Networking - New

Computer

Copyright © 2014-2023 TestBook Edu Solutions Pvt. Ltd.: All rights reserved
 Download Testbook App

Network Security

Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware. It involves both software and hardware
technologies and focuses on a variety of threats and stops them from entering or spreading
on your network.

Let's go deeper into some key aspects of network security:

1. Principles of Network Security:

The primary principles of network security are often referred to as the CIA triad:
Confidentiality, Integrity, and Availability.

Confidentiality: This ensures that data or an information system is accessed only by

authorized users and restricts unauthorized users. Encryption is a common method used to
help ensure confidentiality.

Integrity: This ensures that the data or information system is accurate and can be trusted. It
ensures the data is not altered in transit, whether intentionally or accidentally, and that it is
consistent and accurate.

Availability: This ensures the data or the information system is accessible when needed by
those who need it. It involves effectively managing a network's bandwidth, maintaining the
quality of service, preventing and mitigating service disruptions, and recovering from
disasters.

Fig: Security Requirement

2. Types of Network Security:
Network security combines multiple layers of defenses at the edge and in the network. Each

SUBJECT | Computer 1 of 18
 Download Testbook App

network security layer implements policies and controls. There are several types of network
security, including:

Access Control: You need to be able to prevent unauthorized individuals or systems from
accessing your network.

Antivirus and Antimalware Software: This software is used to protect against malware, which
includes viruses, ransomware, and spyware.

Firewall Protection: Firewalls control what traffic is allowed into and out of the network.

Virtual Private Network (VPN): A VPN encrypts the connection from an endpoint to a network,
often over the Internet.

Intrusion Prevention Systems: These systems scan network traffic to actively block attacks.

Security Information and Event Management (SIEM): These products provide real-time
analysis of security alerts generated by applications and network hardware.

3. Network Security Management:

Security management for networks is different for all kinds of situations. A small home or an
office may only require basic security while large businesses may require high-maintenance
and advanced software and hardware to prevent malicious attacks from hacking and
spamming.

4. Network Security Policies:

A network security policy is a generic document that outlines rules for computer network
access, determines how policies are enforced, and lays out some of the basic architecture of
the company security/ network security environment.

5. Network Security Threats and Attacks:

Common network security threats include trojans, viruses, worms, spyware, ransomware,
adware, network attacks, DoS and DDoS attacks, Phishing, etc.

6. Network Security Tools:

There are numerous tools for network security, including firewalls, VPNs, intrusion detection
systems (IDS), intrusion prevention systems (IPS), and network-based anomaly detection
systems (NBAD).

The primary goal of network security are to protect sensitive information, meet compliance
requirements, protect the company’s reputation, increase productivity, minimize downtime,
and inspire trust in customers and clients.

SUBJECT | Computer 2 of 18
 Download Testbook App

The Challenges of Computer Security

Computer security faces several challenges, due in large part to the continually evolving nature
of technology and the increasing sophistication of cyber threats.
Here are some of the main challenges in computer security:

1. Rapidly Evolving Threats: Cyber threats are not static; they evolve rapidly. New
vulnerabilities are discovered daily, and new malware is constantly being developed. Keeping
up with these threats and ensuring systems are protected against them is a significant
challenge.

2. Sophisticated Cybercriminals: Cybercriminals are becoming increasingly sophisticated,

employing advanced techniques to infiltrate networks and evade detection. State-sponsored
attacks, in particular, have access to substantial resources and advanced capabilities.

3. Insider Threats: Not all threats come from outside the organization. Insider threats,
whether malicious or accidental, can be particularly challenging to mitigate as these
individuals already have access to the network.

4. IoT and Increasing Connectivity: With the proliferation of Internet of Things (IoT) devices,
there are more endpoints than ever that need to be secured. Each connected device presents
a potential entry point for cyber threats.

5. Lack of Awareness: One of the biggest challenges in computer security is a lack of

awareness among users. Many people aren't aware of the risks or the measures they need to
take to secure their systems.

6. Shortage of Skilled Professionals: There is a significant shortage of skilled cybersecurity

professionals, which makes it difficult for organizations to adequately protect their systems.

