The Internet is available to anyone with a network connection and an Internet Service Provider (ISP) account. In fact, it was designed to be an open network[1] and therefore has little built-in capacity for securing information. From a security standpoint, the Internet is inherently insecure; the challenge is to protect sensitive data while allowing authorized personnel to use it.
Securing Resources
In computer networking, security can be defined as a continuing process in which an administrator ensures that information is shared only between authorized users. The process of planning and implementing security in your business requires that you understand the resources you are protecting, as shown in the diagram below.
Types of Security Resources
Local Resources: Protect your employee workstations by enabling password-protected screen savers to prevent snooping. Require that each employee use a virus checker and observe caution when downloading anything from the Internet.
Network Resources: Your networks and its resources are the primary communications medium for the entire company. If a hacker gains access to or control of your networks, he or she has access to all or most company data.
Database and Information Resources: A major asset of any company is the information it organizes and disseminates. A hacker's ultimate goal is to discover this information, as well as tamper with the networks and methods that help to create and communicate the information.
Server Resources: Your World Wide Web, email, and FTP servers are vulnerable to several types of intrusions. Typically, servers provide storage for the network infrastructure, and act as the hub. They also control overall system security. Hackers try to gain access to server resources, because they can then access and then control other resources.
What is Security?
A generic definition of security is "freedom from risk or danger; safety". This definition is perhaps a little misleading when it comes to computer and networking security, as it implies a degree of protection that is inherently impossible in the modern connectivity-oriented computing environment. This is why the same dictionary provides another definition specific to computer science: "The level to which a program or device is safe from unauthorized use." Implicit in this definition is the caveat that the objectives of 1) security and 2) accessibility which are the two top priorities on the minds of many network administrators are, by their very natures, diametrically opposed. The more accessible your data is, the less secure it is. Likewise, the more tightly you secure it, the more you impede accessibility. Any security plan is an attempt to strike the proper balance between the two [1) security and 2) accessibility].As in any other specialty field, security professionals speak a language all their own and understanding the concepts requires that you learn the jargon. At the end of this section, you will find a list of some common terms that you are likely to encounter in the IT security field.
do not have a written network security policy, and
do not know whether they had been attacked or not.
Effects of Security Policy
You always need to consider the effect that your security policy will have on legitimate users. In most cases, if the effort required by your users to use the system is greater than the resulting increase in security, your policy will actually reduce your company's effective level of security.
[1]Open network: A group of servers and computers, such as the Internet, which allows free access.
[2]Firewall: A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.