NETWORK SECURITY

Definition of network security

Network security is the security provided to a network from unauthorized access and risks. It is
the duty of network administrators to adopt preventive measures to protect their networks from
potential security threats.

Computer networks that are involved in regular transactions and communication within the
government, individuals, or business require security.

Network security is any activity designed to protect the usability and integrity of your network
and data.

• It includes both hardware and software technologies

• It targets a variety of threats

• It stops them from entering or spreading on your network

• Effective network security manages access to the network

Goal of Network Security

Network security is not only concerned about the security of the computers at each end of the
communication chain; however, it aims to ensure that the entire network is secure.

Network security entails protecting the usability, reliability, integrity, and safety of network and
data. Effective network security defeats a variety of threats from entering or spreading on a
network.

The primary goal of network security are Confidentiality, Integrity, and Availability. These
three pillars of Network Security are often represented as CIA triangle. The other goals include
non-repudiation and privacy

Confidentiality. The function of confidentiality is to protect precious business data from

unauthorized persons. Confidentiality part of network security makes sure that the data is
available only to the intended and authorized persons.
Integrity. This goal means maintaining and assuring the accuracy and consistency of data. The
function of integrity is to make sure that the data is reliable and is not changed by unauthorized
persons.

Availability. The function of availability in Network Security is to make sure that the data,
network resources/services are continuously available to the legitimate users, whenever they
require it.

Non-repudiation- Assurance that actions can be traced back to the person who executed them.
This means that no one can reject responsibility of actions that they Assurance that the sender of
information is provided with proof of delivery and the recipient is provided with proof of the
sender’s identity, so neither can later deny having processed the information. Have done in a
network. For example think of a sender and receiver of a message in a network , non repudiation
then provides Assurance that the sender of information is provided with proof of delivery and the
recipient is provided with proof of the sender’s identity, so neither can later deny having
processed the information.

Privacy- guides on how personal information is collected, stored, used or shared without the
consent of the person concerned. Privacy is subjective and thus privacy policies may differ
among jurisdictions.

Network Threats

Network security threats are a growing problem for people and organizations the world over,
and they only become worse and multiply with every passing day.

Network security threats can be grouped into two primary categories namely;

1. Internal threats
2. External threats

Internal Threats

These refers to threats that come from within the organization. The threats can be as a result of
intentional and malicious activities by network users or as a result of inadvertent activities. The
nature of network components used to include both software and hardware may also be a source
of internal security threats.

Organizational policies pertaining to the usage of network by people within the organization can
as well have some loop holes which may definitely result to internal security threats.

Internal threats also known as insider attacks have been reported in so many cases and thus it
forms one of the most notorious cybercrimes. In some cases, insiders conspire with outsiders to
attack an organizations network.

The following are the possible internal threats that affect your organization:

1. Weak access control:

Weak access control means the system is very weedy in a 3A (Authentication, Authorization,
Accounting) security model and security process that controls use of particular assets inside of a
predefined criterion.
Security Measure:

• Strong password system with sufficient length to expand the difficulty it takes to split the
password and they should be stored in the encrypted format.
• Making strong access control model policies (confidentiality, accountability, and integrity).

2. Privilege Access abuse:

Employees who have extensive access to your network system, including IT staff members, can
pose a significant threat to your network security. In fact, studies show that employees with
privileged access are most often behind corporate cyberattacks since they have the expertise and
necessary permission status. A disgruntled IT employee, for example, could choose to plant
malware before leaving the company, just as IT programmer Roger Duronio did in 2006 at an
investment bank he worked for. Or perhaps an employee plugs a wireless router into an open
Ethernet port, giving himself and others nearby wireless access to the company network.
Remedy — First, businesses need to perform thorough background checks before they issue
privileged credentials, and special credentials should only go to specific trusted personnel.
Additionally, terminated employees should be denied network access immediately. And, of
course, network-security solutions should be utilized to protect user accounts and endpoints from
attacks.

