Networking fundamentals Prof.

Ayesha Nawaz

Introduction to Network Security

Network Security protects your network and data from breaches, intrusions and
other threats. This is a vast and overarching term that describes hardware and
software solutions as well as processes or rules and configurations relating to
network use, accessibility, and overall threat protection.

Network Security involves:

 access control
 virus and antivirus software
 application security
 network analytics

Types of network-related security

 Endpoint, web, wireless,

 firewalls
 VPN encryption

Network security typically consists of three different controls: physical, technical

and administrative.

Physical Network Security

Physical security controls are designed to prevent unauthorized personnel from

gaining physical access to network components such as routers, cabling cupboards

1|Page
Networking fundamentals Prof. Ayesha Nawaz

and so on. Controlled access, such as locks, biometric authentication and other
devices, is essential in any organization.

Technical Network Security

Technical security controls protect data that is stored on the network or which is in
transit across, into or out of the network. Protection is twofold; it needs to protect
data and systems from unauthorized personnel, and it also needs to protect against
malicious activities from employees.

Administrative Network Security

Administrative security controls consist of security policies and processes that

control user behavior, including how users are authenticated, their level of access
and also how IT staff members implement changes to the infrastructure.

Types of network security

We have talked about the different types of network security controls. Now let's
take a look at some of the different ways you can secure your network.

Network Access Control

To ensure that potential attackers cannot infiltrate your network, comprehensive
access control policies need to be in place for both users and devices. Network
access control (NAC) can be set at the most granular level. For example, you could
grant administrators full access to the network but deny access to specific
confidential folders or prevent their personal devices from joining the network.

Antivirus and Antimalware Software

Antivirus and antimalware software protect an organization from a range of
malicious software, including viruses, ransom ware, worms and Trojans. The best
software not only scans files upon entry to the network but continuously scans and
tracks files.

Firewall Protection
Firewalls, as their name suggests, act as a barrier between the untrusted external
networks and your trusted internal network. Administrators typically configure a
set of defined rules that blocks or permits traffic onto the network.

2|Page
 Networking fundamentals Prof. Ayesha Nawaz

Virtual Private Networks

Virtual private networks (VPNs) create a connection to the network from another
endpoint or site. For example, users working from home would typically connect
to the organization's network over a VPN. Data between the two points is
encrypted and the user would need to authenticate to allow communication
between their device and the network.

Robust Network Security Will Protect Against

 Virus: A virus is a malicious, downloadable file that can lay dormant that
replicates itself by changing other computer programs with its own code. Once it
spreads those files are infected and can spread from one computer to another,
and/or corrupt or destroy network data.

 Worms: Can slow down computer networks by eating up bandwidth as well as the
slow the efficiency of your computer to process data. A worm is a
standalone malware that can propagate and work independently of other files,
where a virus needs a host program to spread.

 Trojan: A trojan is a backdoor program that creates an entryway for malicious

users to access the computer system by using what looks like a real program, but
quickly turns out to be harmful. A trojan virus can delete files, activate other
malware hidden on your computer network, such as a virus and steal valuable data.

 Spyware: Much like its name, spyware is a computer virus that gathers
information about a person or organization without their express knowledge and
may send the information gathered to a third party without the consumer’s consent.

 Adware: Can redirect your search requests to advertising websites and collect
marketing data about you in the process so that customized advertisements will be
displayed based on your search and buying history.

 Ransom ware: This is a type of trojan cyber ware that is designed to gain money
from the person or organization’s computer on which it is installed by encrypting
data so that it is unusable, blocking access to the user’s system.

3|Page
 Networking fundamentals Prof. Ayesha Nawaz

Network Security Policy

A network security policy is a formal document that outlines strategies for
ensuring the confidentiality, integrity, and availability of network-based data and
resources.

A network security policy defines the rules for the usage of the network and the
traffic that flows through it. It identifies a boundary or the perimeter of the
network, where the policies can be enforced to protect the network resources and
guard against the threats.

A network security policy defines the rules for the usage of the network and the
traffic that flows through it. It identifies a boundary or the perimeter of the
network, where the policies can be enforced to protect the network resources and
guard against the threats.
Here are some common types of network security policies:
 Access control policies
 Encryption policies
 Backup and recovery policies
 Incident response policies
 Acceptable use policies
 Security awareness and training policies

Physical Network Security

Physical security controls are designed to prevent unauthorized personnel from
gaining physical access to network components such as routers, cabling cupboards
and so on. Controlled access, such as locks, biometric authentication and other
devices, is essential in any organization.

Data Security
Data security is the practice of protecting digital information from unauthorized
access, modification, and corruption.

Some methods for securing access to data include:

4|Page
 Networking fundamentals Prof. Ayesha Nawaz

 Authentication: The process of verifying a user's identity by entering the correct

user ID and password.
 Authorization: Allows users to access certain data objects and perform certain
database operations.
 Encryption: Converts data into a code that can only be read by authorized parties.
 Backups: Copies of data that reside at a different location. Backups can be
complete data replications or incremental backups that only save changes to the
data.
 Data loss prevention (DLP): Helps organizations detect and prevent potential
data breaches

Here are some other ways to secure access to data:

 Use unique, complex passwords for every account.
 Enable multi-factor authentication (MFA).
 Send sensitive information with encryption.
 Enable hard drive encryption on your computer.
 Avoid public WiFi.
 Use a VPN.
 Install antivirus software.
 Make use of a public key infrastructure.
 Hide data with steganography.
 Back up regularly.
 Keep business software up to date.
 Password-protect everything.

