Network Security

Computer networks are an essential aspect of modern telecommunications, linking together many computers to facilitate rapid communication and the convenient storage of large quantities of information. However, computer networks are also prone to attack from people who seek to gain unauthorized access to the network, sometimes for malicious or fraudulent purposes, other times as a sort of intellectual exercise or prank, and the sophistication of these attacks continues to increase. In order to prevent or limit the damages caused by such attacks, most networks use a multilayered approach to security, with multiple components working independently to prevent different types of attacks.

The first level of network security is allowing only authorized individuals who have authorized usernames to access the system and requiring them to use a password to confirm their identity. A password is a sequence of characters presumably known only by the user, and a number of rules may be used to increase password security, including requiring longer passwords that use a blend of letters, numbers, and symbols, to make it more difficult for unauthorized users to guess an authorized user's password. Higher levels of security may require information that specifically identifies a person (e.g., a retinal scan) or a personal possession (e.g., a mobile phone).

Most computer security systems also include a firewall or barrier between an internal network and other networks to prevent unauthorized data packets from entering the internal system. Intrusion detection and prevention systems may also be used to monitor activity within a network and identify suspicious patterns of activity. In addition, the use of security software to detect computer viruses and malware (i.e., “malicious software” intended to damage the network or gather information without the user's knowledge) are in common use to protect network security.

The Computer Security Institute (CSI), a private professional organization, and the San Francisco Federal Bureau of Investigation together conducted an annual survey of people working in computer security to determine trends in network security. Results from the survey in 2010–11, found that most respondents (60.4 percent) worked for an organization that had a formal security policy, while most of the rest said they had either an informal policy (14.5 percent) or were in the process of developing a formal policy (17.2 percent). The most common type of security breach reported was malware infection, with over two-thirds (67.1 percent) reporting at least one such incident. Other common types of security breaches reported included being fraudulently represented as a sender of phishing messages (an attempt to get personal information such as credit card information through fraudulent emails; 39 percent), internal attack by bots or zombies (software programs that perform automated tasks, which may include taking over a user's computer for purposes such as sending spam; 29 percent), and denial of service attacks (17 percent). Almost half (45.6 percent) of those reporting a security incident said they had been the victim of at least one targeted attack, but reports of financial fraud incidents were relatively rare (8.7 percent).

—Sarah E. Boslaugh, PhD, MPH