Introduction
Safeguarding information is challenging when records are created and stored on computers. We live in a world where computers are globally linked and accessible, making information especially vulnerable to theft, manipulation and destruction. Security breaches hence become inevitable. Crucial decisions and defensive action must be taken in order to safeguard information. In this article we will cover the basic tenets of network security and why it is so important for us.

Why is it necessary?
Security means to protect information. It deals with the detection and prevention of unauthorized action by users of a computer. Lately it has been extended to include privacy, confidentiality and integrity.

Most companies use electronic information extensively to support their daily business processes. If this electronic information were to become available to competitors or to become corrupt, false or disappear, the firm may face unimaginable damage to its reputation and may even cease to function.

There are certain ground rules for setting up security:

1. Security and complexity are often inversely proportional. Every step taken whether it's vulnerability and risk assessment, security policy and procedure development, deployment of mechanisms or user education, should be as simple as possible.
2. A false sense of security may be your undoing. Knowing where your enterprise is still insecure provides you with the framework for moving ahead. It's critical to know where you've left gaps, what documents and procedures have loopholes and what mechanism need to be replaced.
3. It is best to concentrate on recognized security threats. There are imagined threats, real threats and probable threats. And there are known and unknown threats. We are most interested in real and probable threats, while we continue to expand the set of known threats.
4. Security is an investment, not an expense. The challenge is to get this point across to the top management. Investing in computer and network security measures that meet changing business requirements and risks makes it possible to satisfy changing business requirements without hurting the business' viability.

Tools for network security
A common myth is that a firewall addresses all security requirements. Nothing can be far from the truth. Security goes much beyond firewalls and one should have multi-layer defense in terms of deployed tools and techniques, and proven set of policies and procedures to secure the network. There are various technologies, tools and techniques to aid the network and computers. This section deals with some of those technologies and outlining the features of these technologies.

Firewalls
A firewall is a safeguard that one can use to control access between a trusted network and a less trusted one. A firewall is not a single component; it is a strategy for protecting an organization's Internet-reachable resources. A firewall serves as the gatekeeper between the untrustworthy Internet and the more trustworthy internal networks.

Firewalls can

1. Block unwanted traffic.
2. Direct incoming traffic to more trustworthy internal systems.
3. Hide vulnerable systems that cannot easily be secured from the Internet.
4. Log traffic to and from the private network.
5. Hide information such as system names and network topology, network device types, and internal user IDs from the Internet.
6. Provide more robust authentication than standard applications might be able to do.

Intrusion detection tools
Intrusion detection is the process of detecting unauthorized use or attack on a computer or network. Intrusion Detection Systems (IDSs) are software or hardware systems that detect such misuse. IDSs can detect attempts to compromise the confidentiality, integrity, and availability of a computer or network. The measures are necessary as attacks can come from hackers on the Internet and insiders who sometimes misuse the privileges.

Virus detection
Anti-virus tools perform three basic functions. Tools may be used to detect, identify, or remove viruses. Detection tools perform proactive detection, active detection, or reactive detection. That is, they detect a virus before it executes, during execution, or after execution.

Secure access through encryption
People like confidentiality and privacy, however attackers can steal information that is sensitive to a person or organization. Networks and data communication channels are often insecure. An effective tool for protecting messages against threats inherent in data communications is cryptography.

Cryptography is the science of mapping readable text, called plaintext, into an unreadable format, called ciphertext, and vice versa. The mapping process is a sequence of mathematical computations. The computations affect the appearance of the data, without changing its meaning.

To protect a message, an originator transforms a plaintext message into ciphertext. This process is called encryption. The ciphertext is transmitted over a network or data communications channel. If the message is intercepted, the intruder only has access to the unreadable ciphertext. Upon receipt, the message recipient transforms the ciphertext into its original plaintext format. This process is called decryption.

The secure sockets layer
Secure Sockets Layer (SSL) is a protocol that protects data sent between Web browsers and Web servers. SSL also ensures that the data coming from the Web site is not tampered while it is in transit. Any Web site address that starts with "https" will be SSL-enabled.

SSL provides a level of security and privacy for those wishing to conduct secure transactions over the Internet. SSL protocol protects HTTP transmissions over the Internet by adding a layer of encryption. This ensures that your transactions are not subject to "sniffing" by a third party.

In the next edition we will talk of good elements of a security policy.