COMPUTER NETWORK II

Surveillance and Security of a Network

1. Introduction to Network Security
• Definition:
• Network security involves implementing measures to protect the integrity,
confidentiality, and availability of computer networks and data.
• Importance:
• Protects sensitive data from unauthorized access, e.g., preventing credit card fraud
in online transactions.
• Ensures reliable network performance, like maintaining uptime for e-commerce
websites.

2. Threats to Network Security

• Types of Threats:
• Malware (Malicious Software):
• Example: WannaCry Ransomware—encrypts files on infected systems
and demands payment for decryption.
• Phishing Attacks:
• Example: Emails that appear to be from a bank requesting account
verification, leading to stolen credentials.
• Denial of Service (DoS) Attacks:
• Example: Overloading a website with traffic, causing it to crash, as seen in
attacks on financial institutions.
• Man-in-the-Middle (MitM) Attacks:
• Example: Intercepting communications on unsecured Wi-Fi networks to
steal personal information.
• Insider Threats:
• Example: An employee leaking sensitive company data or credentials to
competitors.

3. Surveillance Techniques in Network Security

• Network Monitoring:
• Tools:
• Example: Wireshark—captures and analyzes network packets to identify
unusual traffic patterns.
• Purpose:
 • Detects data exfiltration attempts, e.g., unauthorized uploading of sensitive
files.
• Intrusion Detection and Prevention Systems (IDPS):
• Types:
• Example: Snort (Network-Based IDPS)—monitors network traffic and
alerts on suspicious activity.
• Functionality:
• Detects port scanning activities or unauthorized access attempts.
• Logging and Analysis:
• Log Files:
• Example: Firewall logs that record all incoming and outgoing traffic to
identify anomalies.
• Event Correlation:
• Example: Using Splunk (a data analysis software) to aggregate logs from
various sources to identify coordinated attacks.

4. Security Measures and Best Practices

• Firewalls:
• Purpose:
• Example: A Cisco ASA (Adaptive Security Appliance) Firewall—filters
traffic based on predefined security rules.
• Types:
• Hardware firewalls used in corporate networks versus software firewalls
on individual devices (e.g., Windows Defender).
• Encryption:
• Importance:
• Example: HTTPS (Hypertext Transfer Protocol Secure)—encrypts data
sent between a web browser and server to secure online transactions.
• Protocols:
• Use of SSL (Secure Sockets Layer)/TLS (Transport Layer Security) to
secure data in transit, such as encrypting email communications.
• Access Control:
• Role-Based Access Control (RBAC):
• Example: Limiting access to sensitive financial data to only those in the
finance department.
• Multi-Factor Authentication (MFA):
 • Example: Using an SMS code in addition to a password to access online
banking.
• Regular Security Audits:
• Purpose:
• Example: Conducting penetration testing to identify vulnerabilities in a
web application.
• Components:
• Review of security policies and practices against industry standards, like
ISO 27001 (an international standard for information security
management systems).

5. Incident Response and Recovery

• Incident Response Plan (IRP):
• Definition:
• A structured approach to manage security incidents.
• Key Steps:
• Preparation: Training staff on security protocols.
• Detection: Example: Using alerts from an IDPS to identify breaches.
• Containment: Isolating affected systems to prevent further damage, e.g.,
disconnecting a compromised server.
• Eradication: Removing malware from affected systems, such as using
antivirus tools.
• Recovery: Restoring systems from clean backups after a ransom ware
attack.
• Post-Incident Review: Analysing the incident to improve future response
strategies.

6. Emerging Trends in Network Security

• Artificial Intelligence (AI) and Machine Learning (ML):
• Usage:
• Example: Darktrace—uses AI to identify abnormal behavior in network
traffic.
• Zero Trust Architecture:
• Concept:
• Example: Implementing strict identity verification for every access
attempt, regardless of location.
 • Cloud Security:
• Importance:
• Example: Utilizing tools like AWS Shield (Amazon Web Services Shield)
to protect cloud-hosted applications from DDoS (Distributed Denial of
Service) attacks.
Conclusion
Effective surveillance and security measures are essential for protecting networks from various
threats. Implementing robust monitoring tools, access controls, and incident response plans will
help safeguard organizational data and maintain network integrity.