Network Analysis, Architecture and Design, Second Edition (The Morgan Kaufmann Series in Networking)

9.3 Background

Network security is defined here as the protection of networks and their services from unauthorized access, modification, destruction, or disclosure. It provides assurance that the network performs its critical functions correctly and that there are no harmful side effects. Network privacy is a subset of network security, focusing on protection of networks and their services from unauthorized access or disclosure. This includes all user, application, device, and network data. Whenever the term network security is used in this book, it includes all aspects of network privacy as well.

There are three classic security considerations: protecting (1) the integrity, (2) the confidentiality, and (3) the availability of network and system resources and data. These considerations are discussed throughout this chapter and are integral to the security architecture.

Effective security and privacy is the combination of understanding what security means to each of the components of the system—users, applications, devices, and networks—together with the planning and implementation of security policies and mechanisms.

Security in the network needs to protect network resources from being disabled, stolen, modified, or damaged. This includes protecting devices, servers, users, and system data, as well as the users' and organization's privacy and image.

Attacks against the system range from seemingly innocuous unauthorized probing and use of resources, to keeping authorized users from accessing resources (denial of service), to modifying, stealing, or destroying resources.

This chapter covers how security and privacy may be determined and brought into the network architecture and design. This is an area of great interest and rapid expansion and change in the networking community, so we will present concepts and mechanisms that should be valid across a wide range of security requirements. We will discuss elements of security administration and various security and privacy mechanisms, consider how to develop a security plan, examine requirements for security, define security policies, perform risk analysis for the architecture and design, and develop a security and privacy plan. We will then discuss the security and privacy architecture.

Категории