Where there is a computer network, security threats exist there. Security threats can be from inside network and from outside network. In a company, when employees are given access to network, security risk increases. Administrator must control network security threats.
Security threats from outside the company are extremely dangerous. A lot of companies use the same service provider’s network which increases the threat level.
These are some steps to be taken for reducing security threats over network.
To reduce security threats over internet you need to install firewall on networking equipment. Firewall prevents unauthorized visitors to access your data over internet.
Packet Filtering Firewalls are used in networking devices that connect local network to the internet. Packet Filtering Firewalls perform on the rules of ACLs. All the malicious packets are dropped. The main advantage of using Firewalls is low cost and less resources used for security. These firewalls work perfectly on network layer but their performance is affected in complex networks.
Circuit Level Gateways Firewalls are usually deployed for security at session layer and they monitor sessions like TCP. These firewalls are less expensive and provide security for complete private network. The major disadvantage of these firewalls is they do not filter individual packets which may be harmful for the network.
Application Level gateways Firewalls are deployed at the application layer level and provide protection for application layer level protocols. These firewalls are more useful than others as they can provide more protection from anonymous connections which try to access your virtual network.
Stateful Multilayer Inspection Firewall is the combination of all the firewalls and these provide protection for network layer, session layer and for application layer protocols.
Intrusion Detection System
Intrusion Detection System detects and reports the threats on network. Intrusion Detection Systems may be hardware or software which monitors all activities on the network, detects the malicious activities and report to the management stations. Many types of ID systems are used for detecting suspicious traffic. Network based (NIDS) and Host based (HIDS) systems are used. ID systems keep record of the suspicious traffic and report to management stations when threats detected. NIDS systems are installed for securing overall network and are placed at access points which monitor all outgoing and incoming traffic of a subnet. While HIDS systems are used for individual systems and installed on single workstations that monitors traffic coming to that specific work station.
Intrusion Prevention System
Intrusion Prevention System’s function is to detect threats on the internet and to stop/block them and report them. IP systems are extension of ID systems. As Intrusion Prevention system monitors all the activities on the network, detects the malicious activities and blocks them to operate. IPS takes these actions by alerting by an alarm, dropping the suspected packet, resetting the connection or by blocking the IP address from where threats originate.
Intrusion Prevention Systems use three methods to block threats.
1. Signature-Based Detection
2. Statistical anomaly-based detection
3. Stateful Protocol Analysis Detection