Network security starts with authenticating, commonly with a user name and a password. Since this requires just one detail authenticating the user name ie: the password this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan). Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network like wire shark traffic and may be logged for audit purposes and for later high-level analysis. Communication between two hosts using a network may be encrypted to maintain privacy.

Quick Facts about Network Security:

Homes and Businesses

basic Firewall or a unified threat management system
For Windows users, basic Anti virus Software
Using strong passwords when using a wireless connection.
Enable MAC Address filtering to keep track of all home network MAC Devices connecting to your router
Assign Static IP addresses to network devices
Disable ICMP ping on router
Review router or firewall logs to help identify abnormal network connections
Use strong passwords for all accounts and devices
For Windows Users, have multiple accounts per family member and use non-administrative accounts for day-to-day activities
Raise awareness about information security to children

Medium Businesses

A fairly strong firewall or Unified Threat Management System
Strong Anti virus software and Internet Security Software.
For authentication, use strong passwords and change them on a bi-weekly/monthly basis.
When using a wireless connection, use a robust password.
Raise awareness about physical security to employees.
Use an optional network analyser or network monitor.
An enlightened administrator or manager.
Use a VPN, or Virtual Private Network, to communicate between a main office and satellite offices using the Internet as a connectivity medium.
A VPN offers a solution to the expense of leasing a data line while providing a secure network for the offices to communicate A VPN provides the business with a way to communicate between two in a way mimics a private leased line. Although the Internet is used, it is private because the link is encrypted and convenient to use. A medium sized business needing a secure way to connect several offices will find this a good choice.
Clear employee guidelines should be implemented for using the Internet, including access to non-work related websites, sending and receiving information.
Individual accounts to log on and access company Intranet and Internet with monitoring for accountability.
Have a back-up policy to recover data in the event of a hardware failure or a security breach that changes, damages or deletes data. Disable Messenger.
Assign several employees to monitor a group like CERT which studies Internet security vulnerabilities and develops training to help improve security.

Large businesses

A strong firewall and proxy, or network Guard, to keep unwanted people out.

A strong Anti virus software package and Internet Security Software package.

For authentication, use strong passwords and change it on a weekly/bi-weekly basis.

When using a wireless connection, use a robust password.

Exercise physical security precautions to employees.

Prepare a network analyser or network monitor and use it when needed.

Implement physical security management like closed circuit television for entry areas and restricted zones.

Security fencing to mark the company's perimeter.

Fire extinguishers for fire-sensitive areas like server rooms and security rooms.

Security guards can help to maximize physical security.

School

An adjustable firewall and proxy to allow authorized users access from the outside and inside.

Strong Anti virus software and Internet Security Software packages.

Wireless connections that lead to firewalls.

Children's Internet Protection Act compliance. (Only schools in the USA)

Supervision of network to guarantee updates and changes based on popular site usage.

Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneaker net sources.

enforceable and easy to understand acceptable use policy which differentiates between school owned and personally owned devices

FERPA compliance for institutes of higher education network

References

Simmonds, A; Sandilands, P; van Ekert, L (2004). "An Ontology for Network Security Attacks". Lecture Notes in Computer Science. Lecture Notes in Computer Science 3285: 317�323. doi:10.1007/978-3-540-30176-9_41. ISBN 978-3-540-23659-7.

A Role-Based Trusted Network Provides Pervasive Security and Compliance - interview with Jayshree Ullal, senior VP of Cisco

Dave Dittrich, Network monitoring/Intrusion Detection Systems (IDS), University of Washington.

Honeypots, Honeynets''". Honeypots.net. 2007-05-26. Retrieved 2011-12-09.

The six dumbest ways to secure a wireless LAN | ZDNet". Blogs.zdnet.com. Retrieved 2011-12-09.

Julian Fredin, Social software development program Wi-Tech

Introduction to Network Security". Interhack.net. Retrieved 2011-12-09.

"Welcome to CERT". Cert.org. 2011-10-17. Retrieved 2011-12-09.

Wright, Joe; Jim Harmening (2009) "15" Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 257

Network Security