Spam filter, Antivirus software, Proxy server | Network access control (NAC)
NAC is a network security control device that restricts the availability of network resources to endpoint devices that comply with your security policy. Some NAC solutions can automatically fix non-compliant devices to ensure they are secure before allowing them to access the network. Network access control does a lot to enhance the endpoint security of a network. Before giving access to the network, NAC checks the device’s security settings to ensure that they meet the predefined security policy; for example, it might check whether the host has the latest antivirus software and the latest patches. If the conditions are met, the device is allowed to enter the network. If not, NAC will quarantine the endpoint or connect it to the guest network until the proper security enhancements are made to comply with policy. NAC can use agents to assess the device’s security or it can be agentless.
Proxy servers act as negotiators for requests from client software seeking resources from other servers. A client connects to the proxy server and requests some service (for example, a website); the proxy server evaluates the request and then allows or denies it. Most proxy servers act as forward proxies and are used to retrieve data on behalf of the clients they serve.
A mail gateway can be used not only to route mail but to perform other functions as well, such as encryption or, to a more limited scope, DLP. More commonly, spam filters can detect unwanted email and prevent it from getting to a user’s mailbox. Spam filters judge emails based on policies or patterns designed by an organization or vendor. More sophisticated filters use a heuristic approach that attempts to identify spam through suspicious word patterns or word frequency. The filtering is done based on established rules, such as blocking email coming from certain IP addresses, email that contains particular words in the subject line, and the like. Although spam filters are usually used to scan incoming messages, they can also be used to scan outgoing messages to help identify internal PCs that might have contracted a virus.
Antivirus software is one of the most widely adopted security tools by both individuals and organizations. There are different ways antivirus solutions recognize malicious software:
Based on the existing malware signatures — Signatures are the most popular way to detect malicious code. These signatures are basically the malware’s fingerprints; they are collected into huge databases for use by antivirus scanners. That’s why it is critical that the antivirus application stays up to date — so that the latest signatures are present. Signature-based detection works by looking for a specific set of code or data. Antivirus solutions compare every file, registry key and running program against that list and quarantine anything that matches.
Using heuristics — A slightly more advanced technique is heuristics. Instead of relying on malware that has been seen in the wild, as signatures do, heuristics tries to identify previously unseen malware. Heuristics detection will scan the file for features frequently seen in malware, such as attempts to access the boot sector, write to an EXE file or delete hard-drive contents. A threshold must be set by the administrators to determine what will trigger malware detection. This threshold must be set just right for heuristics scanning to be effective. Heuristic signatures are the way of monitoring for certain types of “bad” behavior. Every virus has its own specific characteristics. The known characteristics are used to build up defenses against future viruses. Although there are new viruses created and distributed almost every day, the most common viruses in circulation are the copies of the same old ones. Therefore, it makes sense to use the historical facts of viruses and their characteristics to create defenses against future attacks.
Based on file length — Another method of virus detection is to use file length. Because viruses work by attaching themselves to software as their surrogates, the length of the surrogate software usually increases. Antivirus software compares the length of the original file or software with the length of the file or software whenever it is used. If the two lengths differ, this signals the existence of a virus.
Based on checksums — A checksum is a value calculated in a file to determine if data has been altered by a virus without increasing file length. Checksums should be used only when it is clear that the file was virus-free the first time a checksum was computed; otherwise, the baseline checksum will be invalid. Virus symptoms usually depend on the type of virus. Remember that symptoms are not unique to any one virus; several viruses can have similar symptoms. Some of the most common symptoms are the following:
Frequent or unexpected computer reboots
Sudden size increases in data and software
File extension change (common with ransomware)
Disappearance of data files
Difficulty saving open files
Shortage of memory
Presence of strange sounds or text
Antivirus can be a part of endpoint protection systems that provide not only virus protection but DLP, AppLocker, content filtering and other capabilities as well.
There are several ways an attacker can avoid antivirus products. If the attacker’s software is never seen by the antivirus companies, then there will be no code signature and it will not be caught. But it can still be caught by antivirus heuristics technology. Attackers can also avoid being seen by the antivirus program; there are many stealth techniques that can be used to avoid getting scanned.
We’ve described almost all devices that will increase security in your network. Some of them, such as firewalls and antivirus software, are must-have network security devices; others are nice to have. Before implementing any new security device, always perform an IT security risk assessment; it will help you determine whether the investment is worth
Searches related to network security devices
network security definition
network security hardware
network security devices in computer network
network security basics
network security measures
network security devices ppt
network security applications
how does network security work