Network security involves not just the integrity of your own systems but the integrity of the systems you use to support your operations. Your customers will often seek to use unencrypted networks to send confidential information. Thus, you need to make sure you can protect that information as well. This article will cover the basics of network security, focusing on data security.
The rest of this chapter is a series of short essays that explain in detail how to implement real-life networks, explain how to secure user data, and focus on defensive measures that provide security across the entire infrastructure. For more information on the book and to buy it directly from Manning, check out http://www.manning.com.
How Do I Protect Data?
The first thing you need to do is learn how to secure data. Although we don’t go into all of the specifics in this section, it is critical to understand that network security is about defending your network, not about your company.
To create a secure network, you need to make sure that:
As soon as someone gets on the network, they are subject to intrusion detection and prevention systems (IDS/IPS) and user authentication.
You use cryptography to protect sensitive data from unauthorized viewing.
Whenever possible, you protect against passive attackers by locking down the network.
Your company complies with internal security standards and prevents any unauthorized access.
You use a strong password management system to keep users from using their passwords on other systems.
You are constantly monitoring your network to avoid information loss and increase your security.
Covered in this chapter:
Log in security: protect your users from phishing.
Encryption: encrypt user data so that only you can read it.
Encryption: encrypt user data so that only you can read it. PAM: policies based authentication: set authentication policies, manage user accounts, and protect sensitive information.
Privacy: protect user data.
Database security: avoid SQL injection attacks.
Database security: avoid SQL injection attacks. Authentication: authenticate users and session management.
Authentication: authenticate users and session management. User data security: secure user data.
User data security: secure user data. Secure access: implement encryption and policy enforcement.
How Do I Protect User Data?
This chapter will focus on the basic mechanisms used to prevent access to user data. First, however, we need to discuss the concepts behind user authentication. Then we will discuss the basics of database security and security architecture in general, as for example using a secure gateway to protect your data, from services like Fortinet which specialize in this area.
Login authentication: authentication for each user to the system
Security to User Databases: a theoretical perspective on storing user information and protecting it.
Personal Identification Number (PIN): ensures that only the user who needs to access the data has the PIN.
User-Controlled Data Validation: makes sure that users know the correct information in a user database.
Password management: store user passwords securely in order to prevent users from being able to access their user data.