7. Balancing Usability and Security: It's a challenge to balance the need for security with the
need for usability. Security measures can sometimes make systems more difficult to use, and if
they're too burdensome, users may try to bypass them, creating additional security risks.

8. Cloud Security: As more businesses move to the cloud, securing these environments
becomes a new challenge. Cloud environments may be more difficult to control and secure
than traditional on-premises systems.

9. Compliance with Regulations: Many industries are subject to regulations that require
certain security measures. Keeping up with these regulations and ensuring compliance can be
a significant challenge.

SUBJECT | Computer 3 of 18
 Download Testbook App

These challenges underscore the need for continuous effort in cybersecurity, including staying
informed about the latest threats, continually improving security measures, and educating
users.

Vulnerability and Hacking

Vulnerability in the context of computer security, refers to a flaw or weakness in a

system's design, implementation, or operation that could be exploited to violate the
system's security policy.
Vulnerabilities can be found in an operating system, a software application, a database,
network hardware, or even security policies and practices.
Exploiting a vulnerability may allow an attacker to perform unauthorized actions within a
computer system.
These actions can include gaining access to sensitive data, running arbitrary code, or
shutting down a service or the entire system.
Some vulnerabilities can allow an attacker to escalate their privileges, giving them
broader access to the system and its resources.

Hacking, on the other hand, is the act of finding and exploiting vulnerabilities in a system to
gain unauthorized access. Hackers may be motivated by a variety of reasons, such as financial
gain, protest, information gathering, or just for the challenge.

There are different types of hackers:

Black Hat Hackers: These are the individuals who exploit vulnerabilities for malicious intent,
often for personal or financial gain.

White Hat Hackers: Also known as ethical hackers, these individuals use their skills to find and
fix vulnerabilities rather than exploit them. They are often employed by organizations to
conduct penetration testing and vulnerability assessments.

Grey Hat Hackers: These individuals fall somewhere in between, often exploiting vulnerabilities
to bring them to the attention of the public or the responsible organization, without causing
harm.

Preventing hacking involves a combination of good security practices, including regular

system updates, patch management, use of firewalls and antivirus software, secure
configurations, regular backups, strong authentication practices, and user education. It's also
important to conduct regular security audits and vulnerability assessments to identify and fix
potential weaknesses before they can be exploited.

SUBJECT | Computer 4 of 18
 Download Testbook App

Organizations can also employ ethical hackers to perform penetration testing, a simulated
attack on a system with the aim of finding and fixing vulnerabilities. This is one of the most
effective ways to protect a system, as it provides a realistic assessment of the system's security
from the perspective of an attacker.

Security Attacks

Security attacks refer to different actions that are designed to harm data integrity,
confidentiality, or availability, commonly referred to as the CIA triad. These attacks can target
individuals, organizations, or even entire nations. They can range from simple nuisance to
catastrophic in terms of potential damage.

Here are some of the most common types of security attacks:

1. Malware Attacks:
Malware, short for malicious software, includes viruses, worms, trojans, ransomware, and
spyware. Malware is often used to gain unauthorized access to a network or to harm network
resources.

2. Phishing Attacks:
In phishing attacks, attackers pose as trustworthy entities to trick victims into revealing
sensitive information, such as login credentials or credit card numbers. The most common
method is via email that directs users to a fake website where they are asked to provide
personal information.

3. Man-in-the-Middle (MitM) Attacks:

In a MitM attack, the attacker intercepts communication between two parties to steal data.
The attacker makes independent connections with the victims and relays messages between
them, making them believe that they are talking directly to each other over a private
connection when in fact the entire conversation is controlled by the attacker.

4. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks:

In a DoS attack, the attacker floods a network or system with traffic or data to overload it and
prevent it from functioning. A DDoS attack is a more advanced form of this attack in which the
attacker uses multiple computers or other devices to launch the attack.

5. SQL Injection Attacks:

In an SQL injection attack, an attacker inserts malicious SQL code into a query that can be used
to manipulate the database, leading to unauthorized viewing of data, data manipulation, or
even data deletion.

