UNIT-7

Network Security
7.1 Introduction to Network security

Network security is the practice of protecting computer networks and their components,
including hardware, software, and data, from unauthorized access, use, or destruction. Network
security aims to ensure the confidentiality, integrity, and availability of network resources and
data.

Network security includes a range of measures and technologies that are used to protect
networks, such as firewalls, intrusion detection and prevention systems, antivirus and anti-
malware software, virtual private networks (VPNs), and encryption. It also involves
implementing security policies and procedures, such as access control, authentication, and
network segmentation, to prevent unauthorized access and mitigate the risks of cyber attacks and
other security threats.

7.2 Types of network security

There are several types of network security measures that can be implemented to protect
computer networks and their components. Here are some of the most common types of network
security:

1. Access control: Access control measures are used to limit and control access to network
resources, such as data and applications, based on user identity and role. This includes
authentication (verifying the identity of users) and authorization (determining what
resources users are allowed to access).
2. Firewall: A firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. Firewalls can be
hardware or software-based and can be configured to block or allow specific types of
traffic.
3. Antivirus and anti-malware: Antivirus and anti-malware software is used to detect and
remove viruses, malware, and other malicious software from networks and devices.
4. Encryption: Encryption is the process of encoding data in a way that makes it unreadable
to anyone who does not have the appropriate key or password. Encrypted data can only
be read by someone with the decryption key.
5. Virtual private network (VPN): A VPN is a secure, encrypted connection between two or
more devices or networks over the internet. VPNs are commonly used to connect remote
workers to corporate networks or to access restricted content on the internet.
6. Intrusion detection and prevention: Intrusion detection and prevention systems (IDPS) are
used to monitor network traffic for signs of unauthorized access or attacks. They can be
configured to automatically block or alert administrators to potential threats.
7. Network segmentation: Network segmentation involves dividing a network into smaller
sub-networks, which can be more easily managed and secured. Segmentation can help
limit the spread of malware and other attacks across a network.
7.2.1 Firewall Protection

Firewall protection is a type of network security measure that controls and monitors incoming
and outgoing network traffic based on predetermined security rules. Firewalls are used to protect
networks from unauthorized access, viruses, malware, and other cyber threats.

A firewall can be either a hardware or software-based solution. Hardware firewalls are usually
standalone devices that sit between the network and the internet. Software firewalls, on the other
hand, are installed on individual devices and can be configured to monitor and control network
traffic on that device.

Firewalls operate on a set of rules that are defined by the network administrator. These rules
determine what types of traffic are allowed to pass through the firewall and what types are
blocked. For example, a firewall may be configured to block all incoming traffic from specific IP
addresses or to only allow incoming traffic on specific ports.

Firewalls can be configured to operate in different ways, including:

1. Packet filtering: This method examines each packet of data that passes through the
firewall and filters out any packets that do not meet the predetermined security rules.
2. State-full inspection: This method examines the state of each network connection and
only allows traffic that is part of an established connection or is permitted by the security
rules.
3. Application-layer filtering: This method examines the contents of data packets and can
block specific types of traffic based on the application that is generating the traffic.

Firewalls are an essential part of network security and are commonly used in both home and
business networks. However, firewalls should not be relied upon as the sole means of network
security. Other measures, such as antivirus software, intrusion detection and prevention systems,
and regular security updates, should also be implemented to provide comprehensive network
security.

7.2.2 Email security

Email security is the practice of protecting email messages and the data they contain from
unauthorized access, use, or disclosure. Email security aims to ensure the confidentiality,
integrity, and availability of email messages, as well as to prevent the spread of spam, viruses,
and other malicious content.

