1
Security overview
Network security threats are happened or potential threats to data confidentiality, data integrity, data
availability or authorized usage of some resource in a network system. Network security services
provide solutions to solve or reduce those threats to different extents.
Network security threats
• Information disclosure—Information is leaked to an unauthorized person or entity.
• Data integrity damage—Data integrity is damaged by unauthorized modification or malicious
destruction.
• Denial of service—Makes information or other network resources unavailable to their intended
users.
• Unauthorized usage—Resources are used by unauthorized persons or in unauthorized ways.
Network security services
One security service is implemented by one or more network security technologies. One technology
can implement multiple services. A safe network needs the following services:
• Identity authentication—Identifies users and determines if a user is valid. Typical ways
include AAA-based username plus password authentication, and PKI digital certificate-based
authentication.
• Access security—Controls behaviors in which a user accesses network resources based on
the identity authentication result to prevent unauthorized access and usage of the network
resources. Major access security protocols include 802.1X, MAC authentication, and portal
authentication, which work together with AAA to implement user identity authentication.
• Data security—Encrypts and decrypts data during data transmission and storage. Typical
encryption mechanisms include symmetric encryption and asymmetric encryption, and their
common applications are IPsec, SSL, and SSH. IPsec secures IP communications. SSL and
SSH protects data transfer based on TCP.
• Firewall—A highly effective network security model to block unauthorized Internet access to a
protected network. Major firewall implementations are ACL-based packet filter and ASPF.
• Attack detection and protection—Identifies attacks by inspecting network traffic behaviors or
application layer protocol packet contents. According to the inspection result, it takes measures
to deal with the attacks or would-be attacks at the data link layer, network layer, or application
layer. Measures include TCP attack protection, ARP attack protection, and IP source guard.
Network security technologies
Identity authentication
AAA
AAA provides a uniform framework for implementing network access management. It provides the
following security functions:
• Authentication—Identifies network users and determines whether the user is valid.
To Next Page
Loading...
Need help?
General
