0% found this document useful (0 votes)
22 views24 pages

Network Security

Uploaded by

Tee Zee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
22 views24 pages

Network Security

Uploaded by

Tee Zee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

Network Security

By

Tabinda Ali Shah Zaman


Network Security

 Network security is a subset of


information security that focuses
on protecting the integrity,
confidentiality, and availability of
a computer network and its data.
It involves implementing measures
to prevent unauthorized access,
misuse, modification, or disruption
of network resources and
communication.
Measures of network security

 Firewalls
 Intrusion Detection System (IDS)
 Virtual Private Networs (VPN’s)
 Secure wifi
 Data encryption
 Regular updates and Patch management
 Backup data
Firewalls

 These are security devices that


monitor and control incoming and
outgoing network traffic based on
predefined security rules. Firewalls
act as a barrier between untrusted
external networks and trusted internal
networks, preventing unauthorized
access and protecting against
network-based attacks.
 Types of firewalls
1. Packet filtering firewall
2. Application-Level Gateway
Types of firewalls

Packet filtering firewalls: These firewalls operate at the network layer (Layer
3) of the OSI model and examine individual packets of data based on predefined
rules. They can allow or block packets based on factors like source/destination IP
addresses, port numbers, and protocols. Packet-filtering firewalls are lightweight
and efficient but offer limited application-layer inspection capabilities.
 Application-Level Gateway: An application gateway (ALG) firewall is a type of
firewall that protects the application layer of the OSI model. It's deployed
on a computer's internal system and filters incoming node traffic by examining
and controlling application session initiation. In other words, an ALG firewall
acts as an intermediary between external users and the main server,
controlling traffic and preventing malicious attempts to gain access.
Intrusion data Systems (IDS)

 Intrusion Detection Systems (IDS) and


Intrusion Prevention Systems (IPS): IDS and
IPS solutions monitor network traffic in
real-time to detect and prevent
unauthorized or malicious activities. They
can identify suspicious patterns or
behaviors and take actions to block or
mitigate potential threats.
 Types of IDS
1. Intrusion detection system
2. Intrusion protection system
Types of IDS

1. Intrusion Detection Systems (IDS): IDS are designed to monitor


network traffic and identify any suspicious or malicious activity.
They analyze network packets, log files, and system events to
detect potential intrusions. IDS can be classified into two types:
- Network-based IDS (NIDS): NIDS monitors network traffic
passively and identifies anomalies or specific patterns that indicate
an intrusion attempt.
- Host-based IDS (HIDS): HIDS monitors activities on individual
hosts or servers, analyzing system logs and configurations to
identify any signs of compromise.
Difference Between NIDS and HIDS
Methods of IDS

Signature-based detection
 Signature-based detection analyzes network packets for attack signatures—
unique characteristics or behaviors that are associated with a specific threat.
A sequence of code that appears in a particular malware variant is an
example of an attack signature.
 A signature-based IDS maintains a database of attack signatures against which
it compares network packets. If a packet triggers a match to one of the
signatures, the IDS flags it. To be effective, signature databases must be
regularly updated with new threat intelligence as new cyberattacks emerge
and existing attacks evolve. Brand new attacks that are not yet analyzed for
signatures can evade signature-based IDS.
Anomaly-based detection
 Anomaly-based detection methods use machine learning to create—and
continually refine—a baseline model of normal network activity. Then it
compares network activity to the model and flags deviations—such as a process
that uses more bandwidth than normal, or a device opening a port.
 Because it reports any abnormal behavior, anomaly-based IDS can often catch
new cyberattacks that might evade signature-based detection. For example,
anomaly-based IDSs can catch zero-day exploits—attacks that take advantage of
software vulnerabilities before the software developer knows about them or has
time to patch them.
 But anomaly-based IDSs may also be more prone to false positives. Even benign
activity, such as an authorized user accessing a sensitive network resource for
the first time, can trigger an anomaly-based IDS.
Types of IDS

