Networking offers endless possibilities and opportunities, along with convenience. But this convenience and endless benefits are not free from risks. While ensuring network security, the concerns are to ensure that only legal or authorized users and programs gain access to information resources like databases. Also, certain control mechanisms are set up to ensure that properly authenticated users get access only to those resources that they are entitled to use. Under this type of security, mechanisms like authorization, authentication, encrypted smart cards, biometrics, and firewalls, etc. are implemented.
The problems encountered under network security can be summarized as follows:
To counter or reduce the security threads receiving under this category, many protection methods are used. These protection methods are being discussed briefly here.
Authorization: This determines whether the service provider has granted access to the Web services to the requestor. Basically, authorization confirms the service requestor is entitled to operate, which can range from invoking the Web service to executing a certain part of its functionality. Authorization is performed by asking the user can provide one he/she is considered as an authorized user.
Authentication: This ensures that each entity is involved in using a Web service. The requestor, the provider, and the broker (if there is one) is what it actually claims to be. Authentication involves accepting credentials from the entity and validating them against an authority.
Authentication is also termed as password protection as the authorized user is asked to provide a valid password, and if he/she can do this, he/she is considered to be an authentic user.
Encrypted Smart Cards: Passwords in a remote log-in session generally pass over the network in unencrypted form. Thus, any hacker (or cracker) can simply record it and use it to corrupt threats, newer approaches are suggested, such as encrypted smart cards. An encrypted smart card is a had-held smart card that can generate a token that a computer system can recognize. Every time a new and different token is generated, which even though cracked or hacked, cannot be used later.
Biometric Systems: These form the most secure level of authorization. The biometric systems involve some unique aspects of a person's body, such as finger-prints, retinal patterns, etc., to establish his/her identity.
Firewall: A system designed to prevent unauthorized access to or from a private network is call Firewall. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially the intranet. All messages entering or leaving the Internet pass through the firewall, which examines each message and blocks those which examine each message and blocks those that do not meet the specified security criteria.
There are several types of firewall techniques as given in this link: What is Firewall & firewall types?
Note: From a modern security perspective, I suggest you follow this method: "Something you are, Some things you have, Something you know."
Booting is a bootstrapping process that starts operating systems when the user turns on a computer. A Bootstrap Loader (BSL) is a small program but hard to code.Read More
Each computer on a TCP/IP based network (including the internet) has a unique, numeric address called an IP (Internet Protocol) address, enabling data packages to be addressed.Read More
Networking offers endless possibilities and opportunities, along with convenience. But this convenience and endless benefits are not free from risks.Read More