Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment.
A network security system typically relies on layers of protection and consists of multiple components including networking monitoring and security software in addition to hardware and appliances. All components work together to increase the overall security of the computer network.
When developing a secure network, the following need to be considered :
An effective network security plan is developed with the understanding of security issues, potential attackers, needed level of security, and factors that
make a network vulnerable to attack.
Fear of security breaches on the Internet is causing organizations to use protected private networks or intranets.The Internet Engineering Task Force (IETF) has introduced security mechanisms at various layers of the Internet Protocol Suite. These security mechanisms allow for the logical protection of data units that are transferred across the network.
The security architecture of the internet protocol, known as IP Security, is a standardization of internet security. IP security, IPsec, covers the new generation of IP (IPv6) as well as the current version (IPv4). Although new techniques, such as IPsec, have been developed to overcome internet’s best‐known deficiencies, they seem to be insufficient.IPSec is a point‐to‐point protocol, one side encrypts, the other decrypts and both sides share key or keys. IPSec can be used in two modes, namely transport mode and tunnel modes.
The IPv4 architecture has an address that is 32 bits wide. This limits the maximum number of computers that can be connected to the internet. The 32 bit address provides for a maximum of two billions computers to be connected to the internet.The TCP/IP‐based networking of IPv4 requires that the user supplies some data in order to configure a network. Some of the information required is the IP address, routing gateway address, subnet mask, and DNS server. The simplicity of configuring thenetwork is not evident in the IPv4 protocol.
The lack of embedded security within the IPv4 protocol has led to the many attacks seen today. Mechanisms to secure IPv4 do exist, but there are no requirements for their use. IPsec is a specific mechanism used to secure the protocol. IPsec secures the packet payloads by means of cryptography. IPsec provides the services of confidentiality, integrity, and authentication. This form of protection does not account for the skilled hacker who may be able to break the encryption method and obtain the key.
When IPv6 was being developed, emphasis was placed on aspects of the IPv4 protocol that needed to be improved. The development efforts were placed in the following areas:
1. Routing and addressing
2. Multi‐protocol architecture
3. Security architecture
4. Traffic control
The IPv6 protocol’s address space was extended by supporting 128 bit addresses. With 128 bit addresses, the protocol can support up to 3.4 * (10)^38 machines. The address bits are used less efficiently in this protocol because it simplifies addressing configuration.
The security architecture of the IPv6 protocol is of great interest. IPsec is embedded within the IPv6 protocol. IPsec functionality is the same for IPv4 and IPv6. The only difference is that IPv6 can utilize the security mechanism along the entire route.From a high‐level view, the major benefits of IPv6 are its scalability and increased security.