2. Intrusion Prevention Systems (IPS): IPS work similarly to IDS, but they
also have the capability to actively block or prevent intrusions in real-time.
They can inspect network traffic and apply various security measures, such
as blocking malicious IP addresses or performing packet filtering to
mitigate potential threats.
VPN’S
VPN’S

 Virtual Private Networks (VPNs): VPNs provide secure and encrypted


connections between remote users or branch offices and the
corporate network. They ensure that data transmitted over an
insecure public network, such as the internet, remains protected
from eavesdropping and tampering.
 How vpns improve network security?
 A VPN connection establishes a secure connection between you and
the internet. Via the VPN, all your data traffic is routed through an
encrypted virtual tunnel. This disguises your IP address when you use
the internet, making its location invisible to everyone. A VPN
connection is also secure against external attacks.
Data Encryption

 Encryption is the process of


encoding data so that it can only
be accessed or understood by
authorized parties. Network
security often involves
implementing encryption
protocols, such as Secure Sockets
Layer (SSL) or Transport Layer
Security (TLS), to secure
sensitive data during transmission
over the network.
 Types of encryption
1. Symmetric encryption
2. Assymmetric encryption
Types of data encryption

Symmetric encryption Asymmetric encryption


 Asymmetric encryption, also known as
 In symmetric encryption, a public-key encryption, uses two
single key is used for both different keys: a public key for
encryption and decryption. This encryption and a private key for
means that the same key is used decryption. The recipient generates a
to both scramble and key pair where the private key is kept
unscramble the data. Examples
secret, and the public key is shared
of symmetric encryption
with others. Examples of asymmetric
algorithms include Advanced
encryption algorithms include RSA,
Encryption Standard (AES) and
Diffie-Hellman, and Elliptic Curve
Data Encryption Standard (DES).
Cryptography (ECC).
Secure wifi

 Securing wireless networks is


essential to prevent
unauthorized access and protect
data transmission. This includes
implementing strong encryption
protocols (e.g., WPA2 or WPA3),
using strong passwords,
disabling of network names
(SSID), and regularly updating
firmware.
Regular updates and patch management

 Regular updates and patch management play crucial roles in maintaining


effective information security. They help protect against emerging threats,
vulnerabilities, and exploits that can compromise the confidentiality,
integrity, and availability of information systems. Updates typically involve
applying security patches released by software vendors to address known
vulnerabilities and bugs. Patch management involves the process of
applying these patches in a controlled and timely manner to minimize
potential risks.
Why update and Patch management is
important?

Here some reasons are given that why regular updates and
patch management are important in information security:
1. Vulnerability management: The software we use, including
operating systems, applications, and network devices, often
contain vulnerabilities that can be exploited by hackers.
Software vendors regularly release updates and patches to
address these vulnerabilities. By applying these updates and
patches promptly, organizations can minimize the window of
opportunity for attackers to exploit vulnerabilities, reducing the
risk of successful attacks.
Why update and Patch management
is important?

 2. Defense against emerging threats: Attackers


continually find new ways to compromise systems, and
security vulnerabilities can quickly become targets for
exploitation. Regular updates ensure that your systems
stay up-to-date with the latest security enhancements
and protections, enabling you to defend against both
known and emerging threats.
Why update and Patch management
is important ?

3. Improved system stability and performance: Updates and patches not only
address security vulnerabilities but also often include bug fixes and
performance improvements. By regularly updating and patching systems,
organizations can benefit from increased stability, reliability, and optimized
performance.
Backup data

 Implement automated and


regular backups of critical
network data. Store backups on
separate systems or off-site to
ensure data can be recovered
in case of a security incident or
hardware failure.
 Types of Backup
 1. Full backup
2. Incremental backup
Types of backup

 Full Backup: This method involves creating a complete copy of all data. It
provides the highest level of protection but requires significant storage
space and time for both backup and recovery.
 Incremental Backup: This approach involves backing up only the data that
has changed since the last full or incremental backup. It is faster and
requires less storage space than full backups, but recovery may take longer
as it involves multiple backup sets.

You might also like