Network Security Principles
What is Network Security?
Network security is the protection of information and systems and hardware that use, store, and transmit that information. Goals of an Information Security Program
-Prevent the disclosure of sensitive information from unauthorized people, resources and processes . • Integrity
-The protection of system information or processes from intentional or accidental modification . • Availability
-The assurance that systems and data are accessible by authorized users when needed . Risk Management
• The process of assessing and quantifying risk and establishing an acceptable level of risk for the organization . • Risk can be mitigated, but cannot be eliminated .
Network Security “Threat“
• A potential danger to information or a system
• An example: the ability to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network • There may be weaknesses that greatly increase the likelihood of a threat manifesting • Threats may include equipment failure, structured attacks, natural disasters, physical attacks, theft, viruses and many other potential events causing danger or damage .[pic]
• Packet replay
• Packet modification
• A network vulnerability is a weakness in a system, technology, product or policy • In today’s environment, several organizations track, organize and test these vulnerabilities • Each vulnerability is given an ID and can be reviewed by network security professionals over the Internet. Vulnerability Appraisal
• It is very important that network security specialists comprehend the importance of vulnerability appraisal • A vulnerability appraisal is a snapshot of the current security of the organization as it now stands • What current security weaknesses may expose the assets to these threats? • Vulnerability scanners are tools available as free Internet downloads and as commercial products -These tools compare the asset against a database of known vulnerabilities and produce a discovery report that exposes the vulnerability and assesses its severity .
Risk Management Terms
• Vulnerability – a system, network or device weakness
• Threat – potential danger posed by a vulnerability
• Threat agent – the entity that indentifies a vulnerability and uses it to attack the victim • Risk – likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact • Exposure – potential to experience losses from a threat agent • Countermeasure – put into place to mitigate the potential risk
Application and Network
In a market undergoing changes at tremendously high speed and in fierce competition, a security event compromising availability, continuity or confidentiality in the systems and data that support your organization may make the difference between failure and success. In this context, having high computer information security levels available proves essential to carry out the main organization’s objective successfully. Professional computer information security services are Bonsai’s core business, and our most outstanding field of knowledge. Professionals working at Bonsai have carried out far-reaching projects with international financial entities, retail companies and .com companies, among others. Following is a list of the professional services we provide: 1. Web Application Penetration Testing
2. Penetration Testing
3. Code Review
4. Android Application Penetration Testing
5. TCP/IP Stack Testing
Firewalls - Principles, Types, & Requirements
This article explains general firewall topics, including principals, types of firewalls, and...
Please join StudyMode to read the full document