Fi security controls like encryption and strong passwords to defend against attacks, there is far more that should be done. Many organizations treat their Wi-Fi networks as untrusted and implement controls similar to those used for VPN connections. Doing so enhances the overall security posture of the Wi-Fi network.

Network security protects against malware attacks

Malware attacks are hugely problematic, with their frequency steadily rising each year. Worse still, all it takes is a single careless click from a user for an organization to become infected.

Antimalware software is the first line of defense against these attacks, but it is equally important to limit the potential blast radius. Malware can only compromise the resources accessible to the user who triggered the infection. Hence, organizations can mitigate potential damage from a malware attack by assigning users the minimal level of permissions required for their specific job roles.

Network security increases the security of email services

Each day, cybercriminals launch countless attacks by email. The email’s messages may contain deceptive text, harmful links, malicious attachments, or other damaging content.

The most effective defense against these attacks is to use a filtering service to intercept and eliminate harmful emails before they reach a user’s inbox. However, it’s worth noting that despite these preventive measures, some harmful emails may still get delivered. Therefore, it’s important to use antimalware software and other defensive tools to provide an additional layer of protection.

Network security protects against denial-of-service attacks

Attackers sometimes use bot networks to execute denial-of-service attacks against a target. The goal of these attacks is to flood the victim’s network with an overwhelming volume of traffic, causing the systems to become unresponsive, slow to a crawl, or even crash. A good network security plan should include a strategy for dealing with denial-of-service attacks.

Basic Components of Network Security

IT pros have access to literally thousands of network security tools, although most of these tools fall into a handful of distinct categories.

Firewall

A network firewall is a device designed to filter inbound and outbound network traffic according to a predefined set of rules. For example, packets might be filtered based on their destination address, port number, or the protocol in use. The firewall’s job is to ensure that only legitimate traffic is allowed to enter or exit the organization’s network, blocking all other traffic.

Intrusion detection system (IDS)

An intrusion detection system is designed to monitor a network and attached systems for anomalies that could indicate a potential attack.

There are two main types of intrusion detection systems:

  • A network-based IDS is strategically positioned within a network to analyze real-time network traffic.
  • A host-based IDS is installed directly on a network host and is responsible for monitoring and analyzing the activities specific to that host.

Antivirus software

Antivirus software is designed to detect and prevent the impact of malware before it can inflict damage. Antivirus software uses a virus signature database to compare software against known malware signatures. Additionally, most antivirus software uses heuristic techniques to identify malware for which no signature exists.

Intrusion prevention system (IPS)

Intrusion prevention systems share similarities with intrusion detection systems, but they go a step further by actively preventing security incidents. Like an IDS, an IPS conducts real-time monitoring. However, an IPS goes beyond basic anomaly detection, containing a signature database that identifies activities indicative of an attack.

Network protocol analyzer

Network protocol analyzer tools assist in monitoring and evaluating traffic. Although Wireshark is arguably the most popular protocol analyzer, it is far from being the only available option. Wireshark provides a GUI interface that IT pros can use to visualize network traffic patterns, which can be especially important during an attack. Additionally, traffic can even be color-coded to make identification easier.

Email security

Email security tools are usually cloud-based and work by scanning both incoming and outgoing messages for security threats. These tools can detect various issues, such as spam, phishing attempts, and messages containing malicious attachments.

Some email security tools are integrated with data loss prevention software. The integration can help prevent end users from sending sensitive data via email.

Network segmentation software

Network segmentation is a technique for dividing a network into smaller segments using VLANs or software-defined networking mechanisms. Network segmentation can improve network performance and security. For example, traffic related to a specific application can be confined to a dedicated segment rather than traverse the entire network. Additionally, administrators can define which systems are permitted to connect to particular network segments, providing further control over network access.

Security architecture

Security architecture refers to the idea of constructing a network in a way that ensures the protection of its resources. Instead of relying on a single security mechanism, a good security architecture is based on defense in depth. This approach involves strategically positioning a variety of security mechanisms throughout the network to enhance overall security measures.  

About the author

Brien Posey headshotBrien Posey is a bestselling technology author, speaker, and 21x Microsoft MVP. In addition to his ongoing work in IT, Posey has trained as a commercial astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space.
TAGS: Vulnerabilities and Threats
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
The headquarters of MITRE in McLean, Virginia
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
Apr 22, 2024
Clorox products in a manufacturing facility
Clorox Audit Revealed Cybersecurity Flaws at Its Plants in 2020
Mar 26, 2024
shadow of a hand on a keyboard
Leveraging Shadow IT to Drive an Enterprise Integration Strategy
Feb 28, 2024
digital padlock icon
Ivanti Gets Poor Marks for Cyber Incident Response
Feb 13, 2024