TOPIC 9: NET WORK

SECURITY
BY the end of the chapter ,the trainee should be
able to:
 Describe network security
 Explain importance of network security
 Explain security techniques
 Explain how to deal with security threats and
other network vulnerabilities
 Network security
Network security consists of the
policies adopted to prevent and
monitor authorized access,
misuse, modification, or denial of a
computer network and network-
accessible resources.
Network security involves the
authorization of access to data in a
network, which is controlled by the
network administrator
Importance Of Network Security
For Business Organization:
1. To Protect Company’s Assets- This can
be considered as the primary goal of
securing the computers and computer
networks.
2. To Comply with Regulatory Requirements
and Ethical Responsibilities- It is the
responsibility of every organization to develop
procedures and policies addressing the
security requirements of every organization
3. For Competitive Advantage- Developing
an effective security system for networks
will give the organization a competitive edge
Infrastructure security -is the practice of
protecting critical systems and assets against
-physical and cyber threats

Information security protects sensitive

information from unauthorized activities,
including inspection, modification, recording,
and any disruption or destruction. The goal is
to ensure the safety and privacy of critical
data such as customer account details,
financial data or intellectual property.
Data, Vulnerabilities, and Countermeasures
Although viruses, worms, and hackers
monopolize the headlines about
information security, risk management
is the most important aspect of
security architecture for administrators.
A less exciting and glamorous area, risk
management is based on specific
principles and concepts that are
related to asset protection and security
management.
An asset- is anything of value to an
organization. By knowing which assets you are
trying to protect, as well as their value,
location, and exposure, you can more
effectively determine the time, effort, and
money to spend in securing those assets.
A vulnerability -is a weakness in a system or
its design that could be exploited by a threat.
A threat- is any potential danger to assets
A risk- is the likelihood that a particular threat
using a specific attack will exploit a particular
vulnerability of a system that results in an
undesirable consequence.
An exploit happens when computer code is
developed to take advantage of a
vulnerability. For example, suppose that a
vulnerability exists in a piece of software, but
nobody knows about this vulnerability.
Although the vulnerability exists theoretically,
there is no exploit yet developed for it.
Because there is no exploit, there really is no
problem yet.
A countermeasure -is a safeguard that
mitigates a potential risk. A countermeasure
mitigates risk either by eliminating or
reducing the vulnerability or by reducing the
likelihood that a threat agent will be able to
exploit the risk.
 Network Vulnerabilties
Malware, short for malicious software, such as
Trojans, viruses, and worms that are installed
on a user’s machine or a host server.
Social engineering attacks that fool users into
giving up personal information such as a
username or password.
Outdated or unpatched software that exposes
the systems running the application and
potentially the entire network.
Misconfigured firewalls / operating
systems that allow or have default policies
enabled
 Security techniques

