Jones IT | Managed IT Services, IT Support, IT Consulting

View Original

Fundamentals Of Computer Network Security

To mount an effective defense against network security threats, the first step is to gain a thorough understanding of the fundamentals of network security.



In this blog post, we will discuss these fundamentals including its architecture, key concepts of network security, and the controls and resources available.



Let’s, first of all, look at how a network is built, i.e. the networking architecture.

See this content in the original post

A networking architecture refers to how devices in the network are organized. All networking architectures fall into two categories- peer-to-peer (P2P) or client/server architecture.


Peer-To-Peer Model

In a peer-to-peer or P2P network model, all the devices on the network have equal privileges as well as responsibilities. Every node on the network can serve as a storage device. So files on one device can be shared with every other device on the network. In addition, the resources such as printers connected to one device are also visible to all other devices on the network. Most home networks are typically built using this architecture. 


Client-Server Model

A client-server network architecture consists of a central controller called a “server” to which all devices called “clients” are connected. The server does all the heavy lifting, handling operations such as storage, processing of client requests, and security. The client/server model is the preferred architecture for enterprise networks. Most large networks, such as wide-area networks (WANs) are built using the client/server model.


Edge Computing

In recent years, a hybrid network architecture is gaining popularity owing largely to the rapid adoption of the Internet of Things (IoT). In this network architecture, the server delegates some of its storage and processing responsibilities to devices, called edge devices, located closer to the client machines.


Network Client

Traditionally, a network client is a device that can't perform computing operations on its own. It simply serves as a terminal that gives access to and interacts with a more powerful computer (server) capable of performing such operations. Of late, network clients have transformed and include hardware as well as software systems that interact with resources or services offered by a network server.

In a client/server model, the following types of clients are typically used:

  1. Thick Client: Popularly known as a workstation, the thick client is the most common type of network client in modern networking. It is able to store and process data locally without having to depend on the server. Thick clients have minimal interaction with a server, typically, only interacting with servers to store or retrieve files on a shared network drive.


  2. Thin Client: This is the traditional type of network client, which completely relies on a server for computing. An example of a thin client is a web application that requests information from a server over the internet and displays it on the client device on which it is running.


  3. Hybrid Client: This type of client combines the features of thick and thin clients. Hybrid clients can do limited processing locally but rely on the server for data storage. Online gaming is an example of a hybrid client as it combines local processing on the player's device with interactions with remote game servers.


Server

Typically a server is a computer with a large processing capacity and vast amounts of storage. The server, working along with switches, routers, load balancers, and firewalls, forms the backbone of the network. Historically, servers comprised of large hardware that demanded their own rooms, but of late, servers can be physical or virtual as well as on-premises or in the cloud. But no matter the type or the scale, be it a small local area network (LAN) or a massive network like the Internet, the servers work on the same principles.


Server Models

Depending on how the resources are shared and how communication happens, the server-client model can be classified into the following types:


  • Request-response: In this model, the client sends a request to the server and based on that request, the server performs some action. And finally, the server sends back a response, which can be either the result of a request or simply an acknowledgment.


  • Publish-subscribe: In this model, the clients can subscribe to a service on a server. And when the server receives new information, it sends a response to subscribed clients. An RSS feed is an example of this type of server model.

Key Concepts of Network Security

One of the main aspects of network security is keeping communications secure. And communication security involves the following:


1. Privacy

Privacy means the assurance that clients and the server can expect that only authorized individuals can access data. Only the intended receivers must receive and be able to understand the message. This is generally achieved using encryption to mitigate the risks of message interception and eavesdropping.


2. Integrity

Integrity means the assurance that the communication has not been modified or tampered with and will reach the receiver exactly as it was sent. There must be no changes in the content of the communication, neither maliciously nor unintentionally.


3. Availability

Availability means the assurance that the network and its resources are available to authorized users when they need them. While the network is available, the network infrastructure must also be performing its intended function.