3. Lack of physical Security:

Your business should also establish a clear plan for the physical security of your building and
network. All components of your network infrastructure should be secured inside cabinets or
behind locked doors. Ethernet ports should never be visible or should be disconnected if unused,
especially in areas that are open to the public. Wireless access points should also be hidden
away.

4. Use of weak passwords

Where members of an organization use weak passwords or passwords that are easy for one to
guess then they expose the organization’s network to security threats such as Brute force attack.

Brute force attack is where an attacker guesses the password a number of times until they get it
right.

Recommendations: The organization should establish a password policy that requires users to use
strong passwords or even other features such as biometrics to access their user accounts in an
organization’s network, especially in the case of a wireless WAN or MAN or CAN.

5. Masquerading

This is also known as identity theft. This is where a person pretends to be another person and
uses the identity of that person to access unauthorized resources. Example: A junior staff in an
organization such as a secretary may easily access the computer of a finance officer and use it to
perform malicious activities while masking as the finance officer.

Recommendations: There should be proper authorization and authentication mechanisms such as

three-factor authentication to prevent this. E,g the one used by equity bank self-service portal.
System threats

The threat that harm physical equipment, hardware and system of organization is system threat.

The possible system threats to organizations are:

1. Equipment failure:
Equipment failure refers to any occasion in which any equipment can't complete its intended task
or reason. It can also mean that the hardware has stopped working.

This may also include factors such as network software failure, poorly updated or patched
software.
Security Measure:

• Regularly checking and maintenance of the physical equipment.

2. Power fluctuation:
It refers to power surges and spikes which causes the electronic equipment to fail.
Security Measure:

• Proper wiring and grounding of electronic equipment.

• Installing surge protector.

External threats

A threat that originating outside the organization or institution to the intention of damage or
steal confidential information of that organization.

The possibly external threat for organization are listed below.

1. Malicious threat:
Malicious threat include Computer viruses, Trojan, worm and spyware. It is code or software
that is particularly intended to damage, steal, disrupt, or as a rule inflict some other "terrible" or
illegitimate activity on information, hosts, or network.
Security measure:
• Install antivirus software into the system and download updates to ensure that software has the
latest fixes for new viruses, Trojans, worms and bots.
• Ensure that antivirus software can scan email and the all the files downloaded from the internet.

2. DOS attack:
A Denial-of-Service (DOS) attack is an attack intended to close down a machine or network,
making it unavailable to its intended users. It achieves that by overwhelming a network with
unnecessary traffic.
Security Measure:

• Using Over-provisioning brute force defense.

• Configuring windows firewall and IP access lists.

3. Eavesdropping:
Eavesdropping refers to the unauthorized monitoring of other people’s communications. It can
be conducted on ordinary telephone systems, emails, instant messaging or other Internet services.
Security Measure: An electronic search of the radio frequency (RF) spectrum to detect any
unauthorized emanations from the area being examined.
Use encrypted data using data transmission or conversation.
4. Data breaches:
A data breach is an occurrence in which sensitive, secured or confidential data has potentially
been seen, stolen or utilized by an individual unapproved to do as such. In case of small
organization data breaches may involve personal information and intellectual property.
Security measure:

• Encrypting all the sensitive information and shred them before disposing.
• Retain the third party and limiting the staffs to access system and devices.

5. Phishing:
Phishing is the process to gain sensitive information like usernames, passwords and credit card
information, frequently for malicious reasons, by taking on the appearance of a dependable
element in an electronic correspondence.
Security Measure:

• Keep websites certificates up to date so that users are assured the legitimacy of the websites.
• Educate users about the best practices that they should follow and observe when using Internet
services.

6. D-DOS attack
A distributed Denial of Service (DDOS) attack is a challenge to make an online service
inaccessible by overpowering it with traffic from numerous sources. It focuses on wide range
banking information and confidential data of any organization.
Security Measure:

• Limit the rate of router to prevent form web server being overwhelmed
• Use of firewall and pack sniffing technique for controlling high packet traffic

Other network threat prevention measures

For each of the threats identified above we have covered possible prevention measures. Now we
need to look at other possible measures or general threat prevention measures. Network threats
are usually prevented by the use of network security devices

Types of Network Security Devices

Active Devices

These security devices block the surplus traffic. Firewalls, antivirus scanning devices, and
content filtering devices are the examples of such devices.

