Network Security

Fundamentals
• Network security is the set of strategies, processes, and
technologies designed to protect an institutional
network from unauthorized access and harm
 Importance of Network
Security
There are a number of them but we have a look at four of them:
• Operational risks; viruses, malware and cyber attacks can disrupt
organizational operations
• Financial risks for compromised personally identifiable
information (PII); Data breaches (passwords, PINs, images) can be
expensive in law suits and can ruin organizational reputation
• Financial risk for compromised intellectual property; loss of ideas,
inventions and products can lead to loss of business and
competitive advantage
• Regulatory issues; breaches can lead to fines, bans and possible jail
terms
# Threat/Threats Meaning Solutions

1 Social involve deceiving users into revealing sensitive information Employee training, email
Engineering or such as usernames, passwords, or credit card details, by posing filtering (firewall), spam
Phishing as a trustworthy entity via email, phone calls, or fake websites detection, Access controls
2 Eavesdropping involves capturing network traffic to gather sensitive Encryption, network monitoring,
or sniffing or information like passwords, credit card details, or confidential network segmentation,
snooping data authentication
3 Brute-force guesses the maximum combination of passwords Multifactor authentication, e.g a
password and an OTP
4 Spoofing presuming the IP of a network, creating an illusion of being a Packet filtering (firewall), access
valid IP by creating Internet Protocol packets with disguised control list, encryption
intentions of harming the actual owner of the IP address
5 Man-in-Middle an attacker intercepts and possibly alters communication Encryption, authentication
between two parties without their knowledge. It allows the
attacker to eavesdrop, steal data, or impersonate one of the
parties
6 Malware Malicious software, such as viruses, worms, trojans, Firewall, regular updates and
ransomware, and spyware, that can infiltrate a network, patches (bags fixing), antivirus,
compromise data, or disrupt system operations intrusion detection systems
7 Denial-of- overwhelm a network, system, or application with a flood of Firewalls, intrusion detection,
service or DDoS traffic, rendering it inaccessible to legitimate users
 Network Security Threats
Internal Security Threats
• Caused by human errors
• take the form of phishing attacks, careless decision-making, weak
passwords, accounts misconfiguration and more.
• result in downtime, loss of revenue, and disgruntled customers
 IP Spoofing
• IP spoofing means presuming the IP of a network, creating an
illusion of being a valid IP by creating Internet Protocol packets
with disguised intentions of harming the actual owner of the IP
address.
• By forging the headers in order to insert fallacious information in
the e-mail headers to mislead the receiver from the original
destination is also a type of spoofing which is known as Spamming
• Filtering of packets (firewalls) entering into the network is one of
the methods of preventing Spoofing. On other hand, filtering of
incoming and outgoing traffic should also be implemented.
• Access Control Lists (ACLs) help prevent Spoofing by not allowing
falsified IP addresses to enter.
• Accreditation to encryption should be provided in order to allow
only trusted hosts to communicate with.
 Eavesdropping
• an intruder intercepts the packages of data transferred over HTTP
(through monitoring software), modifies the data and misuses
them in order to harm the network. It is really a dangerous threat
as there are many tools named as Sniffers available and developed
frequently to intercept the data packages.
Security Solutions
• Entertaining encryption strategy will secure you a way out from
eavesdropping. Using encryption measures like digital certificates (
SSL certificates) will definitely lessen the risk of eavesdropping
attacks.
• Apply network segmentation e.g a VLAN, which will prevent
eavesdropping as well as other network attacks.
• Employing Network Access Control (NAC) e.g passwords, MAC
filtering etc, enhances the security of your network by checking the
authenticity of every device before establishing any connection
Man-in-the-middle-attack
• MITM is one of the most dreadful network threats. An intruder
here establishes an independent connection with both sender
and receiver, intercepts their messages one by one, modifies
those messages and relays them back to the sender and receiver.
This all occurs so smoothly that both the sender and receiver
never come to know that they are being overheard by someone.
In addition, it exposes your network to several other threats.
Security Solutions
• Using Public Key Infrastructures (encryption) based
authentications. It not only protects the applications from
eavesdropping and other attacks but also validates the
applications as a trusted ones. Both the ends are authenticated
hence preventing (MITM) Man-in-the-middle-attack.
