Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component fails to check potentially harmful contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS) helps detect and prevent such malware. IPS also monitors for suspicious network traffic for contents, volume and anomalies to protect the network from attacks such as denial of service. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network could be tracked for audit purposes and for a later high level analysis.

           Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the honeypot.

   [ http://rcm.amazon.com/e/cm?t=focusecurityc-20    [ http://rcm.amazon.com/e/cm?t=focusecurityc-20

A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.

A firewall's basic task is to control traffic between computer networks with different zones of trust. Typical examples are the Internet which is a zone with no trust and an internal network which is (and should be) a zone with high trust. The ultimate goal is to provide controlled interfaces between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle and separation of duties.

             An intrusion detection system is used to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

[ http://rcm.amazon.com/e/cm?t=focusecurityc-20    [ http://rcm.amazon.com/e/cm?t=focusecurityc-20

              A virtual private network (VPN) is a private communications network often used by companies or organizations, to communicate confidentially over a public network. VPN traffic can be carried over a public networking infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider's private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider. A VPN can send data e.g. voice, data or video, or a combination of these media, across secured and encrypted private channels between two points.

             Using more than one factor is also called strong authentication; using just one factor, for example just a static password, is considered by some to be weak authentication. (Strong authentication also includes multi-factor that do not include a physical factor, such as a card or dongle. The multiple factors can both be online for strong authentication.)

Common implementations of two-factor authentication use 'something you know' (a password) as one of the two factors, and use either 'something you have' (a physical device) or 'something you are' (a biometric such as a fingerprint) as the other factor. A common example of T-FA is a bank card (credit card, debit card); the card itself is the physical "something you have" item, and the personal identification number (PIN) is the "something you know" password that goes with it. See Chip and PIN for more information on this.