SUBJECT | Computer 5 of 18
 Download Testbook App

6. Cross-Site Scripting (XSS) Attacks:

In an XSS attack, an attacker injects malicious scripts into webpages viewed by other users.
These scripts can be used to steal sensitive data, such as login information or personal data.

7. Zero-Day Attacks:
Zero-day attacks occur when an attacker exploits a software vulnerability before the software
developer has released a patch for it. "Zero-day" refers to the fact that developers have "zero
days" to fix the problem before it can potentially be exploited.

These are just a few examples of the numerous types of security attacks. As threats continue
to evolve, maintaining robust security measures, including firewalls, intrusion detection and
prevention systems, and regular system updates and patches, is critical for protecting against
these attacks.

Passive attacks
A passive attack in the context of computer security is an attack where the attacker intercepts
the data traveling over the network but doesn't modify the data. This contrasts with active
attacks, where the attacker might alter or delete data.

Passive attacks are stealthier because they don't directly interfere with the normal operation
of the system. They are focused on listening or monitoring the communications and extracting
valuable information. Because they don't cause disruptions or obvious damage, they can be
harder to detect.

SUBJECT | Computer 6 of 18
 Download Testbook App

There are two main types of passive attacks:

Eavesdropping or Sniffing: The attacker uses software tools to capture data packets traveling
over the network. These tools can let the attacker read the content of the packets, including
the data being sent and the addresses of the sender and receiver.
Traffic Analysis: Even if the data itself is encrypted and unreadable, an attacker might still be
able to gain valuable information by analyzing the patterns of network traffic. For example,
they could determine who is communicating with whom, how often, at what times, and how
much data is being transmitted. This could help them to identify important servers or users, or
to infer sensitive information like the presence of a major data transfer or a critical business
activity.

Active attacks
Active attacks involve an attacker who takes action to alter, disrupt, or otherwise interfere with
a network or system. The main goal of active attacks is not just to listen and gather data but to
create a negative impact on the network or the system's operation. They're typically more
noticeable than passive attacks because they cause changes in the system or network's
regular functioning.

Active attacks can be categorized into four primary types:

SUBJECT | Computer 7 of 18
 Download Testbook App

Modification Attacks: In these attacks, the attacker alters the information being transmitted
through the network. For instance, the attacker might change the contents of an email or a
financial transaction, thus causing misinformation or financial loss. These types of attacks are
also known as "data modification" attacks.

Denial-of-Service (DoS) Attacks: The goal of a DoS attack is to overwhelm a system or network
with traffic or requests, causing it to become slow or entirely non-responsive. A distributed
denial of service (DDoS) attack uses many different sources of traffic to achieve this goal. The
intent is to prevent legitimate users from accessing the system or network.

SUBJECT | Computer 8 of 18
 Download Testbook App

Fabrication Attacks: Also known as "forgery" or "spoofing" attacks, these involve the attacker
creating fake data packets or other information to mislead the system or other users. For
instance, an attacker might impersonate a trusted user to gain access to restricted areas of
the network.

Replay Attacks: In a replay attack, the attacker captures valid data transmission and then
replays it later. This could, for instance, allow the attacker to repeat a financial transaction,
leading to unauthorized charges.

SUBJECT | Computer 9 of 18
 Download Testbook App

Active attacks can be combated with various security measures. For example, using encryption
can help prevent modification and replay attacks, as the attacker cannot modify or replay
encrypted data without the correct key. DoS attacks can be mitigated by using firewalls and
other traffic management tools to block or limit traffic from suspicious sources. Fabrication
attacks can be prevented through the use of strong authentication and access control
measures, such as two-factor authentication, which makes it harder for an attacker to
impersonate a legitimate user. Finally, intrusion detection and prevention systems (IDS/IPS) can
help identify and block active attacks by monitoring the network for suspicious behavior.

SUBJECT | Computer 10 of 18
 Download Testbook App

Protection against passive attacks generally involves using encryption to make the data
unreadable to anyone without the right decryption key. For example, HTTPS uses SSL/TLS
encryption to protect web traffic. Virtual Private Networks (VPNs) can encrypt all data sent
from a device, offering broader protection. Even so, encryption can't completely prevent traffic
analysis, so additional measures may be needed, like using padding to make all data packets
the same size, or routing traffic randomly through multiple servers to disguise its source and
destination.