Passive Devices

These devices identify and report on unwanted traffic, for example, intrusion detection
appliances.

Preventative Devices
These devices scan the networks and identify potential security problems. For example,
penetration testing devices and vulnerability assessment appliances.

Unified Threat Management (UTM)

These devices serve as all-in-one security devices. Examples include firewalls, content filtering,
web caching, etc.

1. Firewalls

A firewall is a network security system that manages and regulates the network traffic based on
some protocols. A firewall establishes a barrier between a trusted internal network and the
internet.

Firewalls exist both as software that run on a hardware and as hardware appliances. Firewalls
that are hardware-based also provide other functions like acting as a DHCP server for that
network.

Most personal computers use software-based firewalls to secure data from threats from the
internet. Many routers that pass data between networks contain firewall components and
conversely, many firewalls can perform basic routing functions.

Firewalls are commonly used in private networks or intranets to prevent unauthorized access
from the internet. Every message entering or leaving the intranet goes through the firewall to be
examined for security measures.

An ideal firewall configuration consists of both hardware and software based devices. A firewall
also helps in providing remote access to a private network through secure authentication
certificates and logins.

Hardware and Software Firewalls

Hardware firewalls are standalone products. These are also found in broadband routers. Most
hardware firewalls provide a minimum of four network ports to connect other computers. For
larger networks − e.g., for business purpose − business networking firewall solutions are
available.
Software firewalls are installed on your computers. A software firewall protects your computer
from internet threats.

2. Antivirus

An antivirus is a tool that is used to detect and remove malicious software. It was originally
designed to detect and remove viruses from computers.

Modern antivirus software provide protection not only from virus, but also from worms, Trojan-
horses, adwares, spywares, keyloggers, etc. Some products also provide protection from
malicious URLs, spam, phishing attacks, botnets, DDoS attacks, etc.

3. Content Filtering

Content filtering devices screen unpleasant and offensive emails or webpages. These are used as
a part of firewalls in corporations as well as in personal computers. These devices generate the
message "Access Denied" when someone tries to access any unauthorized web page or email.

Content is usually screened for pornographic content and also for violence- or hate-oriented
content. Organizations also exclude shopping and job-related contents.

Content filtering can be divided into the following categories −

• Web filtering

• Screening of Web sites or pages

• E-mail filtering

• Screening of e-mail for spam

• Other objectionable content

4. Intrusion Detection Systems

An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious
activity and issues alerts when such activity is discovered. It is a software application that scans a
network or a system for harmful activity or policy breaching. Any malicious venture or violation
is normally reported either to an administrator or collected centrally using a security information
and event management (SIEM) system. A SIEM system integrates outputs from multiple sources
and uses alarm filtering techniques to differentiate malicious activity from false alarms.

Although intrusion detection systems monitor networks for potentially malicious activity, they
are also disposed to false alarms. Hence, organizations need to fine-tune their IDS products when
they first install them. It means properly setting up the intrusion detection systems to recognize
what normal traffic on the network looks like as compared to malicious activity.

Intrusion prevention systems also monitor network packets inbound the system to check the
malicious activities involved in it and at once sends the warning notifications.

Detection Method of IDS:

1. Signature-based Method:
Signature-based IDS detects the attacks on the basis of the specific patterns such as
number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects
on the basis of the already known malicious instruction sequence that is used by the
malware. The detected patterns in the IDS are known as signatures.

Signature-based IDS can easily detect the attacks whose pattern (signature) already exists
in system but it is quite difficult to detect the new malware attacks as their pattern
(signature) is not known.

2. Anomaly-based Method:
Anomaly-based IDS was introduced to detect the unknown malware attacks as new
malware are developed rapidly. In anomaly-based IDS there is use of machine learning to
create a trustful activity model and anything coming is compared with that model and it is
declared suspicious if it is not found in model. Machine learning based method has a
better generalized property in comparison to signature-based IDS as these models can be
trained according to the applications and hardware configurations.

