Issue link: https://cp.revolio.com/i/359333
THE DATA CENTER JOURNAL | 23 www.datacenterjournal.com PROTECTING A NETWORK In light of the threats, network opera- tors implement a variety of measures to protect their equipment and their custom- ers. Below are a few. Antivirus: Antivirus (AV) soware typically covers a spectrum of malware categories, and it's likely the most familiar network- protection-related term outside the industry. AV packages look for signatures of malware and thus must be updated regularly with new definitions; outdated soware is about as good as no soware. Common offerings may include other tools like firewalls and email scanning, and their capabilities may be geared toward individual users or organizations. Firewall: A firewall is oen the first line of defense against attacks from outside the network. It is "a device or soware that restricts network connections. Firewalls can limit incoming connections to certain servers and services, and they can also lim- it outbound connections to avoid certain servers and services," notes Berk. A firewall is "a fundamental security implement that is a must for any network operator," and it can be indispensable in repelling, for instance, DDoS attacks by botnets. "e botnet control soware running on the computer generally stays in constant contact with the attacker through a control channel. ese channels are generally very low volume, but are distinct in that they tend to use uncommon locations and ports to communicate. Botnets can be detected and disrupted by identifying these control channels in your network traffic." Virtual private network: e Internet provides a virtual world of connections to almost anywhere, but it's also open to snooping. Nevertheless, by using encryption, an organization can use that existing network architecture to build a "virtual private network" (VPN) that protects communication from prying eyes at a fraction of the cost of a traditional network project. e encrypted links be- tween VPN sites are oen called tunnels, as they "encapsulate" data packets using one or more protocols. VPNs also enable users to securely access a network remotely—for instance, in the case of a worker on the road who wishes to access a company network. Intrusion detection/prevention system. As the name indicates, an intrusion detection system (or intrusion preven- tion system—IDS or IPS) aims to prevent malicious network activity by monitoring, reporting and—when possible—stopping that activity. An IPS is more comprehen- sive than a firewall, in that it looks at be- yond the source, destination and protocol to the content of the communication in search of suspicious patterns. CAVEATS REGARDING NETWORK-SECURITY LANGUAGE e terms above are just a smattering of what you might hear in a room full of network-security professionals. An exhaus- tive list would require a small book—if not a large one, should the surrounding details of network architecture and design be included in the discussion of each term. Additionally, in more technical contexts, the subtle differences between similar terms may become important, even if they're otherwise inconsequential. Berk provides an astute warning, however, to those who may be interested in learning about network security (such as individuals or company managers researching how to implement a good security solution): beware fluff terms. "I think the risk is in terms that don't have any meaning," he said. "Many vendors will use a whole new vocabulary just to make it seem that their product is different or better." Berk recommends being "suspi- cious of any vendor that uses terms that are not commonly used by other security professionals." For network-security professionals, on the other hand, the danger is extensive use of the terms—even with deep technical understanding of them—without bringing them to the level of the layman. In busi- ness, the ability to translate technical terms to the "real world" of common experience is critical. "Properly defending yourself takes time, effort, and money. If you are unable to explain to your boss why you need money and time to do your job and keep the network safe, and services avail- able, then you are unlikely to get what you are asking for," said Berk. "Similarly, people higher up in your organization will hear or read terms and ask you if you know what the term is and ask what you are doing to address it. Being able to explain in layman's terms is very important." CONCLUSIONS As the details of threats and protec- tion measures in network security change, the jargon will change as well. A decade ago, for instance, very few people would have recognized the term malware; today, however, it's nearly common parlance. e average computer user can always do with a little understanding of the terms, since he or she will face the task of protecting connected devices from outside threats. Moving up to the organizational (net- work) level, understanding these terms becomes critical to understanding the threat to networks and the steps required to protect them. When in doubt regard- ing a term, however, ask. And if you don't get a satisfactory response, there's always Wikipedia. n Berk provides an astute warning, however, to those who may be interested in learning about network security (such as individuals or company managers researching how to implement a good security solution): beware fluff terms. "I think the risk is in terms that don't have any meaning," ..."Many vendors will use a whole new vocabulary just to make it seem that their product is different or better." Berk recommends being "suspicious of any vendor that uses terms that are not commonly used by other security professionals."