The Essence of Network Security:
* Allow everything to be accessible and secure at the same time. What exactly does this mean? It means that all your local and network resources need to be made accessible all the time, but to only the right people. It is the second part of this statement that causes difficulty. Most administrators have no problem making the resources available, but the issue of "to only the right people" is where the confusion begins. Who are the "right people"? Who decides who the "right people" are? Is it possible for someone to be considered in the "right people" group only during certain hours of the day? It is extremely important to realize that security is not a single technology. A person cannot go and buy security. Security is a mindset; it is a combination of feeling safe, knowing data is secure, and being as sure as possible that the network will not go down at any moment. These are not tangible items they are emotions. Perfect security is a goal that few people pursue due to the fact that most security professionals realize there is no such creature. The concept of perfect security cannot exist for one simple reason: humans. As human beings, we are allowed the freedom to make decisions, both good and bad. Take the following analogy as an example: A single workstation computer. No network card. This workstation is in a sealed room with no windows, only a single overhead halogen light and a single ventilation duct. There is an armed guard who verifies the user upon entrance to the foyer of the sealed room. To get into the sealed room requires a fingerprint scan, a retinal scan, and voice recognition. Once inside, there is only one user in the world that is authorized and has access to this computer. To log in to the system, the user must log in using biometrics and a password. Can the owner of this business feel confident that this computer is secure? Since there is a human operator, the answer is no. The owner may feel somewhat comfortable in the security of the computer, but can never feel 100 percent sure. Security, therefore, is an emotion. Just as it may be hard to define why some people feel comfortable or uncomfortable leaving their window open at night while they sleep, it is hard to define when the administrator of a network can feel secure in the fact that the systems are not likely to be compromised.
These three goals work with each other. Let's examine these goals one at a time. Data Integrity
One of the three main goals of Network Security, Data Integrity, deals with the knowledge that data has not been modified. The processes in place related to Data Integrity are there to ensure that the data in the network has not been altered, either by accident or on purpose. Data Integrity is related to data accuracy, but they are not the same. In other words, if data is entered in a database incorrectly, it will stay incorrect. It is important to understand that it is possible to have Data Integrity without Data Accuracy, but it is not possible to have verifiable Data Accuracy without Data Integrity. Although Data Integrity is one of the issues that needs to be enforced throughout the network, it is also one of the most difficult to enforce. |
TIP:| It is important to understand that it is possible to have Data Integrity without Data Accuracy, but it is not possible to verify Data Accuracy without Data Integrity.| In the event that there is a breach of Data Integrity located in any portion of the network, even in a remote location, this breach may be the single event that leads to loss of Data Confidentiality or disruption of the connection between networks. Data Confidentiality
Second of the main goals of Network Security is Data Confidentiality. Most network administrators realize early on, even without thinking about it, that not all data on the network falls into the category of confidential data. There is...