Security measures like intrusion detection systems (IDS) can also help detect some types of
passive attacks, such as if an unauthorized device starts capturing data on the network.
However, some passive attacks may still go undetected until the attacker decides to use the
information they've gathered, at which point a careful investigation may be able to trace back
the source of the leak.

Computer System Security

Malicious software, or "malware", is software designed to cause harm to a computing system

or to perform unauthorized actions. There are several types of malware, each with different
behavior and goals:

Viruses: Viruses are programs that can replicate themselves by modifying other legitimate
programs or files to include a copy of their own code. Once the infected file or program is run,
the virus code executes and continues to spread. Viruses often carry a payload which can
cause damage to the system, such as deleting or modifying files.

SUBJECT | Computer 11 of 18
 Download Testbook App

Worms: Worms are similar to viruses in that they can replicate themselves, but they don't
require a host program to infect. Instead, they take advantage of vulnerabilities in system
software to spread from computer to computer over networks.

Trojans: Trojan horses (usually just called "Trojans") are malicious programs that disguise
themselves as legitimate software. They don't self-replicate like viruses or worms, but they can
cause significant damage or allow an attacker to control the infected system. For example,
they might delete or steal data, or install a backdoor for future access.

Ransomware: This is a type of malware that encrypts the user's data and demands payment
(the ransom) to unlock it. If the ransom is not paid, the data remains inaccessible and may
even be deleted.

Spyware: Spyware is malware that secretly monitors user activities. This can include
keylogging (recording keystrokes to capture passwords), taking screenshots, recording
browsing history, or stealing files. The collected information can be used for identity theft,
financial theft, or other forms of fraud.

Adware: This type of malware delivers unwanted advertising to the user, usually in the form of
pop-up ads or redirected browser pages. While adware is not always harmful, it is often
bundled with spyware or other types of malware.

Rootkits: A rootkit is a suite of tools designed to hide the presence of malware on a system
and maintain unauthorized access to the system. They operate at a low level of the system,
making them particularly hard to detect and remove.

Protection against malware includes a combination of good security practices and the use of
security software. This includes keeping software and operating systems up to date, not
opening unexpected email attachments or clicking on suspicious links, and running regular
scans with a reputable antivirus or antimalware program. Some advanced malware types may
require specialized security tools or professional help to remove.

Backdoor
A backdoor in the context of cybersecurity refers to a method of bypassing normal
authentication or encryption in a computer system, a product, or an embedded device (like a
router), or its algorithm. Cybersecurity professionals use the term "backdoor" to refer to any
method by which authorized and unauthorized users are able to get around security
measures and gain high level user access (also known as "root" access) on a system, network,
or software application.

SUBJECT | Computer 12 of 18
 Download Testbook App

Backdoors can be installed by developers as a legitimate means of access for troubleshooting

or system management, but they can also be maliciously installed as part of a cyberattack or
malicious software, providing attackers with unauthorized access to the system.

There are different types of backdoors:

Maintenance Hooks/Debug Modes: These are often created by system designers to allow
developers to debug and test software and are supposed to be deactivated before software or
systems are released to the public.

Hidden Code/Commands: These are methods of bypassing normal authentication to access a

system. They could be hidden in the software code and activated by a special sequence of
commands, key presses, or clicks.

Kernel-Level Backdoors: These backdoors allow an attacker to gain root or administrative

access to the system. Kernel-level backdoors are particularly dangerous as they grant the
highest level of system access.

Magic Passwords: These are special passwords that bypass normal authentication
procedures. They can be inserted into a system by a developer for legitimate purposes, but if
not properly protected, can be exploited by an attacker.

Network Backdoors: These refer to methods of bypassing security through network

configurations. A common example is a firewall that is configured to always allow traffic from
a certain IP address.

Hardware/Firmware Backdoors: These are built directly into hardware or firmware and can be
difficult to detect and remove. They can provide access to systems even if software is
completely reinstalled.

