Summary

The goal of network security is to provide users with access to necessary network resources, while preventing access against known and unknown, internal and external, threats. Network or system threats are categorized as follows:

• Denial-of-service (DoS) The attacker sends more requests to a host (such as a web server), than the host can handle.

• Unauthorized Access The attacker accesses host resource that would not otherwise be available to that person.

• Illicit Command Execution Unauthorized persons executing commands on an organization's servers.

• Confidentiality Breaches Access to certain, potentially damaging, information through the compromise of a normal user account.

• Destructive Behavior There are two types destructive attacks: changing the data and destroying the data

There are many ways that attackers can access or abuse unprotected networks or hosts (computers), the most popular being via the introduction of macros or viruses to a network system.

Firewalls are an effective solution against most network attacks because they can stop an attacker outside the network from logging into a computer inside the network and wreaking havoc on network resources. Intrusion Detection Systems (IDSs) are another effective solution against most network attacks. IDSs detect the inappropriate, incorrect, or anomalous activity impacting network and its resources. An intrusion can include a network attack from the outside (intruder or unauthorized user) or from an internal network user (misuse).

IDSs are implemented in one of two ways:

• Host-based Detection software is loaded on the host the IDS will be monitoring.

• Network-based (NIDS) Packets on the network and audit data from several hosts are monitored on a particular network segment.

Firewalls and IDSs can be placed anywhere within a network, but the most common and effective placements are at the network perimeter, the network backbone, and network server farms.