5|Page
Networking fundamentals Prof. Ayesha Nawaz

Encryption
Encryption is the process by which a readable message is converted to an
unreadable form to prevent unauthorized parties from reading it.

Decryption
Decryption is the process of converting an encrypted message back to its original
(readable) format. The original message is called the plaintext message .

To be effective, a cipher includes a variable as part of the algorithm. The variable,

which is called a key, is what makes a cipher's output unique. When an encrypted
message is intercepted by an unauthorized entity, the intruder has to guess which
cipher the sender used to encrypt the message, as well as what keys were used as
variables. The time and difficulty of guessing this information is what makes
encryption such a valuable security tool.

Encryption has been a longstanding way for sensitive information to be protected.

Historically, it was used by militaries and governments. In modern times,
encryption is used to protect data stored on computers and storage devices, as well
as data in transit over networks.

6|Page
Networking fundamentals Prof. Ayesha Nawaz

Why is encryption important?

Encryption plays an important role in securing many different types of information

technology (IT) assets. It provides the following:

 Confidentiality encodes the message's content.

 Authentication verifies the origin of a message.
 Integrity proves the contents of a message have not been changed since it was
sent.
 Nonrepudiation prevents senders from denying they sent the encrypted
message.

Network Attack
A network attack is an attempt to gain unauthorized access to an organization’s
network, with the objective of stealing data or perform other malicious activity.
There are two main types of network attacks:

 Passive: Attackers gain access to a network and can monitor or steal

sensitive information, but without making any change to the data, leaving it
intact.

 Active: Attackers not only gain unauthorized access but also modify data,
either deleting, encrypting or otherwise harming it.

We distinguish network attacks from several other types of attacks:

7|Page
Networking fundamentals Prof. Ayesha Nawaz

 Endpoint attacks—gaining unauthorized access to user devices, servers or

other endpoints, typically compromising them by infecting them with
malware.

 Malware attacks—infecting IT resources with malware, allowing attackers

to compromise systems, steal data and do damage. These also include
ransom ware attacks.

 Vulnerabilities, exploits and attacks—exploiting vulnerabilities in

software used in the organization, to gain unauthorized access, compromise
or sabotage systems.

 Advanced persistent threats—these are complex multilayered threats,

which include network attacks but also other attack types.

Common Types of Network Attacks

Following are common threat vectors attackers can use to penetrate your network.

1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving
permission. Among the causes of unauthorized access attacks are weak passwords,
lacking protection against social engineering, previously compromised accounts,
and insider threats.

2. Distributed Denial of Service (DDoS) attacks

Attackers build botnets, large fleets of compromised devices, and use them to
direct false traffic at your network or servers. DDoS can occur at the network level,
for example by sending huge volumes of SYN/ACC packets which can overwhelm
a server, or at the application level, for example by performing complex SQL
queries that bring a database to its knees.

3. Man in the middle attacks

A man in the middle attack involves attackers intercepting traffic, either between
your network and external sites or within your network. If communication
protocols are not secured or attackers find a way to circumvent that security, they

8|Page
Networking fundamentals Prof. Ayesha Nawaz

can steal data that is being transmitted, obtain user credentials and hijack their
sessions.

4. Code and SQL injection attacks

Many websites accept user inputs and fail to validate and sanitize those inputs.
Attackers can then fill out a form or make an API call, passing malicious code
instead of the expected data values. The code is executed on the server and allows
attackers to compromise it.

5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand
their reach. Horizontal privilege escalation involves attackers gaining access to
additional, adjacent systems, and vertical escalation means attackers gain a higher
level of privileges for the same systems.

6. Insider threats
A network is especially vulnerable to malicious insiders, who already have
privileged access to organizational systems. Insider threats can be difficult to
detect and protect against, because insiders do not need to penetrate the network in
order to do harm. New technologies like User and Even Behavioral Analytics
(UEBA) can help identify suspicious or anomalous behavior by internal users,
which can help identify insider attacks.

Network Attacks Detection and Protection with Cynet 360

 Blocking suspicious behavior—Cynet monitors endpoints to identify
behavioral patterns that may indicate an exploit. This means that even if
credentials are breached, the threat actor’s ability to use them will be
limited.

 Blocking malware—Cynet’s multi-layered malware protection includes

sandboxing, process behavior monitoring and ML-based static analysis, as
well as fuzzy hashing and threat intelligence. This ensures that even if
malware has infected the network, Cynet will prevent it from running.

9|Page
Networking fundamentals Prof. Ayesha Nawaz

 UBA—Cynet updates a behavioral baseline based on continued, real-time

analysis of user behavior on endpoints, and provides alerts when it identifies
a behavioral anomaly. This anomaly may indicate a compromised user
account or an unauthorized action by a user.

 Deception—Cynet allows you to plant decoy tokens, such as data files,

passwords, network shares, RDP and others, on assets within the protected
network. Cynet’s decoys lure sophisticated attackers, tricking them into
revealing their presence.

 Uncover hidden threats—Cynet thinks like an adversary to uncover threats

such as APTs, identifying indicators of compromise and anomalous behavior
across endpoints, users, files, and networks. This provides a holistic account
of the attack process and helps identify vulnerable points.

10 | P a g e