No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution. If one security component fails to identify and protect the network, others still stand.
A home network security implementation is usually rather basic. It is generally implemented on the connecting host devices, as well as at the point of connection to the Internet, and can even rely on contracted services from the ISP.
In contrast the network security implementation for a corporate network usually consists of many components built into the network to monitor and filter traffic. Ideally, all components work together, which minimizes maintenance and improves security.
Network security components for a home or small office network should include, at a minimum:
- Antivirus and antispyware - to protect user devices from malicious software
- Firewall filtering - to block unauthorized access to the network. This may include a host-based firewall system that is implemented to prevent unauthorized access to the host device, or a basic filtering service on the home router to prevent unauthorized access from the outside world into the network.
In addition to the above, larger networks and corporate networks often have other security requirements:
- Dedicated firewall systems - to provide more advanced firewall capability that can filter large amounts of traffic with more granularity
- Access control lists (ACL) - to further filter access and traffic forwarding
- Intrusion prevention systems (IPS) - to identify fast-spreading threats, such as zero-day or zero-hour attacks
- Virtual private networks (VPN) - to provide secure access to remote workers
Network security requirements must take into account the network environment, as well as the various applications, and computing requirements. Both home environments and businesses must be able to secure their data, while still allowing for the quality of service that is expected of each technology. Additionally, the security solution implemented must be adaptable to the growing and changing trends of the network.
The study of network security threats and mitigation techniques starts with a clear understanding of the underlying switching and routing infrastructure used to organize network services.