What are the attributes of a secure network in information security?

Network security is a group of technologies that secure the usability and integrity of a company’s infrastructure by avoiding the entry or proliferation within a network of a broad variety of potential threats.

A network security architecture is composed of tools that secure the network itself and the software that run over it. Effective network security methods employ several lines of defence that are scalable and automated. Each defensive layer apply a group of security policies decided by the administrator.

Network security works with several layers of protection at the edge and in between the network. Some security layers implement some strategies and follow specified policies. Only the authorized users will acquire access to the network resources, and the unauthorized users will be blocked from governing exploits and malicious activities.

Securing network infrastructure is like securing available entry points of attacks on a country by deploying suitable defense. Computer security is more like supporting means to secure a single PC against external intrusion. The former is superior and practical to secure the civilians from getting unprotected to the attacks.

The preventive measures tries to protect the access to individual computers the network itself thereby securing the computers and other shared resources including printers, network attached storage linked by the network.

Attacks can be stopped at their entry points before they advance. As against in computer security the measures taken are targeted on securing individual computer hosts. A computer host whose security is negotiated is likely to infect multiple hosts connected to a possibly unsecured network.

Network security starts from authenticating some user, most likely a username and a password. Once authenticated, a stateful firewall apply access policies including what services are enabled to be accessed by the network users. Though efficient to avoid unauthorized access, this element fails to check potentially harmful contents including computer worms being transmitted over the network.

An Intrusion Prevention System (IPS) helps detect and prevent including malware. IPS also monitors for suspicious network traffic for contents, volume and anomalies to secure the network from attacks including denial of service. Communication among two hosts using the network can be encrypted to support privacy. Individual events appearing on the network can be tracked for audit purposes and for a current high level analysis.

Honeypots, essentially decoy network-accessible resources, can be set up in a network as surveillance and early-warning tools. Techniques used by the attackers that tries to negotiate these decoy resources are learned during and after an attack to maintain an eye on new exploitation techniques. Such analysis can be used to more tighten security of the actual network being secured by the honeypot.