Here are some common email security measures:

1. Email encryption: Email encryption is the process of encoding email messages in a way
that only authorized recipients can read them. Encryption can prevent sensitive
information from being intercepted and read by unauthorized individuals.
2. Strong passwords: Strong passwords are an essential part of email security. Users should
choose complex passwords that are difficult to guess and change them regularly.
 3. Multi-factor authentication: Multi-factor authentication (MFA) is an additional layer of
security that requires users to provide more than one form of authentication to access
their email accounts. This can include a password and a security token or biometric data.
4. Anti-virus and anti-malware software: Anti-virus and anti-malware software can protect
email accounts from viruses, malware, and other malicious content. Users should keep
their software up to date and run regular scans to detect and remove any threats.
5. Spam filters: Spam filters can prevent unwanted or malicious emails from reaching users'
inboxes. Users should configure their spam filters to block unsolicited emails and
suspicious content.
6. Phishing protection: Phishing is a type of cyber attack that involves tricking users into
revealing sensitive information, such as passwords or credit card numbers. Users should
be aware of common phishing scams and should not click on suspicious links or provide
personal information to unknown sources.

Email security is critical for both individuals and businesses, as email is a common target for
cyber attacks. Implementing these measures can help prevent unauthorized access, data breaches,
and other security threats.

7.2.3 Anti-virus and Anti-malware software

Anti-virus and anti-malware software are types of computer programs that are designed to detect,
prevent, and remove viruses, malware, and other malicious software from a computer system.
These software programs are an essential part of computer security and are used to protect
against a wide range of threats, including viruses, worms, Trojans, spyware, adware, and
ransom-ware.

Anti-virus and anti-malware software use a variety of techniques to protect computer systems,
including:

1. Scanning: These programs scan computer systems and devices for known viruses,
malware, and other malicious software. They can also perform real-time scans of
incoming data to detect and prevent threats as they are introduced.
2. Quarantine: When a virus or malware is detected, the software can quarantine the file or
program, isolating it from the rest of the system to prevent it from spreading or causing
harm.
3. Removal: If a virus or malware is found, the software can remove it from the system or
device.
4. Signature detection: Anti-virus and anti-malware software use signature detection to
identify known viruses and malware. These signatures are updated regularly to ensure
that the software can detect the latest threats.
5. Behavioral analysis: Some anti-virus and anti-malware software use behavioral analysis
to detect new and unknown threats. They monitor the behavior of programs and files to
detect suspicious activity that may indicate the presence of malware.
6. Real-time protection: Some anti-virus and anti-malware software can provide real-time
protection by monitoring network traffic, emails, and file downloads for potential threats.
It is important to keep anti-virus and anti-malware software up to date to ensure that it can detect
and protect against the latest threats. Users should also exercise caution when downloading files
or opening emails from unknown sources, as these are common ways that viruses and malware
can be introduced into a system.

7.2.4 Virtual Private Network

A Virtual Private Network (VPN) is a technology that allows users to create a secure and private
connection to a public network, such as the internet. VPNs are used to provide a secure and
encrypted connection between two or more devices, allowing users to send and receive data over
a public network as if they were connected to a private network.

VPNs work by encrypting all data that is sent and received over the internet, making it more
difficult for hackers and other third parties to intercept and read the data. VPNs also allow users
to access resources on a private network, such as files or applications, from a remote location.

Here are some common uses of VPNs:

1. Remote work: VPNs are commonly used by remote workers to access company
resources, such as email and files, from a remote location.
2. Public Wi-Fi security: VPNs can provide a secure connection when using public Wi-Fi
networks, which are often unsecured and can be vulnerable to hackers.
3. Geo-restriction bypass: Some websites and services are only available in certain
countries. VPNs can be used to bypass these geo-restrictions and access content from
anywhere in the world.
4. Online privacy: VPNs can provide an additional layer of privacy by masking the user's IP
address and location from websites and other online services.

There are many different VPN providers available, and users should choose a provider that offers
strong encryption, fast connection speeds, and a wide range of server locations. It is important to
note that VPNs are not foolproof and can still be subject to security vulnerabilities, so users
should always exercise caution when using public networks and accessing sensitive information
over the internet.

7.2.4 Network Access control

Network Access Control (NAC) is a security technology that controls access to network
resources and ensures that only authorized users and devices can access a network. NAC is
designed to prevent unauthorized access to a network and protect against security threats such as
malware, viruses, and hackers.