1. MAC Address
2. Authentication
3. Firewall
4. Physical Security
5. Encryption
 1. Encryption
Wi-Fi Protected Access (WPA)
WPA encrypts information, and checks to
make sure that the network security key
has not beenmodified.
WPA also authenticates users to help ensure
that only authorized people can access the
network.
Circumstances when encryption is
used in network as a security method
1.when to protect private information, sensitive
data
2. when to enhance the security of
communication between client apps and
servers.
3.When you want to convert human readable
text(plain text)
To cyper text
There are two types of WPA authentication:
WPA and WPA2.
WPA is designed to work with all wireless
network adapters, but it might not work
with older routers or access points.
WPA2 is more secure than WPA, but it
will not work with some older network
adapters.
WPA is designed to be used with an 802.1X
authentication server, which distributes
different keys to each user. This is referred to
as WPA-Enterprise or WPA2-Enterprise.It can
also be used in a pre-shared key (PSK) mode,
where every user is given the same
password. This is referred to as WPA-
What is cryptography?
Cryptography is a method of protecting
information and communications through the
use of codes, so that only those for whom the
information is intended can read and process
it.
There are three types of cryptography:
1. Symmetric key cryptography.
2. Asymmetric key cryptography.
3. Hash Function.
cryptography
 Symmetric Key Cryptography
Symmetric key cryptography is also known as
secret-key cryptography, and in this type of
cryptography, you can use only a single key.
The sender and the receiver can use that
single key to encrypt and decrypt a message.
Because there is only one key for encryption
and decryption, the symmetric key system
has one major disadvantage: the two parties
must exchange the key in a secure manner
 Asymmetric Key Cryptography
Asymmetric key cryptography is also known
as public-key cryptography, and it employs
the use of two keys. This cryptography
differs from and is more secure than
symmetric key cryptography. In this
system, each user encrypts and decrypts
using two keys or a pair of keys (private
key and public key). Each user keeps the
private key secret and the public key is
distributed across the network so that
anyone can use those public keys to send a
message to any other user. You can use any
of those keys to encrypt the message and
can use the remaining key for decryption.
Applications of Cryptography
Confidentiality: Cryptography allows users to
store encrypted data, avoiding the major flaw
of hacker circumvention.
Non-repudiation: The creator/sender of
information cannot later deny his intent to send
information.
Authentication: Helps to authenticate the
sender and receiver’s identities along with the
destination and origin of the information.
Integrity: Information cannot be altered during
storage or in transit between the sender and
the intended receiver without any addition to
the information being detected
2. MAC Address
A Media Access Control address is a
unique identifier assigned to network
interfaces for communications on the
physical network segment. Can be
described as Ethernet hardware
address (EHA), hardware address or
physical address. It is assigned by the
manufacturer of a network interface
card (NIC) and are stored in its
hardware, the card's read-only memory,
or some other firmware mechanism
The advantage to MAC filtering is that there is
no attachment cost to devices that connect to
the network. The policy is set on a router or
switch, and the equipment attached either is
permitted or it is not. The person attaching
the equipment has nothing to do.

The disadvantage to MAC filtering is that it is

easy to spoof due to the broadcast nature of
LAN and WLAN, an advisory can sit on the
wire and just listen to traffic to and from
permitted MAC
addresses. Then, the advisory can change
his MAC address to a permitted one, and in
most cases obtain access to the network.
 3.Authentication
One-factor authentication – this is ―something a
user knows.‖ The most recognized type of one-
factor authentication method is the password.
Two-factor authentication – in addition to the first
factor, the second factor is ―something a user
has.‖ Examples of something a user has are a device
that generates a pre-determined code, a signed digital
certificate or even a bio-metric such as a fingerprint.
Three-factor authentication – in addition to the
previous two factors, the third factor is something
a user is.‖ Examples of a third factor are all bio-metric
such as the user‘s voice, hand
configuration, a fingerprint, a retina scan or similar.
The advantage of using a 3 factor
authentication is that it's made reassuringly
sure that the person who is authenticating is
the person who is authenticating through
multiple layers of security.

The disadvantage is that there is a possibility

that the person trying to authenticate loses
first or the second authentication, the process
can also take time.
Network authentication methods
Password-based authentication
Two-factor authentication
Multi-factor authentication
Biometrics authentication
Certificate-based authentication
 4. Firewall
 Its primary objective is to control the incoming and outgoing network
traffic by analyzing the data packets and determining whether it
should be allowed through or not, based on a predetermined rule set.
It may be hardware or software.

 The advantage of a firewall is that the user can monitor incoming and
outgoing security alerts and the firewall company will record and
track down an intrusion attempt depending on the severity. Some
firewalls can detect viruses, worms, Trojan horses, or data collectors.

