Privacy glossary

Network security


What is network security?

Network security refers to the processes and tools an organization uses to monitor their network, control access and detect unauthorized activity, and prevent damage to the network and theft of its data. Network security is concerned with who has access to what data, and what permissions they have regarding that data, as well as network use in general. The tools and processes of network security can be applied to protect both large organizations and small networks like a home or small office.

Network security, an area within cybersecurity and information security, focuses on the security of network infrastructure with a goal of protecting the data accessed by that network. It must protect against outside and inside threats, whether intentional or accidental. A comprehensive network security strategy will adopt a layered approach, incorporating many different tools employed both at points of entry (“at the edge” or perimeter of the network) and within the network. An effective network strategy needs to continuously evolve to address new threats and new areas of vulnerability like cloud services and Internet of Things (IoT) devices.

What does network security protect?

In the context of network security, a network consists of a group of computers and other devices, and the hardware and software used to allow them to talk to one another. Network security protects this infrastructure and the associated data, systems, programs, apps, and websites that function on the network.

Protecting the networks and its associated data and programming means preventing events like data breaches and active sabotage. These events can be the result of various types of attacks, including:

  • Malware and so-called “driveby downloads” (malware installed unknowingly on an unsecured device in close proximity to the attacker)
  • Phishing or other social engineering ploys to steal access credentials
  • Eavesdropping or so-called “Man in the Middle” attacks that aim to intercept data
  • DDoS (dedicated denial of service) attacks, often done using botnets
  • DNS attacks
  • APT, or advanced persistent threat, where an attacker infiltrates the network and is able to maintain access, often for ongoing data theft

Attacks can be passive (like intercepting data) or active (like malware designed to disrupt functionality). Points of attack are anything that may have a weak spot: human activities like logging in, hardware and devices with design or operating system flaws, and applications with programming bugs are just some examples. Because of the importance of what’s being protected, and the variety of threats, network security can become a complex set of policies and procedures.

Why do we need network security?

Attacks can be very costly. Spending time and effort on maintaining good network security pays for itself by reducing the potential costs of recovery or reputational damage from a successful attack. An attacked system can suffer performance issues, which in turn can mean a loss of business. Adding to the cost of lost business is the cost to repair the damage to the system. Strong network security can mean avoiding these expensive repairs.

Data breaches are bad for the individual and for the organization responsible for storing the data. The cost to an individual can be financial, but there’s often an emotional toll and hours of lost time trying to recover and re-secure one’s accounts. The costs to an organization for a data breach are also substantial. In addition to losing the trust of their clientele, there may be fines, settlements, and legal fees. If the data breach is a part of a ransomware attack, ransom payments add to the total cost.

Finally, some organizations may be regulated. Some regulations require organizations to maintain and prove good network security. Regulations may also require timely disclosure when a data breach happens, and may levy fines when these disclosure requirements aren’t met. Some of the more familiar regulations that address network security and data breaches are HIPAA, GDPR, and CCPA.

The layers of network security

The first layer of network security is found on the perimeter, in an effort to keep bad actors out of the network entirely. But it’s important to create defenses within the network. Internal layers of security address the possibility of a successful attack breaking through the perimeter, and protect from malicious or dangerous actions within the network by trusted individuals. Here is a partial list of some tools and processes commonly used as part of a network security policy:

  • Physical security: This layer restricts who has access to system hardware. A common example is requiring a key card or biometric scan to access a server room.
  • User authentication: The layer most familiar to everyone, user authentication requires an individual to prove their identity. Traditionally, this is accomplished with a username and password, maybe paired with additional steps like multi-factor authentication (MFA) or hardware keys.
    • Recently, more security policies have adopted “zero trust.” The zero trust model assumes not all threats come from outside, but instead considers an internal attack as a possibility. It also handles the case where a compromised user account is used to conduct an attack. Zero trust limits user access to only what they need. This can be specific and tailored to the individual account. Zero trust is also a popular approach when data is stored in the cloud. With the cloud, the idea of identifying and protecting a perimeter is less clear, so zero trust checks every user for every type and level of access, and every time they want access.
  • Email and website protections: Email can be scanned for phishing or malware attachments, while website monitoring can block access to known phishing sites and malware sources, and watch for known vulnerabilities of website programming. Blacklists and whitelists are often a part of these processes.
    • For your home network, the Brave browser provides protection by blocking access to known malware sources and phishing sites.
  • Firewall: A firewall, which can be hardware or software, monitors and controls traffic into and out of a secured network. It can control user access to the network both at the edge and between sub-networks. Importantly, firewalls can also control what can leave (i.e. be transmitted out of) the network.
  • Remote access VPN: With the increase in remote work arrangements, providing security around how a remote individual accesses a system has become a priority. Remote access VPNs (also called client-to-site VPNs) are VPN systems designed for many individuals to use to access a single network and work together as if they were physically together. VPNs provide an additional security layer by encrypting all transmitted data passed over the external perimeter of the network.
  • Antivirus and IPS (intrusion protection system): These tools keep malware off network devices, protecting against known vulnerabilities and previously encountered types of attacks. They can also block DoS attacks.
  • Network segmentation: Segmenting a network is the application of access restrictions and permissions by category. Users may be granted or denied access based on job role, employee or non-employee status, location (for example, headquarters vs. retail store), or based on the device being used to access the network (for example, denial of access if a device is running unapproved software). Network segmentation can even be effective on a small scale, like when a home network is divided into one network for residents and a separate one for guests and IoT devices.
  • Data transmission: Using encryption to protect data in transmission and while stored is a common security measure. Network security policies can also protect data from getting into the wrong hands by restricting downloading, file copying, printing, and forwarding messages.
  • Network traffic monitoring: Tools are available that monitor network traffic for unusual activity. Real-time monitoring allows for swift reaction. These tools watch logins and login attempts, flag spikes in activity or activity from an unrecognized source, and can detect someone doing something they don’t usually do. AI is often part of the programming for these monitoring tools.

Challenges in network security

The landscape for network security is always changing and growing, generating new challenges to keeping systems safe. The variety of devices in more locations, including remote work and IoT, means it’s increasingly important to keep individuals focused on security and maintaining safe practices. The IoT explosion, in particular, creates a lot of opportunities for hackers. IoT security features are not always as rigorous as on other devices. Hacking into an IoT device can give access to both the local network (like the home the IoT device is in) and the controlling network (i.e. the company that makes the device and provides the app interfaces).

Most data breaches involve data stored on cloud systems. Cloud service providers perform some level of network security, but the organization using the cloud service needs to add their own layers via configuration within their corner of the cloud. Being proactive with their cloud presence as if it’s an in-house network requires new tools and policies, like the zero trust access model.

What does network security mean to me?

While you have to rely on the network security programs of the organizations that store your data, you can take steps to protect your home and small business networks, and all the data that goes with them:

  • The Brave browser, with Safe Browsing, protects you from unintended visits to websites with malware or phishing activity. The Brave browser also automatically upgrades connections to the more secure HTTPS for better protection of transmitted data.
  • Brave Firewall + VPN adds a layer of encryption to all your data transmission to protect against potentially malicious public networks.
  • Brave Firewall + VPN and Brave Shields block malicious online content or malicious ads used to trick you into installing malware.
  • Back up your systems regularly, and store remotely if possible, to defend against a ransomware attack.
  • Keep all software on all devices up-to-date.
  • Uninstall software you no longer need. If you don’t use the software, you’re less likely to keep it updated, so it can become an opening for hackers to get in.
  • Use strong passwords and MFA when possible. Use a password manager (like the one in the Brave browser) to help keep track of long, unique passwords that are impossible to memorize.
  • Change passwords on any new device, especially IoT devices and routers.

Ready for a better Internet?

Brave’s easy-to-use browser blocks ads by default, making the Web cleaner, faster, and safer for people all over the world.