Network security is an integral part of computer networking. As new technologies and trends emerge, so too must the protections that organizations use. Network security requirements must take into account the BYOD environment, the collaboration applications, video requirements, and cloud computing needs. It must be able to secure the corporate data, while still allowing for the quality of service that is expected of each technology.
Securing a network involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Many external network security threats today are spread over the Internet. The most common external threats to networks include:
- Viruses, worms, and Trojan horses - Malicious software and arbitrary code running on a user device
- Spyware and adware - Software installed on a user device that secretly collects information about the user
- Zero-day attacks, also called zero-hour attacks - An attack that occurs on the first day that a vulnerability becomes known
- Hacker attacks - An attack by a knowledgeable person to user devices or network resources
- Denial of service attacks - Attacks designed to slow or crash applications and processes on a network device
- Data interception and theft - An attack to capture private information from an organization’s network
- Identity theft - An attack to steal the login credentials of a user in order to access private data
It is equally important to consider internal threats. There have been many studies that show that the most common data breaches happen because of employees. This can be attributed to lost or stolen devices, accidental misuse by employees, and even malicious insiders. With the evolving BYOD strategies, corporate data is much more vulnerable. Therefore, when developing a security policy, it is important to address both external and internal security threats.