 The disadvantage of firewalls is that they offer weak defense from

viruses so antiviral softwareand an IDS (intrusion detection system)
which protects against Trojans and port scans should also
complement your firewall in the layering defense. A firewall
protection is limited once you have an allowable connection open.
This is where another program should be in place to catch
Trojan horse viruses trying to enter your computer as unassuming
normal traffic.
 Types of firewalls

1. Packet Filtering Firewalls

2. Circuit-Level Gateways
3. Stateful Inspection Firewalls
4. Application-Level Gateways
(Proxy Firewalls)
Packet filtering firewall- is a firewall technique used
to control network access by monitoring outgoing and
incoming packets and allowing them to pass or halt
based on the source and destination Internet Protocol
(IP) addresses, protocols and ports.
A circuit-level gateway- is a firewall that provides User
Datagram Protocol (UDP) and Transmission Control
Protocol (TCP) connection security, and works between
an Open Systems Interconnection (OSI) network model's
transport and application layers such as the session layer
Stateful Inspection Firewall-a technology that
controls the flow of traffic between two or more networks
. SI Firewalls track the state of sessions and dropping
packets that are not part of a session allowed by a pre-
defined security policy.
Application-Level Gateways (Proxy Firewalls- is a
network security system that protects network resources
by filtering messages at the application layer
5. Physical Security
Something that is physically in the way of
someone breaking into a system. E.g. a
door, or walls, or security guards.
Physical network security threats
1. Hardware theft
2. Greater access to passwords
3. Damaged equipments
4. Natural disaster
5. Unstable power supply
Security threats and other
network vulnerabilities
Types of Network Attacks
There are four primary types of attacks, they
are:
i. Reconnaissance
ii. Access
iii. Denial of Service
iv. Worms, Viruses, and Trojan Horses
1. Reconnaissance
Reconnaissance attack is a kind of information
gathering on network system and services.
This enables the attacker to discover
vulnerabilities or weaknesses on the network.
It could be likened to a thief surveying through
a car parking lot for vulnerable – unlocked -
cars to break into and steal.
Reconnaissance attacks can consist of:
a. Internet information lookup
b. Ping sweeps
c. Port scans
d. Packet sniffers
2. Network Access Attacks
Technology is forever evolving, so is hacking! It
might come as a surprise to many that, as one
wakes up in the morning and prepares for work,
gets to the office and spends nine to twelve
hour working; the same way a professional
hacker spends all day modifying hacking
techniques and looking for networks to exploit
Types of access attacks
1. Password attack
2. Trust Exploitation
3. Port Redirection
4. Man-in-the middle attack
3. Denial of Service (DoS) Attacks
DoS attack prevents authorized users from
using services by consuming system
resources. Most times DoS attack is regarded
as trivial but in a sense it is a consequentially
threat. DoS can causempotential damage to
networks. Not only are they easy to execute,
but its among the most difficult to eliminate.
DoS attacks deserve special attention from
network security administrators
4. Malicious Code Attacks
 Worm, Virus, and Trojan horse attacks constitute a potential threat to
end-user workstations.
 Worms
 A worm executes code and installs copies of itself in the memory of
the infected computer,
 which can, in turn, infect other hosts on the network. The structure of
a worm attack is as
 follows:
  Creating loopholes- A worm installs itself by exploiting
known vulnerabilities in
 systems, such as naive end users who open unverified attachments in
e-mails.
  Parasitic ability- After gaining access to a host, a worm
copies itself to that host andn then selects new targets.
  Payload-Once a host is infected with a worm, the attacker
has access to the host, often as
 an authorised user. Attackers could use a local exploit to escalate their
privilege level to administrator
Advantages of using antivirus security in
computers which are networked
Virus Protection
Spyware Protection
Web Protection
Spam Protection
Firewall Feature
Cost-Effective
 Ways of controlling internet
abuse in work place
 Monitor Everything.
 Restrict Staff Access to Streaming Services.
Restrict Access to the Wireless Network.
Temporarily Stop Offsite Data Backups & Cloud
Syncing.
 Establish an Internet Usage Policy.
Block social media at working hours
Block betting sites