6.4.5 Explain the need for network security and describe how this can be achieved.
Teaching Notes:
Emphasize the importance of protection within a LAN by giving layered access (for example, via permissionis on certain areas) to different users, and marking files as read only. The need for a firewall to prevent intrusionfrom outside should be clear.
Sample Question:
A small company has a LAN connecting its various desk-top computers and
peripheral devices.
(a) Explain, with an example, how handshaking might be used during data
transmission over this LAN. [2 marks]
The company is going to provide Internet access to its LAN.
(b) State the name of an additional hardware device that would be required to permit
Internet access. [1 mark]
(c) Explain how a firewall would help to provide security for the LAN. [3 marks]
(d) Suggest, with reasons, two further measures that the company should take to
safeguard its data from unlawful access via the Internet. [4 marks]
JSR Notes:
Once again the focus of the assessment statement and teaching note is as much on the ‘why, as on the ‘what. The ‘what’ is covered pretty well in the textbook, I’ll focus a bit more on the context of it with relation to the ‘why’.
Note that the teaching note breaks the protection of a network into ‘from within’ and ‘from the outside’.
Protection From Within a LAN
It boils down to accounts, and permissions.
Accounts/Log-ins – different people have different levels of access, which is controlled by an overall accounts system, similar to the one that you probably use on your home computer, and like Shack does in his lab. You log in as a specific user and are given a certain level of access to files. There are actually various accounts on the computers in the Instructional Lab as well, it’s just that I keep them logged into an administrator’s account.
Permissions – The reason I’m able to keep the computers in the Instructional Lab logged into Administrator accounts is that I make abundant use of the second level of protection from within: permissions. I make sure that sensitive files are “Read Only”, or need an the Administrator password to be able to be changed (i.e. “Written to”). Generally, permissions for files can be one of: “read and write”, “read only”, “write only” or “no access”.
And actually, an accounts/log-in system is really just an organized way at managing permissions. In fact, each and every file will have a certain set of permissions; one for each user account on the computer. So an administrator account might have “read and write” for most of the data files, though actually “no access” for lots of other system files that area actually hidden from all accounts normally. Meantime, a typical user account will have “read only” for all of the application programs, and “no access” for a bunch of utilities etc., but will have full “read and write” for their “Home” folder. Yet inside that, they may have a “Public” folder that will have “read and write” access for all users on the computer.
Protection From (and To) The Outside
It’s both from as well as to, since you often want to protect data being sent out from your computer or network to some other place. So we’ll deal with that first:
Encryption – In a nutshell, this is simply the scrambling of the data before it is sent. The only way the receiver of the data (intended receiver or otherwise…) can un-scramble the data is with a certain ‘key’ that only he/she is entitled to. You could come up with all sorts of weird and wacky ways to scramble and unscramble words; it’s just a matter of coming up with a specific algorithm to do so, and also figuring out the algorithm to take it back to the way that it was.
Firewalls – Often times the main firewall of a network will reside on the gateway computer, or even be a separate computer or piece of hardware working with the gateway in the Demilitarized Zone (DMZ), but usually all personal computers have their own software firewall as well. The purpose is two-fold: one, to filter out and prevent access by a certain list of known malicious or infectious sites, and also to prevent hackers from directly accessing computers within the network.