Information and Communication Technology

Network Security

How to secure data stored on a network

One of the benefits of using a network is the ability to share data between different users in different locations.

One of the problems with using a network is the ability to share data between different users in different locations.

Being able to access and move data over a network can make that data vulnerable to theft and malicious damage. This page looks at some ways in which a network may be secured in order to prevent this.

User level network security

Enforcing network security with user names and passwords

The first level of network security for many ICT users is the log in process. This requires the input of a User Name and a Password.

User names are not usually regarded as being a security feature. Many people use their own name or a variation of it. e.g. John, John36.

Users on a company or school network will often have their user names allocated to them by the network manager and will have no choice in the matter.

Passwords are security features. They may be set up by the network manager but users will normally be able to change them, and may even be required to do so at regular intervals. A password should be easy for the user to remember, but hard for anyone else to guess.

Passwords are rated by their strength. This is a measure of how long it would take for someone to find the password by a Brute Strength Attack. i.e. trying all possible combinations of letters, numbers, etc. until they find the password.

Password strength may be increased by:

Why not try out some of your passwords to see how strong they are

You do have more than one dont' you?

File and data security

Access levels and passwords

Individual files and data stores may be given their own passwords. Only users who know the password will be able to read the contents of the file or data store.

These passwords may be rated as strong or weak in the same way as user passwords. In general they are less secure than user passwords as more people know them and they need to be simple enough that all those people can remember them.

Individual files and data stores may also be protected by access levels. These are set by the network manager and therefore do not need passwords. Users who do not have the correct access level will be unable to read the contents of the file or data store. Access levels are more versatile than file passwords as they can allow more options. e.g. some users may be allowed to change a file while others can only read the contents and a third group are not allowed to open it at all.

File passwords are often combined with encryption, where the file contents are scrambled by using an encryption key and the password acts as the decryption key, allowing the file contents to be read.

System security

Stopping hackers

If a network has an Internet or a W-iFi connection, it is vulnerable to unauthorised access from outside. This is often known as hacking, although the term covers many other activities as well.

To help prevent access from the Internet, a network manager may install a firewall.

A firewall is a piece of hardware or software which looks at each piece of information that tries to enter or leave the network. The firewall has a set of rules that say where traffic is allowed to come from and go to.

To help prevent access via a Wi-Fi connection, a network manager may activate software which encrypts the radio signal. There are two common encryption methods, WEP, and WPA / WPA2.

WEP, Wired Equivalent Privacy, is the oldest method and is now regarded as being a weak security method although it is still in widespread use.

WPA / WPA2, Wi-Fi Protected Access, was released in 2003 / 4 to address some of the security concerns about WEP. It uses a much stronger encryption key and other improvements.

Preventing data loss

and getting it back again

No matter how good your network security is, you can still end up with lost or damaged data. It doesn't have to be due to malicious activity, accidents happen, people make mistakes, hardware fails, software crashes. Any of these things can damage or destroy data.

The topics of backup and recovery for general data are dealt with in detail in the Managing security for data and personal information page.

The information there applies to all types of data.

For the specific topic of preventing data loss / damage in databases, you need to know about transaction logs.

Because databases are designed to allow the stored data to be changed frequently, the traditional methods of backup would only preserve the state of the database when the last backup was made. any changes between then and when the database is damaged would be lost.

A database transaction log keeps a record of each change that is made to the database and, in the event of a problem, it can be used to repeat those changes. This means that a normal, periodic backup system can be used. The transaction log will allow any changes made between the backup and the damage to be re-applied to the backup, so the database can be recovered to how it was just before it was damaged.

It is of course essential to keep the transaction log secure and it should, if possible, not be held on the same computer as the database.

Contact Privacy Forum ICT index Learning Objectives Home
Home Learning Objectives ICT index Donate Privacy Contact