What is Network Security?
Using both hardware and software, network security protects the usability and data integrity of your network across all physical and virtual elements of the core network. To be effective, network security manages access to the network for users, devices, and data. It detects, deterministically analyzes, and then mitigates or prevents threats from gaining access to, or spreading on, your network.
Companies use network security to:
- Protect corporate data
- Control network access and availability
- Prevent intrusions
- Respond to and correct incidents
- Protect hardware (routers, switches, firewalls), software, and intellectual property
- Protect data centers and cloud computing
Network Security and Data
Network security is based on these data elements:
- Data access– Data access is controlled by a system that authenticates, authorizes, and accounts (AAA) users for their: identification (usually through a PIN or login), grants authorization and permission based on users’ function, and logs data changes and records users’ network activities.
- Data availability–Data is available to users when it is needed (available on demand); only authorized users can access and use the data.
- Data confidentiality–Data cannot be leaked to or accessed by unauthorized users for their use; data encryption protects data transmission and prevents illegal access by third parties.
- Data integrity–Data cannot be changed without authorization; it is the assurance that information can only be accessed and modified by those users authorized to do so.
Network Security and Protection
The old network security model of securing the perimeter of a network by merely implementing firewalls is no longer enough. Most threats and attacks originate from the Internet (making interfaces to the Internet the most critical to secure), while other common sources of threats are compromised users’ devices, and roaming peers. Additionally, network complexities and communications undermine security between internal and external environments. Networks are vulnerable to both active and passive attacks, as well as from inside-out and inside-in attacks. Active attacks, such as denial-of-service (DoS) attacks, IP address spoofing (or masquerade attacks), and malware created to target both physical and virtual machines (VMs), are the most complex security threats to manage because they target the control plane (the part of a network that carries signaling traffic and is responsible for routing) of network elements.
The future of network security requires a change in mindset:
Security must be ingrained everywhere – in the protocols, the systems, the elements, the provisioning, and in the business surrounding the network. To better combat and contain security threats in the network, service providers are moving toward a more distributed architecture, with detection and enforcement enabled everywhere. As the threat environment morphs and accelerates, you can have automated and centralized security polices with decentralized enforcement on switches and routers driven by dynamic and real-time security updates. Using software defined controls, you can detect threats and enforce security policies with a high level of automated security, unified threat detection, and real-time protection.
Today, those in charge of network security have to assume zero trust among network elements, and service providers want to operate their network as a single-enforced domain where every element – not just those at the perimeter – becomes a policy enforcement point.
Juniper Connected Security
Safeguard Users, Applications and Infrastructure with Juniper Connected Security.
Juniper Connected Security provides you with the ability to automate security coverage from endpoint to edge and every cloud in-between. Juniper provides the window to see who and what is on your network and enforce across all connection points. To help safeguard your existing security investment, we are open so that you can build on security solutions and infrastructure you already have in place. To ensure consistent security policies across your multi-cloud we offer fast and elastic protection.
To protect the growing digital universe, service providers must devise and follow a thorough, multi-layered, and defense-in-depth approach to security by considering all information traversing the network and in the cloud, and not just threats solely identified at the perimeter and edge.