Comparison of IDS with Firewalls:

IDS and firewall both are related to the network security but an IDS differs from a firewall as a
firewall looks outwardly for intrusions in order to stop them from happening. Firewalls restrict
access between networks to prevent intrusion and if an attack is from inside the network it don’t
signal. An IDS describes a suspected intrusion once it has happened and then signals an alarm.

Best Intrusion Detection Systems Available today

• SolarWinds Security event manager

• CrowdStrike Falcon
• Snort- Recommended for this unit check documentation
• Zeek

5. User Accounts Control (UAC)

UAC or User Account Control is a security feature that helps prevent unauthorized system
changes to your Windows computer or device. These changes can be made by users,
applications, and sadly, malware (which is the biggest reason why UAC exists in the first place).
When an important system change is initiated, Windows displays a UAC prompt asking for your
permission to make the change. If you don’t give your approval, the change is not made.

6. Encryption/ Cryptography

In the computing world, encryption is the conversion of data from a readable format into an
encoded format that can only be read or processed after it's been decrypted.

Encryption is the basic building block of data security and is the simplest and most important
way to ensure a computer system's information can't be stolen and read by someone who wants
to use it for nefarious means.

Utilized by both individual users and large corporations, encryption is widely used on the
internet to ensure the sanctity of user information that's sent between a browser and a server.

That information could include everything from payment data to personal information. Firms of
all sizes typically use encryption to protect sensitive data on their servers and databases.

The Need for Encryption

Beyond the obvious benefit of protecting private information from being stolen or compromised,
encryption also provides a means of proving that information is authentic and comes from the
point of origin it claims to come from. It can be used to verify the origin of a message and
confirm that it hasn't been altered during transmission.

The Key to the Door

The basics of encryption revolve around the concept of encryption algorithms and "keys." When
information is sent, it's encrypted using an algorithm and can only be decoded by using the
appropriate key. A key could be stored on the receiving system, or it could be transmitted along
with the encrypted data.

Methods

A number of methods are used to code and decode information, and those methods evolve as
computer software and methods for intercepting and stealing information continue to change.
These methods include:

• Symmetric Key Cipher: Also known as a secret key algorithm, this is a singular method
of decoding the message that must be provided to the receiver before the message can be
decoded. The key used to encode is the same as the one used to decode, which makes it
best for individual users and closed systems. Otherwise, the key has to be sent to the
receiver, which increases the risk of compromise if it's intercepted by a third party, such
as a hacker. The benefit is that this method is much faster than the asymmetric method.

• Asymmetric Cryptography: This method uses two different keys — public and private
— that are linked together mathematically. The keys are essentially just large numbers
that have been paired with each other but aren't identical, hence the term asymmetric. The
public key can be shared with anyone, but the private key must remain a secret. Both can
be used to encrypt a message, and the opposite key from the one originally used to
encrypt that message is then used to decode it.

• Hashing: Hashing generates a unique signature of fixed length for a data set or message.
Each specific message has its unique hash, making minor changes to the information
 easily trackable. Data encrypted with hashing cannot be deciphered or reversed back into
its original form. That’s why hashing is used only as a method of verifying data.

Many internet security experts don’t even consider hashing an actual encryption method,
but the line is blurry enough to let the classification stand. The bottom line, it’s an
effective way of showing that no one has tampered with the information.

Now that we have gone through the types of data encryption techniques, let us next learn
the specific encryption algorithms.

Specific Encryption Algorithms

There’s a host of different encryption algorithms available today. Here are five of the more
common ones.

• AES. The Advanced Encryption Standard (AES) is the trusted standard algorithm used by
the United States government, as well as other organizations. Although extremely
efficient in the 128-bit form, AES also uses 192- and 256-bit keys for very demanding
encryption purposes. AES is widely considered invulnerable to all attacks except for
brute force. Regardless, many internet security experts believe AES will eventually be
regarded as the go-to standard for encrypting data in the private sector.