• Setting up passwords and other high-level secret keys in order to
strengthen the mutual authentication
 Brute Force Attacks
• A brute Force attack is performed to guess the maximum
combination of passwords. It is researched that 5% of attacks
are responsible for Brute Force attack. An attacker does not
interfere in the user’s task but works on each keystroke a user
types and guess the combination of username and
passwords. The attacker checks all passphrases and
passwords until a correct match is not found.
Security Solutions
• A user should increase the password’s length, and the
complexity of a password should be increased.
• A limited login should be enabled like after three failed
attempts; a user will be locked.
• Multi-factor Authentication can help to avert brute force
attack as it works as an additional layer when a login attempt
is made
 Reconnaissance Attack
• A reconnaissance attack is a piece of collecting information
through physical reconnaissance, network examining,
social engineering. Ping sweep, phishing, packet sniffing are
few examples of Reconnaissance attacks. Attackers keenly
observe social media profiles and find loopholes in the
network, applications, and services and search the area to
take advantage of them.
Security Solutions
• Do continuous inspect network traffic to stop port scanning.
• Run security awareness training for users to give them an
idea about what to share and what not to.
• Conduct audit of logical and physical security in the office
Distributed Denial-Of-Service (DDoS) Attacks
• cybercriminals infect internet-connected devices (mobile
phones, computers, etc.) and convert them into bots
(robot/codes). Hackers send the bots to a victim's IP address
• This results in a high volume of internet traffic bombarding
the website with requests and causing it to go offline
• A DDoS attack causes websites to crash, malfunction, or
experience slow loading times
• Monitoring the packets to save your server from the
entrance of the counterfeit packets.
• Timely upgrading of the security patches on your host’s
operating system.
• Beware of the running your server very close to the last level
of the capacity
 Malware
• Malware are malicious software programs used to gather
information about victims through compromised devices. After
successful deployments, hackers can mine devices for classified
information (email addresses, bank accounts, passwords, etc.)
and use them to commit identity theft, blackmail, or other
business-damaging actions.
• Malware includes:
• Worms – exploits weaknesses in computer systems to spread to other
devices.
• Rootkits – grants unauthorised access to systems in the form of
fraudulent access privilege without the victim's knowledge.
• Trojan viruses – slips under a network's radar by hitchhiking on other
software and provides hackers with unprecedented access to systems.
• Spyware – gathers information on how devices are used by their
owners
• Ransomware-encrypts files within infected systems and holds them for
ransom, forcing victims to pay for a decryption key to unlock the data
 Phishing Attacks
• Phishing attacks are scams where hackers disguise
themselves as a trusted entity and attempt to gain access
to networks and steal personal information, such as
credit card details.
• Phishing scams take the form of emails, text messages,
or phone calls.
• Similar to rogue security software, phishing attacks are
designed to appear legitimate. This encourages victims to
click on malicious links or download malware-laden
attachments
 Viruses
• Computer viruses are commonly attached to
downloadable files from emails or websites.
• Once you open the file, the virus exploits vulnerabilities
in software to infect a computer with malicious code to
disrupt network traffic, steal data, and more.
• Unlike worms, viruses cannot infect systems until the
host (the file) is opened. Worms can infect networks as
soon as they enter a business's IT infrastructure
 IT Infrastructure
• Backing up dataProtection
and files.
• Investing in comprehensive cyber security awareness
training for you and your team.
• Promoting a work environment that values application
security and safe practices.
• Installing anti-malware solutions, such as next-
generation firewalls.
• Restrict access to your network's security controls for
authorised personnel only.
• Upgrade devices and secure your endpoints with multi-
factor authentication, strong passwords, etc
Network Security Design
Access Management
• With access management, also known as access control, network
access will be granted only to designated users. By having closed
environments and limited access, bad actors have fewer
loopholes to exploit.
• Access management also controls which parts of a network a
user can enter. By limiting users’ access to only the network
areas and resources they need to complete their job, threats
from within an organization diminish. Security is easier to control
when users have access only to the areas and resources that are
relevant to them
Security Monitoring
• Security monitoring consists of a team of cybersecurity experts
monitoring your network continuously. They look over software,
online use, endpoints, and other systems for any threats.
