The modern network is a complex mesh of different components with one purpose: to make resources available to legitimate users. Unfortunately, over the last decade, access to networks by unauthorized users has grown at an exponential rate. We develop and deploy equipment and applications so quickly to meet the demands of the computer consumer (both business and home consumers alike) that we do not have the time to properly test and secure these components. The result is that our networks are at risk.

The risk is not just from a professional hacker. (Hacker is a name commonly given to someone who gains unauthorized access to a network.) Enough Web sites, tools, and chat rooms are available to make even a curious home user a devastating threat to a corporate network.

A Brief History

We’ve often found in teaching, as well as in consulting, that it helps to have an understanding of where a need or concept comes from. The history of networking security stems from information security, which dates back thousands of years. We can even look to Caesar and the great Roman army. Even then, knowledge was power and protecting that knowledge was crucial to the business of Rome. Caesar employed a basic form of encryption to protect his messages sent to and from the battlefield.

This desire and need to protect information continues, but the methods by which data is protected have changed. In the early days of computing, little changed to affect the methods by which information was protected. This is primarily because early computers did not really store data; they processed it. The data was printed to paper for analysis and review rather than being stored on the computers.

The paper is what was protected because it held the important information. We set up security that reflected the method of storage and transfer of the data: We locked it in filing cabinets, put it behind locked office doors, and locked it inside our desks to protect sensitive information. When the data was needed outside a protected area, we would attempt to protect it in transit with guards and locked briefcases.

The true shift in protecting information came when computers began to be used to store data. We no longer had the worries of tracking and protecting paper; it was all neatly stored on magnetic media. Mainframes made security easy. Typically, they were used only by the largest of companies, universities, and governments and were housed in protected, climate-controlled areas. Additionally, you had to be at a terminal directly connected to the mainframe to gain access to the data stored on it, and you had to have a considerable amount of knowledge to be able to use a mainframe. Because these large computers were typically set up this way, breaking into them was difficult.

Personal computers (PCs), and later the Internet, revolutionized the way we produce, store, evaluate, and use information. Now you can store as much data on a home computer as a public library holds in all its books and periodicals. In the early days of the PC revolution, users typically helped each other out. People freely exchanged ideas and information, debugged each other’s programs in an effort to understand systems better, and even hacked on the keyboard to try to break the system and then rewrote programs to try to make them better. The thought of somebody stealing data did not occur to users because it was freely shared. This attitude prevailed for much of the 1980s and early 1990s.

As businesses adopted the use of computers, more and more proprietary data was stored on them. Information is still the single most important resource. Now, instead of managing business networks of 10–25 computers, we have networks of thousands and thousands of computers. Throw the Internet into the mix and the sheer number of systems becomes staggering. Businesses now store vital data on computers, and this information needs to be protected. Examples of common business information you might want to protect are as follows:

Personnel data— Such as home phone numbers, Social Security numbers (for our readers in the United States), salary information, and employee review data

Business plans— Such as merger information, reorganization, division sell-offs, and stock buy-backs

Proprietary information— Data concerning business products such as chemical formulas, recipes, designs, and research data

Information that gives you a business advantage— Such as partnerships, business processes, and business methodologies

You have a job to do. You need to be able to share only the right information with the right individuals or companies when they need it. Whether that information is stored on a local computer or transmitted across the Internet, you need to be sure your data is secure, unaltered, and delivered to the intended recipient on demand. After all, a network is there to be used.

Submit: