expertise in network security, firewalls, and VPN solutions.

Expertise in Network Security, Firewalls and VPN Solutions
Name of Student:
Course:
Course Instructor:
Date:
Expertise in Network Security, Firewalls and VPN Solutions
Introduction
The contemporary digital world of today is rapidly becoming interconnected with the internet coupled with the new technology of networking. Consequently, there is a lot of information that is of commercial nature, personal, military and even governmental on the existing network systems (Lye & Wing, 2005). Kahate (2013) provides that the internet mechanism has been developed in a way it is vulnerable to many security threats. This brings about the necessity of security to the divergent information that is within the network systems hence the element of network security (Raya & Hubaux, 2005). It has been established that mitigating the vulnerability of the computer attacks can be achieved through modification of the architecture of the internet (Pathan, Lee & Hong, 2006). This is possible if there is adequate knowledge relating to the attack methods. In practice, businesses work towards securing themselves by use of encryption mechanisms and firewalls (Snader, 2015). It is to this effect that this paper seeks to critically analyze the whole concept of network security, firewalls and VPN solutions as well as provide recommendations thereto.
Overview of Network Security Fundamentals, Security Threats and Issues
Most applications that exist have system and network technology as their basic technology (Pathan et.

al., 2006). As such, security is an essential requirement for the developing networks. Research in this field reveals that there is substantial inadequacy of security methods that can be put in place to guard the network system (Lye & Wing, 2005). This has been caused by the existing insufficiency in communication between those who create security technology and the network innovators. Network design refers to a process which is developed well with its basis being the Open Systems Interface (OSI) model (Raya & Hubaux, 2005). Shinder (2011) provides that the OSI is handy when developing networks in that it has an advantage of flexibility, it provides modularity, it is easy to use and has the element of standardizing protocols. The protocols are of varied layers and they can be put together to form stacks that permit creation of modules (Kahate, 2013). The above-mentioned layers could be changed later minus making any further adjustments hence permitting freedom in terms of development.
On the contrary, the network design has no process of security that is well developed. This is because there is no developed method to specifically manage the dynamism that is associated with security requirements (Lye & Wing, 2005). Benefits of secure network design are not similar to those of mere network design. Network security requires that there is sufficient security in the entire network at each end of communication chain (Pathan et. al, 2006). It involves securing the communication channel against vulnerability to attacks. This is because a potential hacker might aim at a specific communication channel, get the data that is therein, decrypt it and re-insert a message that has false information (Kahate, 2013). To this end, it becomes clear that securing the network is essential as it denotes securing computers together message encryption.
Shinder (2011) provides that in order to develop a secure network consideration must be placed on:-
Accessibility-where the users who are authorized are allowed to communicate to and from a specific network.
Confidentiality- Where information within the network is made to be private.
Authenticity-Where there is certainty that the users are the same that claim they are.
Integrity- It must be ensured that the information to be transmitted is not modified in the process.
Non-repudiation- The users must be stopped from denying that they used the network in case they did.
In this regard, therefore, security architecture commonly known as internet protocol (IP) security has been developed as a standardization internet security (Pathan et.al, 2006). According to Raya & Hubaux (2005), there exists IP (IPv6) which is a new generation that has been developed to aid the IPv4 version.
Detailed Network Security Recommendations
Fundamentals of firewalls and VPNs
Firewalls refer to software that is placed in the operating systems of computers (Shinder, 2011). They are developed with the main objective of ensuring that computers within an organization are protected against the dominant impacts caused by cyber crimes (Raya & Hubaux, 2005). I simple terms, Firewalls do jobs like blocking access of employees to specific websites that are fraudulent and preventing access of hackers to the business’ network protocol (Kahate, 2013). Moreover, Walters, Liang, Shi & Chaudhary (2007) provide that Firewalls ensure that the business network is prevented against most of the forms of malicious software that spread so fast with the intention of demining the security measures of an organization.
On the other hand, VPN (Virtual Private Network) refers to the technology which is charged with the function of creating an encrypted connection for networks that have insufficient security (Snader, 2015). Its mechanism is designed in a manner that it ensures that the required level of security is provided to a network technology under any given circumstance (Shinder, 2011). VPNs are handy in setting up secure communications between endpoints. However, it is provided that they constitute only one weapon and as such integrating them with Firewalls which is an older and a security technology that is more established to provide an even stronger protection to a network system (Raya & Hubaux, 2005).
3.2 Recommended Firewalls and VPNs
There are three types of firewalls namely; packet filtering, circuit gateways, application gateways and hybrid firewalls. Circuit gateways work at the network transport layer, application gateways work at the level of application where it examines information while the hybrid firewalls employ integrated elements of firewalls to function (Shinder, 2011). Hybrid firewall is normally developed to rapidly add new services to the firewall that is prevailing. For example, a packet filtering of circuit gateway could be added as it needs a new proxy to be written in order for a new service to be provided (Kahate, 2013). There are several types of VPNs including PPTP, Site-to-Site, L2TP, IPsec, SSL, MPLS and Hybrid VPN (Snader, 2015). Unlike firewalls, pointing out one type of VPN as the best is not a reasonable approach. Instead, it is necessary that one takes a number of factors into consideration. These include the number of users, bandwidth, security and cost. Settling on one type VPN shall, therefore, be determined by the needs of a specific company.
3.3 Recommendations for implementing the proposed solutions.
Organizations are called upon to put in place good operational controls so as to effectively address the issues being discussed herein. For example, employees should be made to sign use policies that are acceptable whenever they are hired (Raya & Hubaux, 2005). According to Walters et al. (2007), the worst attackers to communication networks include the disgruntled employees and, therefore, they ought to be provided with the minimum required access to the communication networks used within the company. It should not also be forgotten that when employees leave the company, a termination to all access such as keys, badges and even physical access should be done (Shinder, 2011). When all this is implemented then there would be an increased security of the organization’s communication network. An emphasis is put on this point since an observation has been made that most organizations put more effort on dealing with outside attacks and forget that actually insiders constitute the bigger threat (Kahate, 2013).
4.0 Summary
The above analysis reveals that network security is a critical component that requires special attention in this internet expansion era. The paper has analyzed security threats and Internet protocol so as to ascertain the required security technology and apply it. It is established that security technology is in most cases based on software as much as most hardware devices that are common are used. The development of the security of the new internet protocol-IPv6 has been proved to be proved to be more effective as much as it still has some shortcomings as far as security issues are concerned. Integrated use of IPv6 together with security tools like firewalls, intrusion detection in addition to mechanisms of authentication shall be efficient in terms of protecting intellectual property as of now. However, since the field of network security is characterized by dynamism, a preparation for dealing with the evolved versions of the threats in the future must be in the pipeline.
References
Chen, X., Makki, K., Yen, K., & Pissinou, N. (2009). Sensor network security: a survey. Communications Surveys & Tutorials, IEEE, 11(2), 52-73.
Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.
Lye, K. W., & Wing, J. M. (2005). Game strategies in network security. International Journal of Information Security, 4(1), 71-86.
Pathan, A. S. K., Lee, H. W., & Hong, C. S. (2006, February). Security in wireless sensor networks: issues and challenges. In Advanced Communication Technology, 2006. ICACT 2006. The 8th International Conference (Vol. 2, pp. 6-pp). IEEE.
Raya, M., & Hubaux, J. P. (2005, November). The security of vehicular ad hoc networks. In Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks (pp. 11-21). ACM.
Shinder, T. W. (2011). The best damn firewall book period. Syngress.
Snader, J. C. (2015). VPNs Illustrated: Tunnels, VPNs, and IPsec. Addison-Wesley Professional.
Walters, J. P., Liang, Z., Shi, W., & Chaudhary, V. (2007). Wireless sensor network security: A survey. Security in distributed, grid, mobile, and pervasive computing, 1, 367.
Walters, J. P., Liang, Z., Shi, W., & Chaudhary, V. (2007). Wireless sensor network security: A survey. Security in distributed, grid, mobile, and pervasive computing, 1, 367.