Tarin Sultana’s Expanded Definition of Network Security

To: Professor Ellis
From: Tarin Sultana
Date: March 17, 2021
Subject: Expanded Definition of Network Security


The purpose of my 750-1,000-Word Expanded Definition Project is to explore the term “network security” as a general introduction for undergraduates that are studying computer information technology, and which is also associated with my college major. I decided to focus on network security because it is a global issue in technology right now. While writing this document, I will expand the term of network security. I will use different quotes to discover the differences or similarities uses in separate sections or purposes in the context. At the end of this project, in the working definition section, I will provide my practical explanation that I learned during the research of my project. 


If we look at the word “network security,” it is two words; there are two different definitions of each term. Such as according to the Oxford English dictionary, “network” means “A group of people who exchange information, contacts, and experience for professional or social purposes.” And “security” means “A group of people who exchange information, contacts, and experience for professional or social purposes.” The term “network” has changed over time and continues to change as emerging technology such as cloud computing and the Internet of Things (IoT) grow faster. As a result, new and diverse network detection tools need to protect this widening presence. If we connect with the term of network and security, in technology this the same word and the definition of the term is, network security is a system of principles and configurations that use both software and hardware to protect the integrity, confidentiality, and accessibility of computer networks and data. 


A researcher at a NASA center in California is generally known for creating the first firewall. They developed a network protection method that was a virtual version of the “firewall” used in physical structures to prevent fires from spreading to other areas of a building or complex after being targeted by a virus in 1988. “Protecting the confidentiality of corporate information, preventing unauthorized access and defending the network against attacks remain primary concerns of network security professionals today.” (Crowcombe, 2004). The context uses the Intitle “network security” that is critical for both personal and business networks. Data loss, fraud, and sabotage can all reduce with a sound network security system. The purpose of network protection is to protect the network from cyberattacks and hacking attempts. 

The term network security uses in different sections. It can also improve network traffic, improve network performance, ensure secure data sharing between employees and data sources, and protect assets and data integrity from external exploits. The protection given to a network against unauthorized access and threats is known as network security. Network administrators must take preventative steps to safeguard their networks against future security threats. Daily transactions and correspondence within the government, individuals, or businesses necessitate secure computer networks. Assigning a unique name and corresponding password to a network resource is the most common and easy way of protecting it.

Working Definitions

Network security is critical for both personal and business networks. Most homes with high-speed internet have one or more wireless routers, which can be a hack if not adequately protected. Data loss, hacking, and sabotage are all risks that can reduce with a network security system. It did not take much to realize that businesses had to have such basic safety protective measures when they began connecting their internal/trusted networks to external/untrusted internet. Network architectures have developed that create protection layers between the most sensitive parts, usually where the mainframes or databases reside on the internet, which is untrusted and external.


J. Reuvid (Ed.).(2004). Secure Online Business Handbook (3rd ed., pp.226). Kogan Page. https://link.gale.com/apps/doc/CX3471300002/GVRL?u=cuny_nytc&sid=GVRL&xid=ae2ace0a

Z. Chen, W. Dong, H. Li, P. Zhang, X. Chen and J. Cao. (Feb. 2014). Collaborative network security in multi-tenant data center for cloud computing. Tsinghua Science and Technology, 19(1), 82-94. https://doi.org/10.1109/TST.2014.6733211

NATO, A. S. I. O. N., North, A. T. O., NATO, S. F. P. A. S. (2008). Aspects of network and information security. E. Kranakis, et al’s. (Ed.). IOS press. 

Crowcombe, Peter. “Network Vulnerabilities.” Secure Online Business Handbook, edited by Jonathan Reuvid, 3rd ed., Kogan Page, 2004, pp. 63-66. Gale eBooks, link.gale.com/apps/doc/CX3471300019/GVRL?u=cuny_nytc&sid=GVRL&xid=bba83999..

Summary of Shin et al.’s “A First Step Toward Network Security Virtualization: From Concept to Prototype”

TO: Prof. Ellis

FROM: Tarin Sultana

DATE: 03/03/2021

SUBJECT: 500-Word Summary of Article About Network Security

The following is a 500-word summary of a peer-reviewed article about how to secure virtualized network using Network Security Virtualization (NSV). The authors introduce a new method of network security virtualization using NETSECVISOR with the least management cost. According to the authors, “The main goal of this work is to propose a new idea, network security virtualization (NSV), and design a prototype system (with the name of NETSECVISOR) that can enable NSV in cloud-like networks to help all tenants easily use security services.” (Shin et al., 2015). To demonstrate the usefulness of Network Security Virtualization (NSV), network security follows two strategies: (i) transparently monitoring flows to preferred network security providers and (ii) allowing network security response functions on a network computer.  As an example of NSV setup, some essential elements are necessary, such as six routers (R1 – R6), three hosts (H1 – H3), 2 VMs (VM1 and VM2), and a Network Intrusion Detection System. By blocking network packets from each infected host, NETSECVISOR protects corrupted VMs from a network. Network security virtualization has two main functions: (i) transparently transmit network flows to desired security devices, and (ii) allow security formulas in network devices when required. Software-Defined Networking (SDN) is an evolving network technique that allows management network flows and tracks for overall network status efficiently. Five main functions of NETSECVISOR. (i) System and policy manager, (ii) Routing rule generator, (iii) Flow rule enforcer, (iv) Response manager, and (v) Data manager. A cloud administrator must use a simple script language that requires (i) system ID, (ii) device form, (iii) device position, (iv) device mode, and (v) supported functions to register existing security devices with NETSECVISOR to use them. After registering security devices for a cloud network with NETSECVISOR, it will show the security devices’ details to users using the cloud network. For security requirements, NETSECVISOR should consider the following two factors: (i) network packets should pass through specific security devices, and (ii) The network packet routing paths have to be developed and optimized. NETSECVISOR allows for introducing five security response techniques that do not necessitate installing physical security equipment or improvements to network configurations for packet handling. There are two modes of operation for these methods: passive mode and in-line mode. To check the adequacy and effectiveness of NETSECVISOR, there are three different network topologies, but two are for a virtual network environment, and another is a commercial switch environment. NETSECVISOR can construct a routing path in 1 millisecond, which translates to 1,000 network flows per second. Each topology’s CPU and memory consumption overhead are also assessing. When NETSECVISOR creates routing routes, it adds overhead. A comprehensive cloud network has millions of clients and virtual machines, and each routing path can be generated independently and asynchronously. NETSECVISOR prototype is easy to use, and clients can quickly build their own security rules; users have more choices for system types, traffic types, and response activities. Also, NVS can virtualize security resources and functions and provide security response functions from network devices as needed. 


Shin, S., Wang, H., and Gu, G. (2015). A first step toward network security virtualization: From concept to prototype. IEEE Transactions on Information Forensics and Security, 10(10), 2236-2249.  https://doi.org/10.1109/TIFS.2015.2453936