A Fundamental Framework for Network Security

Abstract

A natural starting point in implementing a network security system should consist in a comprehensive definition that includes all areas related to network security and applies to all types of users from the military, government, and industry. Extensive search reveals the lack of such a definition or framework in the literature, and the underlying reason may be described as follows. Different classes of users have developed their own unique definitions to encapsulate their own security concerns, and their frameworks are incompatible with one another. While these unique definitions may have been adequate when networks were closed and isolated, they are inappropriate in today’s climate of increased interconnection between networks. Without a common definition for network security, users can no longer protect their data in interconnected networks. The need for a standard definition is genuine, and it must enable a unified and comprehensive view of security among civilian, military, and government networks. It must provide a basis to address, fundamentally, every weakness in a given network. It must also apply to every level of the network, starting at the highest network-of-networks level and descending to the single computing node that maintains connections with other nodes. In essence, the common standard for defining network security will enable the understanding of the security posture of an individual network, comprehensively facilitate the comparative evaluation of the security of two or more networks, and permit the determination of the resulting security of a composite network formed from connecting two or more networks. The need for a standard definition is genuine, and it must enable a unified and comprehensive view of security among civilian , military, and govern ment networks . It must provide a basis to address, fundamentally, every weakness in a given network . It must also apply to every level of the network, starting at the highest network-of-networks level and descending to the single computing node that maintains connections with other nodes. In essence, the common st andard for defining network security will enable th e und erstanding of t he secur ity posture of an individu al network, comprehensively facilitate the comparative evaluation of the security of two or more networks, and perm it the determination of the resulting security of a composite network formed from connecting two or more networks. It is important to observe that the framework for network security constitutes a methodology for organizing and categorizing actual implementations of network security. The framework does not provide implementations of network security. Inst ead , it offers a map for organizing and describing mechanisms to achieve practical network security. Consider, for example, a specific encryption device th at can both encrypt and decrypt data on a communications link. Whi le the device corresponds to an implementation of network security, the specific security area constitutes communications security. For further details of secur ity devices the reader is referr ed to Stallings [13], Pfleeger [14], and White, Fisch, and Pooch [15].