Introduction: What is network security?
In general, it is a set of measures that are taken to prevent security problems in the network. This set of measures can be implemented in the form of several solutions in the form of hardware and software services. It should be noted that many security methods are usually done by Roles.
In the Network Security discussion, roles are a set of commands and task roles that can be defined in software and hardware systems.
Types of solutions in network security issues
The following are some of the most important topics and solutions for security control at various scales. Of course, some items can be removed on a smaller scale, but if security is important, it is best to work on all the following:
- Access control means access control
- Antivirus and antimalware software means anti-virus and anti-malware software
- Application security means software security
- Behavioral analytics means performance analysis and benchmarking
- Data loss prevention means preventing data loss
- Email security means email security
- Firewall means firewall (software and hardware)
- Mobile device security means mobile device security
- Network segmentation means network segmentation
- Security information and event management means security information and event management
- VPN stands for Virtual private network
- Web security means web security
- Wireless security means wireless network security
Access control: In any small or large network, public or private, it is better to have access controlled and restricted. This is a very effective and big step in preventing security problems. This will restrict public access to the network and only authorized individuals and devices can connect to the network. Determining the restrictions for the initial connection to the network is done with items such as IP, Mac Address, and can be done in the network context by specifying accesses. One of the best complimentary solutions in this regard is to disable services and ports that are not used.
Anti-virus and anti-malware software: The use of tools such as antivirus and anti-malware is undoubtedly essential in the network. The numerous roles that exist in the heart of these tools and are constantly being updated and strengthened will prevent and prevent numerous security problems at the network level. Sometimes malware and viruses operate in secret and can cause major problems for the entire network. Fortunately, such tools are available as enterprise and corporate solutions for a variety of computer networks and can be used.
Software security: Software exists in several structures. Web-based software and computer software connected to the network must be written and used in accordance with security principles. Usually, software security problems are identified as bugs and a suitable solution is considered to solve it. It can not be claimed that the security of software is not a problem because software security in addition to the structure depends on several factors such as services and frameworks.
Performance analysis and criteria determination: By identifying normal and permissible behaviors at the network level, appropriate criteria can be developed to control abnormal and suspicious functions. After that, continuous network monitoring is necessary.
Prevent leakage and leakage of information: This issue has a very wide scope, which is known by the DLP standard. The topic to focus on in this section is Data loss prevention. Existing solutions should ensure that the network security team that confidential information is not leaked by individuals or organizations or other individuals outside the network and information security (especially confidential information) is provided.
Email Security: Email as one of the communication methods that can be a good way for hackers to infiltrate should be properly covered in terms of security. Given that there is a possibility of attacks such as phishing, malware injections, and viruses on the network by email, a suitable solution should be used to detect and deal with this issue.
Using a firewall: One of the most effective tools for controlling traffic and requests on a network platform is a firewall. This tool is available in hardware and software or a combination of the two. Of course, it should be noted that the proper function of firewalls is to properly define requests, define and determine application and update roles. Among the things that a firewall can perform satisfactorily against is blocking requests that violate access level rules and criteria and counteract denial of service (DDoS) attacks.
Mobile device security: One of the things that have become more important over time is mobile devices. Because most platforms run on smartphones, and because mobile is a personal device and it is easier for hackers to penetrate through the network than the network level, network security agents and teams must be a reliable solution to prevent security problems. To use.
Network segmentation: This can control or mitigate potential vulnerabilities from security issues. In this way, if a part of the network has a security problem with the division of the network, the whole network will not be affected.
Security Information and Event Management: There are services and tools that provide the information needed to identify and respond to threats for computer network security agents. These services and tools are usually provided by companies active in the field of organizational and corporate security solutions.
Virtual Private Network: Using a virtual private network with a secure structure if you use the ability to encrypt information and transactions performed on the network can be a good solution to ensure network security.
Web Security: This solution is used to identify malicious websites and block them, as well as to ensure website security. It should be noted that web security should be on the agenda in a special way.
Wireless Network Security: As you know, wireless networks do not have the same protection as wired networks. Therefore, maximum restrictions and control must be applied in wireless networks.
Basic concepts in computer networks
As we promised at the beginning, this article is going to be presented practically. Therefore, every effort will be made to express this matter in a simple and practical way. Before entering into the discussion of network security, it is necessary to get acquainted with a number of concepts and terms so that we can have a proper understanding of the discussion.
What are the seven layers of OSI?
To better understand network security issues, we need to become familiar with the concepts of network theory. The OSI model is one of the standards for describing network structure. In this way, the request from the client for processing goes through seven layers in the network platform to receive the desired response. Then the same path is followed in reverse to get the answer to the client. The following is a brief description of the 7 layers of the OSI model.
Layer 7 »Application Layer
When we make a request in the network through a tool or software, it is the application layer that is responsible for requesting the desired service. For example, if we enter the URL of a site in the browser, the request, which is usually for the webserver and the service Http or https, is done by this layer to connect the request.
Layer 6 »Presentation Layer
This layer is responsible for interpreting and interacting with the request made in the application layer with the lower layers. Simply put, this layer prepares requests for processing and execution at the network level. Things like interpretation, encryption, compression, etc. are done by the display layer in the network.
Layer 5 »Session Layer
The fifth layer, known as the session layer, has the task of combining and announcing the request to the desired service. For example, requesting to connect to the Http or https service is the responsibility of this layer.
Layer 4 »Transport Layer
Requests in the network platform are routed to a variety of services in a way that is converted into a set of simultaneous requests in the form of transferable strings. The transfer layer is responsible for transferring these strings at the network level.
Layer 3 »Network Layer
An understandable example that can be used for the network layer is that this layer has a function similar to mailing areas for sending messages. By sending the requests to the desired service and getting approval from it.
Layer 2 »Datalink Layer
In this layer, the identity information of the devices connected to the network is used to determine the destination of the response to the request, and after entering the first layer to the authenticated client, the request is returned to the opposite direction.
The first layer »Physical Layer
In this layer, the type of connection and the method of communication are discussed. As you know, different hardware has different communication models depending on the type of function and structure. In this layer, the connection between the hardware and the software is established.
The Kavian Scientific Research Association (KSRA) is a non-profit research organization to provide research / educational services in December 2013. The members of the community had formed a virtual group on the Viber social network. The core of the Kavian Scientific Association was formed with these members as founders. These individuals, led by Professor Siavosh Kaviani, decided to launch a scientific / research association with an emphasis on education.
KSRA research association, as a non-profit research firm, is committed to providing research services in the field of knowledge. The main beneficiaries of this association are public or private knowledge-based companies, students, researchers, researchers, professors, universities, and industrial and semi-industrial centers around the world.
Our main services Based on Education for all Spectrum people in the world. We want to make an integration between researches and educations. We believe education is the main right of Human beings. So our services should be concentrated on inclusive education.
The KSRA team partners with local under-served communities around the world to improve the access to and quality of knowledge based on education, amplify and augment learning programs where they exist, and create new opportunities for e-learning where traditional education systems are lacking or non-existent.
Professor Siavosh Kaviani was born in 1961 in Tehran. He had a professorship. He holds a Ph.D. in Software Engineering from the QL University of Software Development Methodology and an honorary Ph.D. from the University of Chelsea.