Here are some common components of NAC:

1. Authentication: NAC requires users and devices to authenticate before gaining access to
the network. This can include username and password authentication, biometric
authentication, or security tokens.
 2. Authorization: Once a user or device has been authenticated, NAC checks to see if they
are authorized to access the network. This can include checking the user's role, group, or
department.
3. Endpoint security: NAC ensures that devices connecting to the network meet certain
security requirements, such as having up-to-date anti-virus software or operating system
patches.
4. Network segmentation: NAC can segment a network into different zones or virtual LANs
(VLANs), each with its own access policies and security controls.
5. Monitoring and reporting: NAC can monitor network activity and generate reports on
user and device activity, such as who accessed the network and when.

NAC is commonly used in enterprise environments to ensure that only authorized users and
devices can access sensitive network resources. It can also be used to enforce compliance with
security policies and regulations, such as HIPAA or PCI-DSS.

There are many different NAC solutions available, ranging from standalone software to
integrated network security solutions. NAC should be considered as part of a comprehensive
security strategy, along with other security measures such as firewalls, anti-virus software, and
intrusion detection systems.

Authentication, Authorization, and Accountability, commonly known as the "Three A's of

Security," are three critical components of information security. These components work
together to ensure that only authorized individuals have access to sensitive information and that
any unauthorized access or activity is tracked and monitored.

1. Authentication: Authentication is the process of verifying the identity of a user or device

attempting to access a system or network. Authentication methods can include
passwords, security tokens, biometric scans, and other forms of verification. The goal of
authentication is to ensure that only authorized users are granted access to sensitive
information or systems.
2. Authorization: Authorization is the process of determining what actions a user or device
is allowed to perform after being authenticated. This can include restricting access to
certain files, systems, or network resources based on user roles, groups, or other criteria.
The goal of authorization is to ensure that only authorized users are allowed to access
sensitive information or systems, and that they are only able to perform authorized
actions.
3. Accountability: Accountability is the process of tracking and monitoring user and device
activity to ensure that any unauthorized access or activity is detected and recorded. This
can include monitoring user activity logs, tracking system changes, and auditing access to
sensitive data. The goal of accountability is to ensure that any security incidents or
breaches can be detected and investigated quickly, and that appropriate action can be
taken to prevent similar incidents in the future.

Together, authentication, authorization, and accountability provide a strong framework for

ensuring the security of sensitive information and systems. By implementing these components
as part of a comprehensive security strategy, organizations can reduce the risk of data breaches
and other security incidents, and protect their valuable assets and reputation.

7.3 Common Network Security Threats

Network security threats are constantly evolving and becoming more sophisticated. Here are
some common network security threats that organizations and individuals may face:

1. Malware: Malware is any type of software that is designed to damage, disrupt, or gain
unauthorized access to a computer system or network. This includes viruses, worms,
trojans, and ransomware.
2. Phishing: Phishing is a type of social engineering attack where attackers attempt to trick
users into revealing sensitive information, such as usernames, passwords, and credit card
numbers, by posing as a trustworthy entity.
3. Man-in-the-middle attacks: In a man-in-the-middle attack, an attacker intercepts
communication between two parties and can potentially eavesdrop, modify, or steal
information being transmitted.
4. Denial-of-service (DoS) attacks: A DoS attack is an attempt to disrupt the normal
functioning of a network or server by flooding it with traffic, rendering it unable to
respond to legitimate requests.
5. SQL injection: SQL injection is a type of attack that targets the databases of web
applications by injecting malicious SQL commands into input fields.
6. Zero-day exploits: Zero-day exploits are vulnerabilities in software or hardware that are
unknown to the vendor and can be exploited by attackers before a patch or fix is released.
7. Insider threats: Insider threats refer to attacks that are perpetrated by employees,
contractors, or other insiders with access to sensitive information or systems.
8. Advanced persistent threats (APTs): APTs are long-term, targeted attacks that are carried
out by skilled and well-funded attackers with the goal of stealing sensitive information or
disrupting operations.

To protect against these and other network security threats, organizations and individuals should
implement a variety of security measures, such as firewalls, anti-virus software, encryption,
multi-factor authentication, and regular security updates and patches. It is also important to stay
vigilant and educate employees and users about common security risks and best practices.

