Security Technologies

Knowing and understanding the different security solutions available on the market is as important as knowing the different threats. This section provides a basic understanding of most popular security solutions:

Firewalls

Firewall is a hardware or software device that controls and protects a whole network or a simple computer from intentional hostile intrusion. When connected to the internet, firewall is undeniably one of the first security devices to acquire. There are different types of firewalls performing different kinds of traffic inspection. However, categories are not clearly defined, which can be a bit confusing when not prepared. For instance, CISCO classifies firewalls in term of technology use --Personal firewalls, Packet filters, Network Address Translation (NAT) firewalls, Circuit-level firewalls, Proxy firewalls, Stateful firewalls, Transparent firewalls, Virtual firewalls(Firewalls fundamentals)--, when some others divide them in two main categories packet filtering firewalls and Proxy firewalls. Another common and practical way to classify firewall technologies is to use the OSI model as a reference, which lead to three different options:
Network Layer Firewall (or Stateless Packet Filtering), which perform basic packet inspection based on the source/destination IP address and ports on individual packets. This type of firewall is known as the first generation of firewall and is generally implemented in most of the routers.
Session Layer Firewall (or Circuit-level firewalls), which goes a bit further by keeping track of the session and allows for a stateful inspection of packets.
Application Layer Firewall (or Proxy firewalls), which contains the highest level of intelligence by analyzing the contents of packets.

Intrusion Detection Systems (IDS)

Whereas firewall systems can only inspect traffic based on their rulesets, intrusion detection systems try to detect and analyse suspicious events, and report attempts promptly to the administrator to investigate the source of an attack. (Pohlmann and Crothers 2005) This active defence mechanism tries to detect an attack in progress to stop it as swiftly as possible and has also a strong effect against internal attacks.

Intrusion Prevention Systems (IPS)

As IDS, Intrusion Prevention Systems are able to detect an attack in progress, however rather than systematically alerting the administrator, this technology can react, in real-time to malicious or unwanted behaviour.

Antivirus/Anti-malware

An antivirus/anti-malware is a software used to scan traffic in order to identify, neutralize or eliminate potential viruses and malicious software (worms, Trojan horses…). This application is the first to acquire and install when connected to the internet. In addition to implementing them on each computer in the network, it is also common to use an antivirus/anti-malware gateway installed at the entrance to the network as a first line of defense. However, such a security mechanism is efficient only for known threats and therefore requires regular patches and updates. Anti-spam and anti-spyware: Anti-spam and anti-spyware are softwares that attempts to prevent undesirable mails and remove spyware. Most often locally deployed (for small network), regular scans can be performed centrally on protective gateways in the same way as antivirus scans.

Virtual Private Network (VPN)

Remote access is becoming a common practice to facilitate and optimize productivity of companies. Virtual Private Networks (VPN) technology is a secure method that permits to connect two distant sites together or connect a remote user to the private network of his company. VPN allows for confidentiality by creating a tunnel of encrypted data between two points.

High Availability

High Availability is a service general concept to describe the ability to maintain a system “uptime” and thus ensure the continuity of a service during a given period of time. HA attempts to reduce or eliminate the downtime of a critical service in order to recover more quickly. There are many ways to achieve High Availability (HA), notably by implementing the Seven R’s principles of HA: Redundancy, Reputation, Reliability, Repairability, Recoverability, Responsiveness, and Robustness. (Schiesser 2002)

Back-up

A Back-up system ensures that the important information is copied in a safe location. “The more important the information is, the more copies of it must be available.”(Nijnik 2007)