Backdoors represent a significant security risk, especially if they are discovered by malicious
actors. Good security practices require removing all backdoors during system development
and before a system is deployed, and regularly checking systems for the presence of unknown
or unauthorized backdoors. This is often done as part of a security audit or penetration
testing.

Logic Bomb
A logic bomb is a type of malicious software (or piece of code) that is secretly inserted into a
system and set to trigger when specific conditions are met. These conditions could be a
certain date or time, the launch of a specific application, or the occurrence of a specific event

SUBJECT | Computer 13 of 18
 Download Testbook App

within the system. When these conditions are met, the logic bomb executes a malicious action,
such as deleting files or databases, corrupting data, or even spreading malware.

For example, an employee might plant a logic bomb in their company's system to delete crucial
files if they ever get removed from the payroll system – a sign that they've been fired or laid
off.

Logic bombs are similar to other types of malware, such as worms or viruses, but with one key
difference: while viruses and worms typically start doing damage as soon as they're installed,
logic bombs lie dormant until their trigger condition is met. This can make them particularly
dangerous because they can evade detection for a long time, and the damage is often done
before anyone realizes that the logic bomb is there.

Preventing logic bombs largely involves the same measures used to protect against other
kinds of malware. This includes:

Regularly updating and patching software to protect against known vulnerabilities.

Using reliable antivirus and antimalware tools that can detect and remove malicious
code.
Implementing access controls and monitoring tools to limit the ability of potential
attackers to insert malicious code and to detect unusual activity that could indicate the
presence of a logic bomb.
Conducting regular system audits and code reviews to find and remove any unauthorized
or suspicious-looking code.
Maintaining regular backups to restore data in case a logic bomb or other attack causes
data loss.
Finally, it's important to maintain a culture of security within an organization, as insiders
can be a significant source of threats like logic bombs. Regular training can help
employees understand the importance of security and the potential consequences of
actions like planting a logic bomb.

Antivirus and Antimalware Software

Antivirus and antimalware software are tools designed to detect, prevent, and remove
malicious software, or malware, from a computer system. These two terms are often used
interchangeably, as the distinction between viruses (a specific type of malware) and other
kinds of malware has become less important over time. However, there can still be some
differences in the types of threats they are designed to handle.

Antivirus Software: Traditional antivirus software focuses on a narrower range of threats,

primarily viruses, worms, and trojans, which were the most common types of malware when

SUBJECT | Computer 14 of 18
 Download Testbook App

these tools were first developed. Antivirus software operates by scanning files and system
areas like the memory and boot sectors for patterns of code known as signatures, which are
characteristic of different types of malware. When it detects a match, it blocks the file or
process and alerts the user. Most antivirus software also includes heuristics, which are rules
for identifying suspicious behavior that might indicate an unknown virus or a variant of a
known virus.

Antimalware Software: Antimalware software uses a broader approach to address a wider

variety of threats, including newer types of malware like ransomware, spyware, and adware,
as well as potentially unwanted programs (PUPs) like browser hijackers. Besides signature-
based detection, many antimalware tools also use more advanced techniques like behavioral
analysis to detect previously unknown threats. For example, they might block a program that
tries to modify certain system files or registry entries, even if it doesn't match a known
malware signature.

In practice, most modern security tools combine features of both antivirus and antimalware
software, and can handle a wide range of threats. They also include real-time protection to
block threats as soon as they appear, scheduled scans to check for hidden threats, and
automatic updates to keep their signature databases current. Many also include additional
features like firewalls, email scanning, web browsing protection, and more.

Firewall
A firewall is a network security system that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. It establishes a barrier between a
trusted internal network and an untrusted external network, such as the internet. The term
"firewall" comes from a structural safety feature that prevents the spread of fire in a building.

Firewalls can be either hardware or software-based:

Hardware Firewalls: These are physical devices that sit between your network and the
gateway (the point at which your network connects to the internet). They are typically used in
business settings and are often built into network routers.

Software Firewalls: These are programs installed on individual devices (like PCs, laptops, or
servers). They provide more granular control over network traffic at the machine level.

Firewalls operate by using one or more security methods, including:

Packet Filtering: This method checks small amounts of data against a set of filters. Filters can
include IP addresses, domain names, programs, types of internet traffic, and ports. Any
packets that match the filters are blocked.

