Computer networks make our lives easier. We have more information at the tips of our fingers now than at any other time in history. We can buy things from around the world with the click of a virtual button.
It's brilliant. It's also dangerous.
Networks aren't just convenient, they're complicated systems designed to facilitate the transfer of billions of bits of data every second. If history has taught us anything, it's that if someone creates a complicated system, someone else will want to figure out how it works and how they can make it work in ways different from the way the designer intended. When the specific system is a network, we call the people who use the system with unauthorized intent "hackers". Some people take offense to the term "hacker", claiming that the true identification should be "cracker" for someone who has malicious intent, and a "hacker" is someone who is just curious and interested in finding out how the system works. It's semantics. Hacker or cracker, the title isn't necessarily important, a person who is intent upon breaking into a computer system is the bad guy. Period.
So how do the good guys stop the bad guys? Layers.
The two major categories for network security are host-based and network-based. Host-based security focuses on each individual computer on the network (for the sake of this article, a computer is a server, laptop, or desktop, not a network appliance or device such as a router or switch). Network-based security focuses on the kinds of data that crosses into and out of the network. Both have their benefits and problems. Using both creates a more secure environment.
So let's take a look at some of the methods used to secure a computer network.
Firewall
A firewall is, essentially, a device designed to permit and deny specific types of traffic, based upon rules written by a security administrator. A firewall is designed to have traffic enter one of its network interfaces and exit another of its network interfaces (an interface is where the network cable gets plugged in). In order for the firewall to allow traffic from one interface to another, it must have rules that allow that traffic to go from one interface to another.
For example, if one of the interfaces is called "external" and the other (there are often more than two interfaces used on a firewall, but for the sake of simplicity, only two are needed to illustrate how it works) interface is called "internal". The external interface, because it faces the Internet and, subsequently, faces millions of potential intruders is called "untrusted". The internal interface is called "trusted", because it faces the local network and the security administrator has more control over the local network.
Traffic that passes from the internal, trusted interface to the external, untrusted interface will be allowed to pass more easily than traffic that comes from the external destined for the internal. Regardless of the source, internal or external, the firewall references rules that are put into place by the security administrator. These rules allow certain computers to connect to certain other computers based upon what tasks need to be done. For example, if one internal host wants to surf to www.google.com, the firewall to check its rules to make sure, the internal host is allowed to surf specifically to www.google.com? If the rules state, in one way or another, that the internal host is allowed, the firewall allows the computer to reach www.google.com. If the host isn't allowed, the firewall will block the traffic. A firewall typically blocks traffic by default and it must be told to allow specific kinds of traffic.
Intrusion Prevention System
While a firewall concerns itself with the source of the traffic, the destination of the traffic, and the kind of traffic (web traffic, file transfer traffic, email, etc), an Intrusion Prevention System (IPS) concerns itself with additional information. An IPS cares about all the same things a firewall cares about, but it also looks at the kind of information that is passed between two hosts. If an IPS notices a particular pattern in the traffic it sees and it has a rule (called a filter) that indicates some kind of malicious attempt, it will block the traffic. If traffic doesn't match any of the filters, the traffic will be allowed. IPSs typically allow traffic by default and must be told to block certain kinds of traffic patterns.
Email gateway
An email gateway concerns itself with only one kind of traffic: email. The biggest issue regarding email is SPAM. SPAM is basically unsolicited bulk email messages. Putting bluntly, SPAM sucks.
Aside from SPAM, though, email gateways prevent malicious email traffic from getting into the local network. Malicious email traffic includes emails with questionable attachments or questionable links.
An email gateway concentrates its efforts on preventing unsolicited and malicious emails from reaching their destination. It does this by referencing a list of known SPAM senders and known malicious attachments and links. If the email gateway thinks the message is SPAM or contains a malicious attachment, it will drop the email and prevent it from getting to the destination.
Web Proxy
A web proxy is an appliance or application that deals only with web traffic (that's oversimplifying it, but it is accurate), just as an email gateway only looks at email traffic. A firewall allows or denies traffic based upon sender, destination and what the sender wants to do. An IPS blocks traffic that it thinks is malicious regardless of who sent it or where it is going.
A web proxy blocks web sites based upon how the sites are categorized by the proxy. For example, if a web proxy determines that www.google.com is categorized as a Search Engine site (which it is), and it has a rule that blocks all sites categorized as Search Engines, then nobody would be allowed to surf to www.google.com.
Encryption
Encryption is a huge topic of discussion. Too huge, in fact. Suffice it to say that encryption is a method of hiding information to prevent unauthorized users from accessing it. It doesn't hide the information like an Easter egg, but hides the information by making it unreadable. To read the information, the reader must have a way to decrypt the information.
Unauthorized network users would be prevented from reading any data they obtained if it was encrypted. Decryption is possible, but it often takes more time, money and energy than it is worth.
Anti-virus
The main contemporary method the bad guys use to gain unauthorized access to a network is by attacking the individual users, because all it takes is one uninformed or apathetic user to click on something and allow the bad guy access. The term "virus" has become a catch all for any kind of malicious program. There are different kinds of malicious programs: viruses, trojan horses, worms, etc. The differences in these types of programs are nuanced, but suffice it to say that they are intended to harm. The method used to prevent this kind of attack is anti-virus software.
Anti-virus software uses signatures to recognize malicious programs and remove them from the infected system. If the anti-virus software doesn't have a signature, it will not stop the malicious program. Keeping anti-virus software up-to-date is time consuming and is made more difficult by the fact that some anti-virus software will misidentify legitimate software as malicious and prevent the legitimate program from being used (called a "false positive").
Passwords
The best is saved for last. The weakest link in any network security scenario is people. Machines will break down, but they don't make mistakes. Machines only do what they are programmed to do. People make mistakes; they behave erratically. It only takes one inattentive person to allow the bad guys to bring down the entire network. One of the simplest methods the bad guys use is called "brute force" password guessing. This is done by attempting to guess simple, easy, or blank passwords on user accounts. Password complexity makes a bad guy's job exponentially difficult. The best advice is to have passwords that are eight characters or longer with uppercase, lowercase, numbers, and special characters. Special characters include: @*$^&#*@.
Using a passphrase to implement these good password characteristics helps. For example, using the phrase "Helium is the best site for writers on the Internet" could be written as: H1tb$4w0tI.
Conclusion
Using multiple methods and appliances is the best way to prevent the bad guys from unauthorized access to a network. Blocking sources, types of traffic, malicious programs, and using strong passwords stands the strongest chance of securing any network.