4. Authentication

Authentication refers to the verification of the identity of a user or device on the network. It means assurance that the receiver can be sure of the identity of the sender and vice versa.


5. Non-Repudiation

Non-Repudiation is the ability to trace actions back to the user or device that performed them. The receiver must be able to prove that the received message came from a specific sender and the sender must not be able to deny sending any message that they sent.

See this content in the original post

A secure network means that only authenticated and authorized users are allowed to access network resources. But what do these terms mean? Let’s take a closer look… 

See this content in the original post

Authentication is the process of verifying that users and services on your network are who they claim to be. In simple terms, it is a way for the network to separate legitimate users from unwarranted ones.



Here are some common methods of network authentication:

  • Password Authentication

Password authentication is the most common form of network authentication. It involves the user entering a unique username-password combination to gain access to the network.



We’ve discussed passwords as a form of authentication in great detail in our earlier blog post: The Only Password Advice You Need. Be sure to check it out to learn about how passwords are evolving, best practices, misconceptions, and what the future holds for passwords.

  • Two-Factor Authentication

Two-Factor Authentication (2FA) requires users to provide two different methods of authentication- usually, a username-password combination and a one-time password (OTP) or security code.



The additional authentication method adds a layer of security to the user account, making it difficult for unauthorized users to access it even if they steal the username and password combination.

  • Token Authentication

Token authentication is similar to 2FA but uses a device purpose-built for authentication. These devices are usually small physical units that display periodically changing random numbers, which serve as the second authentication method.

  • Biometric Authentication

Biometric authentication uses personal attributes such as a thumbprint or retina scan as an authentication method.

  • Transactional Authentication

Transactional authentication is based on the user’s usage characteristics. For example, if a user requests access from a location or device, which is different from their usual one, the system will prompt them for additional verification steps before authentication.

  • Single Sign-On

In Single Sign-On (SSO) authentication, users gain access to multiple accounts or services using a single set of credentials. For example, when a user signs in to their mail application, they are automatically authenticated across all other tools, and applications used by the organization.



Modern business networks are cloud-first and mobility driven, and have to contend with dynamic technology and threat landscapes. This means that rudimentary network security methods such as password authentication are no longer effective in protecting corporate networks. There is a need for authentication, irrespective of the location of the user and this brings a host of security risks. To mitigate such risks, the Zero Trust security framework is becoming increasingly common among organizations to bolster their authentication processes.

See this content in the original post

Network authorization is the process of verifying whether or not an authenticated user has permission to access the resources or services they're requesting. Authorization, also known as permission or privilege, is typically linked with authentication to ensure that the system knows the identity of the client requesting access.



Authorization must always follow authentication. This ensures that before access to resources is granted, the identity of the user is verified to be genuine. Examples of authorization include giving a user read access to files on a shared network folder, giving administrative access to an application, etc.

When granting users authorization or privilege, it is a good practice to follow the Principle of Least Privilege (PLoP). The principle of least privilege is a security concept where users as well as applications and systems are given access rights to only those resources that are required for performing their legitimate functions. PLoP can play an instrumental role in reducing security risks arising from external network attacks as well as insider threats and errors.



In summary, authentication is the process of confirming whether a network client or user is who they claim to be by asking for credentials including username-password combination and other authentication methods. Authorization, on the other hand, is the process of confirming whether the network client or user has permission to perform an action on the resource or access the service. Authentication must happen before authorization.

Conclusion

Corporate networks are always a hot target for attackers looking to steal information and render services and resources inaccessible. The role of a network administrator, among other things, is to ensure that their network is safe from such attackers. While there are a wide variety of tools and resources available to the network administrator, a thorough understanding of the fundamental concepts of network security discussed above is essential for making the best use of network security tools, applications, and systems.

Recommended further readings:

  1. How To Defend Your Network - Network Security Basics

  2. Network Security Best Practices For Businesses

  3. The Ultimate Network Security Checklist


If you liked the blog, please share it with your friends

See this content in the original post