What are the advantages of network security?

The major advantage of having network security in place is that you keep all your things such as personal information, data and other files safe against people who are looking to steal these or destroy them (and it may not be somebody who is directly against you, but just people who are looking for networks where security is weak and they can get in). Or these may be unauthorized people who want to misuse this information. Unauthorized users may be from the same network or some other network. We have listed the advantages of having strong network security below as well as having proper security protocols:
- It provides protection to the client’s personal data on the network.
- It provides protection to information that is exchanged between hosts during transmission, from eavesdroppers.
- It provides protection to computer systems which can be otherwise rendered useless if attacked with a malicious virus or a trojan that keeps on passing out information.
- Prevents any attempts of doing harm to your system by spyware and malware attacks or hacking.
- Takes care of the access rights assigned to the users at different levels in a network such as in accounting systems.
- It is because of network security that private networks actually exist even if their information is passed over public networks.
- It helps in closing private networks and protecting them against intruders and other attacks.

Data in a private network is also not safe since it can be altered and hampered by people in the same network who may be doing so for many different reasons. The possibilities of attacks vary proportionally with the size of the network. Nowadays various organizations offer anti-virus software free of cost to people who are accessing this network. This has helped a big deal in reducing the threats of attacks.
As a large number of the users suffer from danger of viruses or other attacks, it also increases the danger for the organizations whose websites these users access on a regular basis. Thus the organizations distribute free anti-virus to keep this danger at bay to some extent. Network security is important as it provides protection against malicious viruses, spyware, worms and Trojans. It also guards the system against its potential vulnerabilities. Network security policy means a systematic process for the enforcement of protection policies for data, applications, hosts etc. and it provides guidance as to how the digital identities should be maintained. The security infrastructure may vary from one host to another and from one network to another. With network security the network administrator gets a centralized control for all of them when they are based in one virtual organization.
There are a number of issues that must be addressed by network security in terms of keeping viruses and other such attacks at bay. For preventing the virus from infecting your system or network, these security measures must automatically keep its data base updated on all the user machines. Another measure that can be taken is to install scanners on every machine and device accessing the network include newer devices like tablets. These scanners work well for keeping out e-mails infected with Trojans, worms and viruses.
At the same time, it is also important that users have education about the need for network security and what not to do. Without appropriate knowledge you won’t know as to what security options should be selected for enforcement. You might land up with a security policy that barely protects your system. For example, if you receive an email whose source you don’t know or you don’t trust just don’t open it. Possibilities are that it might contain some malicious file which if downloaded can eat up your data.
It is true that anti-virus software are effective in guarding against the viruses but these are developed only after the virus has been developed. Anti-viruses lag behind from viruses. Antiviruses are available only for the viruses that exist and not for those that have been newly created and hence user awareness and security safeguards are very important.

Security - What are some of the different ranges of wireless security measures?

When you get to be serious about wireless security, there are several mechanisms / measures that you can take, here are some details of the problem and solutions:
First – generation wireless networking has made it hard to decide whether or not you should deploy a wireless local area network (WLAN) even though there are many shortcomings such as rampant threats, vulnerabilities of the protocol and so on. Sometimes you might feel like banning the WLAN neglecting its advantages in business due to a fear of rogue AP (access points) cropping up. In either of the cases it’s a no- win situation. However, over a period of time, wireless protocols have been revised with some improvements that have made them more secure. Given the various threats (some of which can be innovative), wireless security has to be taken seriously like other types of network threats.
A WLAN security suite should be installed for providing security. The Wireless security can be more enhanced if we have a proper knowledge about how to correctly integrate wireless devices with wired networks, upgrading the existing security tools and after a due selection of the appropriate security technologies. We should be sure that security solutions for virtual private networks are based on the present generation of the encryption and authentication protocols. Because threats can come in new and improved methods, on a continuous basis, you need to keep monitoring the health of your network for keeping it secure. Attackers are always waiting for seeing an unprotected WLAN and then invading and turning it.
It is quite easy to record wireless traffic and eventually break in, getting such valuable info such as proprietary information, login details, server addresses and so on (nowadays, stealing credit card details seems to have become a business for the attackers). In addition to stealing information, the attackers can also take control of networks and use them for transmitting spams, steal bandwidth, or use this network as a Launchpad for attacking other networks. The traffic can be recorded and modified, and the consequences can be legal or financial.
A business can be disrupted even by an attacker with low technology skills with packaged scripts that make it easy to attack networks and hunt for weak points (for example, a known security hole has not be fixed and the script uses that hole to get inside and eventually gain access). The attacker can flood your internet uplinks, wired networks and access points with wireless packets. You should known from what you are defending your systems and why protecting different possible points of entry. If you don’t know this, then you don't really have a chance, at sometime or the other, you will have your network without protection, and all the security measures are in vain.
The identification of assets and the impact of the loss is critical for security analysis. If you are using connection methods such as DSL, dial up or wireless, the access requirements should be defined by your security policy. If your system follows a remote access policy for the telecommuters, it should be expanded to incorporate wireless. If there is no such policy, one should be created. The scenarios unique to the wireless network must be included. The rules of wireless network are different for the employees and office visitors. The public areas have jacks that are typically associated with some known addresses and are sometimes disabled. But the PDAs and the laptops can be easily connected to the wireless stations and access points in the nearby location. This serves as both opportunity and a threat.
For guests the peer-to-peer networking should be prohibited and sessions should be permitted through certain access points with limited bandwidth and duration. After the identification of the assets, enumeration of the risks should be done. The last step is the quantifying of the risks. In security it is always important to weigh the risk against the cost. Once you have got this right, the other WLAN alternatives can be considered. Before setting up the access points, you should take a survey of the WLAN using a discovery tool. Some set up wizards have made it possible for the employees to deploy rogue access points through which the corporate’s info and assets can be exposed to the outside world. It can also introduce disturbance in to the WLAN. These rogue apps must be eliminated. With such surveys, you can also find workstations that are not authorized to access the internet. 

Security - What is meant by buffer overflow?

You might have heard of some hacks happening from time to time that are caused due to buffer overflow. Buffer overflow is also known as buffer overrun in computer security and programming terminology. It can be considered as an anomaly where the boundary of the buffer is overrun by the program while writing the data to it. When this happens, the adjacent memory is written by the program. Buffer overrun is a special case in which the memory safety rules are violated. Some inputs have been designed for executing the code or changing the way the program works. These inputs can trigger the buffer overflows. This can cause the program to behave in an erratic manner such as causing memory access errors, giving incorrect outputs, causing crash, breaches in the security system. Therefore these are considered to be a source of a number of software vulnerabilities which can be exploited very badly. C and C++ are the most common programming languages that suffer from buffer overflow problems. This is so because these languages do not come with in– built protection against overwriting of data or accessing it in some other part of memory.
These languages don’t have an automatic check on the data that is written in to some array which is more like the in – built type of buffer which lies within the array boundaries. Buffer overflows can be prevented by implementing the bound checks. When the data is written to the buffer, it may also corrupt the data stored in the adjacent memory address destinations because of lack of insufficient checking of boundaries. This can cause a buffer overflow. It may also occur while data is being copied from one buffer to another one without checking whether the data will fit in to it or not. Techniques are available for exploiting the buffer overflow vulnerability. These techniques are different for different architectures, memory region and operating systems. For example, there is a lot of difference between the exploitation on call stack and the exploitation on heap. The below mentioned protective counter measures can be taken:
- Choice of programming language: The language being used does have a profound impact on the buffer overflow occurrence. As mentioned above C and C++ have no built – in protection against this problem but their libraries do provide a number of ways for safe buffering of data and techniques to avoid them. There are languages that provide runtime checking as well as compile time checking, which checks for the possibilities when the program might overwrite the data. Examples are Eiffel, Ada, and Smalltalk etc.
- Use of safe libraries: It is necessary to avoid buffer overflows in order to maintain the degree of correctness of the code. Therefore, standard library functions that are not bound checked should be avoided. There are certain abstract data type libraries that are well tested and centralized enough for performing the buffer management automatically.
- Buffer overflow protection: This mechanism checks for the alteration of the stack when the function returns. If some modification has been made, the program makes an exit with a segmentation fault. Examples of such systems are the stackguard, libsafe, propolice and so on.
- Pointer protection: Buffer overflow involves manipulation of the pointers along with their stored addresses. A compiler extension called the point guard was developed for preventing the attackers from manipulating the pointers and the addresses stored in them reliably. However this extension was not released commercially. A similar version of it was implemented in the Microsoft window’s OS.
- Executable space protection: This method prevents the code execution on heap or stack as an approach to buffer overflow protection. The buffer overflows can be used by the attackers for insert random code in to the program memory. When the executable space protection is in place, the execution of the program will be halted by an exception.