Information Security is a big concern today for CISOs and administrators everywhere. The information in question could be the company’s own information, or it could be that pertaining to its customers. In either case, protecting the information, preventing it from falling into the wrong hands, preventing the unauthorized access to and movement of the information- all of these are the prime concerns of CISOs.
Information is worthless unless shared with authorized users, and the sharing is always done over a network- which could be a private or campus network, or it could be the Internet. Keeping information secure while it is under transmission over the network is the concern of network security.
Need for Network Security
All enterprises make extensive use of networks to transfer information between their users, and also to their customers. The information transfers are mostly done over the internal network where the data is exchanged between computers inside a campus or any local network. However, for sending and receiving data between computers in different locations, the transmission is done over the Internet. The catch here is that transmission over the Internet is prone to security breaches, due to various vulnerabilities in the network. Hence it is imperative to protect the data during this kind of transmission.
Understanding Network Security
When we talk about network security, it is important to understand the actual services that we are seeking to avail.
Network Security Services:
- Authentication: To prove that the data has indeed been sent by the person from whom we are expecting it.
- Confidentiality: To make sure that only the intended recipient can see the data.
- Integrity: To ensure that the data has not been tampered with or corrupted, en-route to the receiver.
- Access control: Ensuring that only the intended audience can receive and make sense of the data.
- Non-repudiation: Ensuring that the sender does not deny sending the data.
Data encryption, which is part of a wider filed known as cryptography, is the ideal means to provide all of the above services. So let us try to understand what it means.
The word ‘cryptography’ literally means ‘secret writing’. Cryptography refers to the art and science of hiding information. It provides secrecy to the meaning of information, by replacing plain text with coded information that conveys no meaning to anyone who comes across it, except without decoding it first.
Using Cryptography to Secure Networks
In an earlier section, we mentioned some security services that we expect from the field of Network Security, viz., authentication, confidentiality, integrity, access control and non-repudiation. Let us look at how cryptography helps with each of these services.
Authentication: By use of the Public and Private Key infrastructure, the sender can digitally sign their documents, so that the receiver can be sure that the document has originated from the right sender.
Confidentiality: Once encrypted, the data cannot be interpreted by anyone except the authorized recipient.
Integrity: Using the same Key mechanism, a hash or MD checksum of the information is attached to it, which can be used to verify the integrity of the information received.
Access Control: Again, since the receiver is in possession of their private key, they have access to the encrypted information that has been sent to them.
Non-repudiation: Since the sender digitally signs the data, and the signature cannot be duplicated by anyone else other than the genuine sender. There is an in-built non-repudiation mechanism which provides no wriggle-room to a sender.
In today’s scenario of heightened information security concerns, transmitting data over a network is never safe unless the data is properly secured. Encryption is the only means to achieve this security, and thankfully the field of cryptography is now sufficiently advanced to ensure fool-proof mechanisms to secure the data over the network. Information security personnel need to be well aware of these techniques and must make meticulous use of them, to secure their users’ data.