• This kind of monitoring also finds patterns in users’ behaviors. A
precedent for users’ patterns makes it easier to identify when
irregularities occur, which can be a sign of malicious activity
Firewalls
• Firewalls are gates set up to filter data passing between
your network and the internet. A firewall can manage
incoming and ongoing traffic, making sure no malware or
unwanted data enters your system.
• Firewalls can have predetermined rules and policies,
making them one of the most important types of network
security
Anti-Malware Software
• Anti-malware software, such as antivirus programs, is one
of the better-known network security measures. This
software keeps environments secure by monitoring,
scanning for, and removing malware.
• Malware may destroy or steal sensitive data, or lie dormant
to later create backdoor access for hackers.
560 thousand new malware programs are found per day in
Application Security
• A healthy network will have several applications to complete
different tasks. Applications can become outdated, have
glitches in their code, or be configured without security in
mind.
• By keeping programs and devices up-to-date, and establishing
parameters to use those applications, your network security
will be enhanced.
Data Risk Management
• 79% of employees engage in risky data management behavio
rs
• As the amount of data that businesses handle increases, it
becomes harder to manage this data and keep it secure. Also,
data breaches can cause losses; not only monetary, but also of
productivity, downtime, and company reputation.
• Businesses with strong data risk management ensure
employees are trained to avoid scams, device access to their
Email Security
• Phishing is a technique used by cybercriminals in which they pose
as trusted figures in order to receive sensitive data. Although it
sounds simple, phishing has been honed to deceive users into
giving up their data.
316,747 phishing attacks were detected in December 2021
• Phishing tactics have improved as attacks increase with the rise of
remote work and lack of proper training. Monitoring suspicious
emails as well as training employees to increase cybersecurity
literacy can help mitigate the risks created by email scams.
Security Information and Event Management (SIEM)
• SIEMs are network intrusion detection systems. SIEMs can monitor
traffic, data and log activity, suspicious activity, policy violations,
and more. This type of network security method gives
administrators and IT teams a real-time status view of a network.
• There are different SIEM tools designed for businesses of all sizes.
Having a SIEM is also a sign that your organization prioritizes
cybersecurity
Backup and Disaster Recovery (BDR)
• Human error, natural disasters, crashes, and attacks should be
accounted for. The backup side of BDR ensures important and
sensitive data can be restored in case it is lost. Disaster recovery
includes not only data backup, but also accounts, programs, and
system recovery solutions.
• Backup and disaster recovery solutions are often unique to a
business. Assessing for risks, implementing guidelines, and planning
for a disaster are a critical network security measure.
Endpoint Security
• Endpoints are personal or company devices such as computers,
mobile devices, printers, wearable tech, and beyond that are
connected to a network. The increased use of personal devices by
employees means there are more targets vulnerable to a breach.
• Endpoint security entails malware protection, email decryption, web
security, two-factor authentication, and other solutions to ensure
bad actors do not exploit these devices. Education on device
protection, such as not leaving devices in areas where they could get
damaged or stolen, should also be accounted for
• Virtual Private Network (VPN)
• An encrypted connection from a network to devices, a virtual
private network (VPN), helps transmit data securely. A VPN
also blocks access to unauthorized people in your network
traffic. VPNs can allow remote work to be conducted securely.
• VPNs are used in personal as well as company settings. This
network security tool ensures privacy as well as security.
Web Security
• This security measure consists of software, policies, and
more to protect networks from unsafe web use. The final
item in our list, this simple measure is critical to business
continuity.
• Web security works by blocking user access to sites that may
contain malware. These tools also monitor website traffic to
block any traffic that is outside company policies or poses a
threat to the network.
 Challenges of network
security
• Evolving network attack method; threat actors and their
methods constantly change as technology changes. new
technology, such as blockchain, has led to new types of
malware attacks, such as cryptojacking
• User adherence; difficult by organizations to ensure users
adhere to network security best practices
• Remote and mobile access; bring your own device (byod)
and remote access policies meant to aid flexibility use of
network access may result to wireless security issues
• Third-party partners; cloud providers, managed security
services and security product vendors often get access to
an organization's network, opening new potential
vulnerabilities