• Triple DES. Triple DES is the successor to the original Data Encryption Standard (DES)
algorithm, created in response to hackers who figured out how to breach DES. It’s a
symmetric encryption that was once the most widely used symmetric algorithm in the
industry, though it’s being gradually phased out. TripleDES applies the DES algorithm
three times to every data block and is commonly used to encrypt UNIX passwords and
ATM PINs.

• RSA. RSA is a public-key encryption asymmetric algorithm and the standard for
encrypting information transmitted via the internet. RSA encryption is robust and reliable
because it creates a massive bunch of gibberish that frustrates would-be hackers, causing
them to expend a lot of time and energy to crack into systems.

• Blowfish. Blowfish is another algorithm that was designed to replace DES. This
symmetric tool breaks messages into 64-bit blocks and encrypts them individually.
 Blowfish has established a reputation for speed, flexibility, and being unbreakable. It’s in
the public domain, so that makes it free, adding even more to its appeal. Blowfish is
commonly found on e-commerce platforms, securing payments, and in password
management tools.

• Twofish. Twofish is Blowfish’s successor. It’s a license-free, symmetric encryption that

deciphers 128-bit data blocks. Additionally, Twofish always encrypts data in 16 rounds,
no matter what the key size. Twofish is perfect for both software and hardware
environments and is considered one of the fastest of its type. Many of today’s file and
folder encryption software solutions use this method.

• Rivest-Shamir-Adleman (RSA). Rivest-Shamir-Adleman is an asymmetric encryption

algorithm that works off the factorization of the product of two large prime numbers.
Only a user with knowledge of these two numbers can decode the message successfully.
Digital signatures commonly use RSA, but the algorithm slows down when it encrypts
large volumes of data.

7. Port Scanners

This refers to scanning network ports to identify open ports that can be exploited by hackers to
get into a network. They can use port scan data in conjunction with vulnerability management
tools to identify new devices or systems on a network that they need to protect or identify
misconfigurations in system defenses.

Security policy
A network security policy primarily helps in protecting a computer network from network
security threats – both internal and external – from the organization or network. It is generally a
broad document and varies based on the underlying environment, organization and/or legal
requirements.

Without a security policy, the availability of your network can be compromised. The policy
begins with assessing the risk to the network and building a team to respond. Continuation of the
policy requires implementing a security change management practice and monitoring the
network for security violations. Lastly, the review process modifies the existing policy and
adapts to lessons learned.

Enforcing Security policy

This refers to ensuring that the established security policy is adhered to at all times.

A security policy covers a wide range of aspects in a network including security mechanisms that
should be implemented to secure the network. For example, the security policy can define how
VLANs can be implemented and also define various encryption standards.

The following are some of the guidelines that should help in enforcing a security policy

1. Regularly update the security policy to meet organization needs- This means that the
security policy should be coherent with the status quo of the organization and also trends
in the industry. It should as well capture new threats in a new and convenient way.
2. Administer disciplinary action for chronic carelessness or an intentional breach of cyber
security policy. If the breach was accidental, it should be treated as an opportunity for
more cyber security awareness training. But whenever chronic carelessness or an
intentional breach occurs, disciplinary action should be considered. Remember that some
punishments are external. If an employee breaches a policy that also happens to violate
the law, then the consequences to the employee, the employee’s manager or supervisor
and the company itself can be very grave.
3. Create awareness of the policy to all members of the organization who will use the
network so that they can easily observe the policy.
4. Automate some ways of detecting breaches so that where a user fails to follow the
established policy then they are automatically locked out of the network. Example. If the
policy says that no one should use an external device to access the organizational
resources then the IDS and active directory should have a record of all IP addresses of
organizational devices and any other new IP address that tries to connect to the network
should be locked out.
5. Assign enforcement responsibility- this means that you define what each network user
and their supervisors are expected to enforce. For example, in a university, the finance
 officer should ensure that no any unauthorized person uses the computers in the finance
office.
6. Regularly conduct audits to determine how well people are following the security policy.
In case you identify any areas where people are not following the security policy then use
appropriate procedures to ensure that they start following the security policy.