Network Security needs to be treated in exactly the same manner as Physical Security. If we examine our network we find that we have staff who access the network; visitors who will from time to time connect to our network, either internally or externally; and the intruder, the uninvited external person who wishes to hack into our environment. This is no different from the physical way that a company would operate with staff and visitors requiring access to the building, and intruders who wish to break in. Therefore, when we speak about Network Security we mean "the protection of our Network from unauthorised access".
Network Security is not only about putting in protective barriers (a Firewall and a content filtering product for mail), an access control system (requiring users to supply a password to log on) and an alarm system (intrusion detection). Rather it starts with the development of a Network Security policy that examines how for instance an employee will access the network, which parts of the network he will have access to and, more importantly, which areas he will not have access to. The security policy must also take into account disciplinary measures that need to be instituted against employees, who either attempt to access data or areas of the network for which they are not authorised or do not follow procedure with regard to disks and notebooks. While developing such a security policy, consideration must also be given to whether employees will be allowed to access controversial material on the Internet and how a company controls the transmission of confidential information to the outside world.
All of the above points also need to be considered for the visitor and the intruder, while at the same time ensuring that the policies that are implemented do not prevent users from being able to perform their duties.
Editorial contacts

