SOLUTIONS
Deliver Superior Online Experiences
Mitigate DDoS AttacksStop Malicious Bot AbuseAccelerate Internet ApplicationsEnsure Application AvailabilityOptimize Web ExperiencesStream Videos On-Demand
Secure Employee Applications and Devices
Deliver Zero Trust Access to ApplicationsImplement Secure Access Service Edge (SASE)Protect Users Accessing the InternetProtect Corporate NetworksManage Secure Contractor AccessReplace Virtual Private Networks (VPNs)Secure Your Remote WorkforceStop Zero Day Attacks with Browser Isolation
 
Protect and Accelerate Networks
Mitigate L3 DDoS AttacksConnect network infrastructure with CloudflareTransform Corporate Networks
Code on the Network Edge
Build a Serverless ApplicationDeploy a Static WebsiteConfigure a CDNDefine Conditional Request Routing
Manage a Secure Cloud
Secure Hybrid, Cloud, & SaaS PlatformsEnable SSL for SaaS ApplicationsReduce Cloud Data Transfer Costs
Register a Website
Register or Transfer a Website
INDUSTRIES
eCommerceFinancial ServicesGamingHealthcare and Life SciencesMedia and EntertainmentPublic SectorSaaS
PUBLIC INTEREST
Election CampaignsAthenian ProjectProject GalileoProject Fair Shot
FOR INFRASTRUCTURE
Application & Network Security
DDoS ProtectionWAFBot ManagementMagic TransitMagic WANRate LimitingSSL / TLSSSL/TLS for SaaS ProvidersCloudflare SpectrumNetwork InterconnectCDNDNSArgo Smart RoutingLoad BalancingStream DeliveryChina NetworkWaiting Room
FOR TEAMS
Cloudflare for TeamsAccessGatewayBrowser Isolation
FOR DEVELOPERS
Serverless Applications
Cloudflare WorkersCloudflare Workers KV
Domain Registration
Cloudflare Registrar
Website Development
Cloudflare PagesCloudflare Stream
SaaS Developers
Cloudflare for SaaS
FOR EVERYONE
1.1.1.11.1.1.1 with WARP (App)1.1.1.1 for Families
INSIGHTS
AnalyticsCloudflare LogsWeb AnalyticsCloudflare Radar
PRIVACY
Data LocalizationCompliance
FOR INFRASTRUCTURE
Advanced Security
Bot ManagementFirewall rulesMagic TransitSpectrum (TCP/UDP)SSLWAFCDNDNSImage ResizingLoad BalancingStream (Video)
 
Insights
Analytics
Domain Registration
Registrar
FOR SERVERLESS APPLICATIONS
Workers Quick StartCloudflare PagesSample Workers ProjectsWorkers TutorialsCommand-line (Wrangler)Runtime
FOR TEAMS
Cloudflare for Teams
EXPLORE CLOUDFLARE API
Cloudflare APIAPI Authentication
DOCUMENTATION HUB
Dev Documentation Hub
RESOURCES
Resource HubWhitepapersWebinarsSolutions & Product GuidesCase StudiesAnalysts
EXPLORE
What's New?Network MapCloudflare in ChinaGDPR
GET STARTED
Register Your WebsiteWelcome CenterGet Help
LEARN
Learning CenterSecurityDDoSBot ManagementSSLIdentity and Access ManagementPerformanceCDNDNSCloudServerlessNetwork Layer
CONNECT
BlogCommunity
TRUST
Trust HubPrivacy & Data ProtectionPrivacy & Data ProtectionCertificationsTrust & SafetyGDPRLegal Documentation
CONTACT
+1 650 319 8930
CHANNEL & ALLIANCE PARTNERS
Partner NetworkPartner Portal
TECHNOLOGY PARTNERS
OverviewAnalytics PartnersBandwidth AllianceEndpoint Security PartnershipsInterconnect PartnershipsNetwork On-ramp PartnershipsPeering Portal
PRICING BY PLAN
FreeProBusinessEnterprise
COMPARE AND EXPLORE
Need Help Choosing a Plan?Add OnsCompare All Plans

What is network security?

Network security refers to a wide range of technologies and practices that keep internal networks secure.

Learning Objectives

After reading this article you will be able to:

  • Define 'network security'
  • Explain some of the major network security risks
  • Describe network security measures

Related Content

Wide Area Network (WAN)

Local Area Network (LAN)

What is MPLS?

Network-as-a-Service (NaaS)

Subnet

Copy article link

What is network security?

Network security is a category of practices and technologies that keep internal networks protected from attacks and data breaches. It encompasses access control, cyber attack prevention, malware detection, and other security measures.