7.3.1 Virus

A virus is a type of malicious software (malware) that is designed to replicate itself and spread
from one computer to another. Once a virus infects a computer, it can cause a range of problems,
such as slowing down the computer, damaging files, stealing personal information, or allowing
unauthorized access to the computer or network.

Here are some common types of viruses:

 1. File infectors: These viruses attach themselves to executable files, such as .exe files, and
can spread when the infected file is opened or executed.
2. Boot sector viruses: These viruses infect the boot sector of a hard drive or floppy disk and
can spread when the infected device is booted.
3. Macro viruses: These viruses infect documents, such as Microsoft Word or Excel files,
that contain macros, which are small programs that automate tasks. When an infected
document is opened, the virus can spread to other documents or to the computer's system
files.
4. Worms: Worms are similar to viruses in that they can replicate themselves and spread
from one computer to another, but they do not require a host file to infect.
5. Trojan horses: Trojan horses are programs that appear to be legitimate but contain hidden
malicious code. They can be used to steal information, open backdoors for attackers, or
launch other types of attacks.

To protect against viruses, it's important to use up-to-date antivirus software, be cautious when
downloading or opening files, and avoid clicking on suspicious links or attachments. Regularly
backing up important data can also help minimize the impact of a virus infection.

7.3.2 Trojan horse

A Trojan horse, or simply "Trojan", is a type of malware that is designed to look like a
legitimate software or file, but when executed, it can cause harm to the computer system or steal
sensitive information.

The name "Trojan horse" is derived from the ancient Greek story in which Greek soldiers used a
wooden horse to infiltrate the city of Troy. Similarly, a Trojan horse appears harmless or
beneficial on the surface, but it actually contains malicious code that can damage or compromise
the computer system.

Once a Trojan is installed on a computer, it can perform a variety of malicious activities, such as
stealing passwords, logging keystrokes, taking screenshots, accessing personal files, and even
using the infected computer to launch further attacks on other systems.

To protect your computer from Trojan horses, it is recommended to install reputable antivirus
software and keep it up-to-date. Additionally, avoid downloading and executing files or software
from untrusted sources and be cautious of suspicious emails or links that may contain malicious
content.

7.3.3 Computer Worm

A computer worm is a type of malware that replicates itself and spreads across computer
networks by exploiting vulnerabilities in software or operating systems. Worms are self-
contained programs that can travel from computer to computer without the need for a host file or
user intervention.
Unlike viruses, which require a host file to infect, worms can spread themselves independently
and can consume significant amounts of network bandwidth, potentially causing network
slowdowns or crashes.

Once a worm infects a computer, it can perform a variety of malicious activities, such as stealing
sensitive information, deleting or corrupting files, and even using the infected computer to
launch further attacks on other systems.

To protect your computer from worms, it is recommended to keep your software and operating
system up-to-date with the latest security patches, use reputable antivirus software, and avoid
opening suspicious emails or attachments. Additionally, it is important to exercise caution when
downloading and installing software from un-trusted sources, as worms may be bundled with
such software.

7.3.4 Phishing Attacks

Phishing attacks are a type of cyber attack that use social engineering techniques to trick
individuals into revealing sensitive information, such as usernames, passwords, or credit card
details.

Phishing attacks typically involve the creation of a fake website or email that appears to be from
a legitimate source, such as a bank or social media website. The attacker will often use a sense of
urgency or fear to prompt the user to click on a link or download an attachment, which then leads
to a fake login page or form that captures the user's credentials or personal information.

Phishing attacks can be conducted via email, social media, instant messaging, or even by phone,
and they often target large groups of people in order to increase the likelihood of success.

To protect yourself from phishing attacks, it is important to be vigilant and exercise caution
when receiving unsolicited emails or messages. Be suspicious of any requests for personal or
sensitive information, and always verify the authenticity of a website or message before entering
any personal information. Check the URL of the website to make sure it matches the legitimate
website and look for any spelling or grammatical errors, which can be telltale signs of a fake
website. Additionally, you can use anti-phishing software and two-factor authentication to add an
extra layer of security to your online accounts.