SUBJECT | Computer 15 of 18
 Download Testbook App

Stateful Inspection: This method, also known as dynamic packet filtering, reviews the packet's
information in the context of its TCP session state, such as whether the packet is part of an
existing connection or is starting a new connection.

Proxy Service: In this method, the firewall serves as an intermediary for requests from one
network to another. It prevents direct connections between either side, effectively hiding the
system's information.

Deep Packet Inspection (DPI): This method involves inspecting the data in the packet, allowing
firewalls to detect certain types of attacks that packet filtering and stateful inspection cannot
block.

Firewalls are an essential part of network security. They can protect against various threats
such as unauthorized remote logins, denial of service attacks, and other forms of network
intrusions. However, while they are an important security measure, they are not sufficient on
their own and should be part of a multi-layered security approach that also includes antivirus
and antimalware software, secure configurations, access controls, and user training.

Intrusion Detection System

An Intrusion Detection System (IDS) is a device or software application that monitors a

network or systems for malicious activities or policy violations and reports these to a
management station. The main function of an IDS is to inspect all inbound and outbound
network activity and identify suspicious patterns that may indicate an attack on the system.

Intrusion Detection Systems are typically classified into two types:

Network Intrusion Detection Systems (NIDS): These are placed at a strategic point or points
within the network to monitor traffic going to and from all devices on the network. NIDS can
be likened to a system installed in various places along the highway to monitor speed. When a
vehicle exceeds the speed limit, these systems trigger an alarm. Similarly, if a packet of data is
tagged by the NIDS as suspect, it triggers an alarm within the system.

Host Intrusion Detection Systems (HIDS): These run on individual hosts or devices on the
network. A HIDS monitors the inbound and outbound packets from the device and alerts the
user or administrator if suspicious activity is detected. It takes a snapshot of existing system
files and matches it to the previous snapshot. If the system files were modified or deleted, an
alert is sent to the administrator to investigate.

An IDS differs from a firewall in that a firewall looks outwardly for intrusions to stop them
from happening. Firewalls limit access between networks to prevent intrusion and don't signal

SUBJECT | Computer 16 of 18
 Download Testbook App

an attack from inside the network. An IDS describes a suspected intrusion once it has taken
place and signals an alarm.

Additionally, an IDS also watches for attacks that originate from within a system. This is
traditionally the weakness of a firewall, which is, it can block incoming threats but if the attack
originates inside the network, firewalls are not designed to protect against such threats.

Virus and its types

A computer virus is a type of malicious software program ("malware") that, when executed,
replicates itself by modifying other computer programs and inserting its own code. Infected
computer programs can include data files, or the "boot" sector of the hard drive. Viruses often
perform some type of harmful activity on infected hosts, such as stealing hard disk space or
CPU time, accessing private information, corrupting data, displaying political or humorous
messages on the user's screen, spamming their contacts, or logging their keystrokes.

Here are some types of computer viruses:

File Infector Viruses: These are some of the most common types of viruses and attach
themselves to program files, usually selected .com or .exe files. Some can infect any program
for which execution is requested, including .sys, .ovl, .prg, and .mnu files.

Macro Viruses: These types of viruses infect data files. They’re written in the same macro
language used for software applications. Word documents and Excel are common targets for
these types of viruses.

Overwrite Viruses: This type of virus is characterized by the fact that it deletes the information
contained in the files that it infects, rendering them partially or totally useless once they have
been infected.

Polymorphic Viruses: A polymorphic virus changes its code each time an infected file is
executed. It does this to evade antivirus programs.

Boot Sector Viruses: This type of virus specifically targets the boot sector of a hard drive,
where important files are stored that help to start the system's operating system.

Directory Virus: Also known as cluster virus or file system virus, it infects the directory of your
computer by changing the path indicating the location of a file.

Web Scripting Virus: Many web pages include complex codes in order to create an interesting
look, yet allow different interactive functions. This code is often exploited to cause certain
malicious activities.

SUBJECT | Computer 17 of 18
 Download Testbook App

SUBJECT | Computer 18 of 18