"Network security" most often refers to the protection of large enterprise networks. (For information on protecting smaller networks, see What is a LAN? and What is a router?)

Network definition

A network is a group of two or more connected computing devices. Networks range in size from small personal area networks (PANs) and local area networks (LANs) to large wide area networks (WANs), which connect smaller networks across wide distances.

Almost all businesses today rely on some type of network to be productive, whether it is a LAN that allows their employees to access the Internet, a WAN that connects their various office locations, or a network-as-a-service (NaaS) that performs these functions in the cloud.

What are common network security risks?

Like any important business asset, networks can be compromised in a variety of ways. Threats to prepare for include:

  • Unauthorized access: If an unauthorized user gets access to a network, they could be able to view confidential information that would otherwise remain private. They could also leak confidential data or compromise internal systems.
  • DDoS attacks: Distributed denial-of-service (DDoS) attacks aim to slow or deny service to legitimate users by flooding networks or servers with junk traffic. DDoS attacks can overwhelm a network so that it is no longer functional.
  • Vulnerability exploits: Attackers can use vulnerabilities in login portals, applications, hardware, or other areas to penetrate a network for a variety of malicious purposes.
  • Malware infections: Common malware infections include ransomware, which encrypts or destroys data; worms, malware that can quickly replicate throughout a network; and spyware, which allows attackers to track user actions. Malware can enter a network from a range of sources, including unsecured websites, infected employee devices, or targeted external attacks.
  • Insider threats: Internal employees or contractors can unintentionally undermine network security or leak data when they are unaware of security best practices. In other cases, users may intentionally compromise a network or leak data for reasons of their own.

What are the important network security technologies?

Network security is a broad field. Below are just some of the technologies that an organization can use to protect their network. In order to reduce complexity, most organizations try to rely on as few vendors as possible for network security; many enterprises look for vendors that offer several of these technologies together.

Access control

Access control restricts access to data and the software used to manipulate that data. It is crucial for preventing unauthorized access and reducing the risk of insider threats. Identity and access management (IAM) solutions can help with this area. Many enterprises use virtual private networks (VPNs) to control access; however, today there are alternatives to VPNs.

User authentication

Authentication, or the verification of a user's identity, is a crucial component of access control. Using two-factor authentication (2FA) instead of simple passwords is an important step towards making networks more secure.

Firewalls

Firewalls filter potential threats from network traffic. They can block malware attacks, vulnerability exploits, bot attacks, and other threats. Traditional firewalls run within a business's physical location using a hardware appliance. Today, many firewalls can run in software or in the cloud, eliminating the need for firewall hardware.

DDoS protection

Websites and networking infrastructure both need to be protected from DDoS attacks in order to remain operational. In particular, networking infrastructure needs DDoS mitigation at the network layer, rather than the application layer.

Data loss prevention (DLP)

While firewalls and DDoS protection keep external attacks from coming into a network, data loss prevention (DLP) stops internal data from being taken outside of a network.

Browser isolation

Accessing the Internet from within a network introduces risk because web browsing involves executing code from external untrusted sources (e.g. various web servers) on user devices. Browser isolation eliminates this risk by executing code outside of an organization's internal network, often on a cloud server.

What other steps should enterprises take to secure their networks?

While it is not possible to be completely secure from attacks, these steps can further reduce risk:

Maintaining data backups: Even the most well-defended network can fall to an attack. Losing partial or full access to internal data and systems can be devastating to a business; keeping backup copies of data helps to mitigate the impact of such an attack.

User education: Many data breaches and malware infections occur because a user simply made a mistake, whether by accidentally opening an unsafe email attachment, providing their login credentials as a result of a phishing attack, or allowing outside access in some other way. Internal employees and contractors should be made aware of how to stay safe and protect the network.

Applying a 'zero trust' philosophy: Zero trust security is the principle that no user or device should be trusted by default.

How does Cloudflare keep enterprise networks secure?

  • Cloudflare One is an all-encompassing product that includes networking services bundled with security — including all of the security technologies addressed above.
  • Cloudflare Magic Transit protects networks from DDoS attacks at layers 3 (the network layer), 4 (the transport layer), and 7 (the application layer) of the OSI model.
  • Cloudflare for Teams is a suite of products for access control and endpoint protection.

In addition to securing their networks, many enterprises today need to protect cloud computing resources as well. Learn more in How does cloud security work?

Sales

About the Network Layer

Network Types

Networking Basics

Glossary

Learning Center Navigation

© 2021 Cloudflare, Inc.Privacy PolicyTerms of UseDisclosureCookie PreferencesTrademark