Security in Networks (basics)

This is a post about the first basis that you need to acquire if you want to do a further studying in Security regarding Networks. First and as you might have seen in movies almost every network that is connected to the Internet has it's flaws and some of the experts that use it can explore them to harm or just access files or information that was not mention for them to see. I have already committed some of the so called "hacking" but notice that I did it with a full academic purpose, in fact that was what got me into studying Informatics Security in the first place, i got so deep(1) and so wide(2) that I was able to see the many errors that the programmers or technicians made in grating such security. I saw so many errors that i felt compelled to change things in my own way and to do so i began my study in informatics security with that purpose.


First i want to address the many stages of doing and implementing in a safe way this security. The baby steps of doing so is addressing what you want to protect by judging which information is the crucial for your network to work accordingly to its purpose, this is made by establishing a number of Politics(3). The other baby step is recognition of how you want do that, this is called Requirements(4).


After this there is only one simple principle(5) that you have to impose in your security and this is acknowledge by almost every one that does Informatics Security.



Definitions :

1. Notion of Deepness: Follows a more complex and more efficient security that the perimeter, as the name implies this protection is made by establishing levels of what you want to secure, not regarding the number of Machines that you want to secure.
2. Notion of Perimeter:  This consist in defining a perimeter that contains a number of machines and networks that you want to secure and avoid the interaction between the two sides of the that perimeter.
3. Notion of Politics: As said above it consists in the number of rules that you establish your implementation to have. For explaining i can only demonstrate you some examples, eg. Grating reliability of the information reserved or confidential, eg. Protection of critical information, eg. Continuity of the operation in course or of the service required by the user, etc, etc.
4. Requirements: This definition consist in the number of requirements that you need to ensure your politics to that action. eg. Authentication of users or services, eg. Number of privileges of users or services, eg. Keeping track and logging activities, etc, etc.
5. Minimum Privilege Principle: The users should use only the rights required for the execution of the tasks that are addressed to them.