Network Security

Unit-7
 Introduction
• In today's interconnected world, network security has become increasingly
important for organizations and individuals alike. Network security refers to
the process of protecting computer networks from unauthorized access,
misuse, and threats that can compromise the confidentiality, integrity, and
availability of information.
• Network security measures can include a range of strategies, including
firewalls, intrusion detection systems, access control, encryption, and
antivirus software. These measures aim to prevent unauthorized access to
network resources, protect against malware and other cyber threats, and
ensure the confidentiality and integrity of data transmitted over the
network.
 Cont..
• With the increasing use of cloud computing, mobile devices, and the
Internet of Things (IoT), network security has become more complex,
as there are more entry points for potential attackers. Therefore,
organizations must continually assess and update their network
security measures to stay ahead of evolving threats.
• In this digital age, network security is not just important for large
corporations and government agencies; it is also crucial for small
businesses and individuals who store sensitive information on their
networks. Therefore, understanding network security and
implementing effective measures to protect networks have become
essential skills for anyone who uses a computer or mobile device.
 Why network security is important?
• Network security is critical for any organization that uses computer networks to
conduct its operations. Here are some reasons why network security is important:
• Protects sensitive data: Network security measures are necessary to safeguard
sensitive data, such as customer information, financial data, and intellectual
property. This data can be targeted by cybercriminals and hackers, and without
adequate network security measures in place, it can be stolen or misused.
• Maintains business continuity: A security breach can disrupt an organization's
operations and cause significant financial and reputational damage. Network
security measures, such as backup and disaster recovery plans, ensure that
operations can continue in the event of a security incident.
• Compliance with regulations: Many industries are subject to regulations that
require them to protect sensitive data, such as healthcare data or financial
information. Failure to comply with these regulations can result in legal penalties
and reputational damage.
 Cont..
• Prevents cyberattacks: Cybercriminals use a variety of tactics to infiltrate
networks and steal information or disrupt operations. Network security
measures, such as firewalls, intrusion detection systems, and antivirus
software, can prevent these attacks from succeeding.
• Enhances productivity: With secure networks, employees can access
information quickly and efficiently, without the fear of security breaches or
downtime due to cyberattacks. This leads to improved productivity and
business growth.
• In summary, network security is crucial for organizations that want to
protect their sensitive data, maintain business continuity, comply with
regulations, prevent cyberattacks, and enhance productivity. By
implementing effective network security measures, organizations can
ensure that their networks are secure, and their operations remain
uninterrupted.
 Types of network security
• Network security refers to the protection of networks and their services
from unauthorized access, misuse, modification, or destruction. There are
several types of network security measures that can be implemented to
protect networks, including:
• Firewall Protection
• Email security
• Anti-virus and Anti-malware software
• Virtual Private Network
• Network Access control
• Intrusion Detection and Prevention
• Data Loss Prevention (DLP) etc.
 Firewall Protection
• A firewall is a network security device that monitors incoming and outgoing
network traffic and decides whether to allow or block specific traffic based
on a defined set of security rules.
• Firewalls have been a first line of defense in network security for over 25
years. They establish a barrier between secured and controlled internal
networks that can be trusted and untrusted outside networks, such as the
Internet.
• A firewall can be hardware, software, software-as-a service (SaaS), public
cloud, or private cloud (virtual).
 How does a firewall work?
• Firewalls carefully analyze incoming traffic based on pre-established rules and
filter traffic coming from unsecured or suspicious sources to prevent attacks.
Firewalls guard traffic at a computer’s entry point, called ports, which is
where information is exchanged with external devices. For example, “Source
address 172.18.1.1 is allowed to reach destination 172.18.2.1 over port 22."
• Think of IP addresses as houses, and port numbers as rooms within the
house. Only trusted people (source addresses) are allowed to enter the house
(destination address) at all—then it’s further filtered so that people within
the house are only allowed to access certain rooms (destination ports),
depending on if they're the owner, a child, or a guest. The owner is allowed to
any room (any port), while children and guests are allowed into a certain set
of rooms (specific ports).
 Types of firewalls
• Firewalls can either be software or hardware, though it’s best to have both. A
software firewall is a program installed on each computer and regulates
traffic through port numbers and applications, while a physical firewall is a
piece of equipment installed between your network and gateway.
• Packet-filtering firewalls, the most common type of firewall, examine packets and
prohibit them from passing through if they don’t match an established security rule
set. This type of firewall checks the packet’s source and destination IP addresses. If
packets match those of an “allowed” rule on the firewall, then it is trusted to enter the
network.
• Next-generation firewalls (NGFW) combine traditional firewall technology with
additional functionality, such as encrypted traffic inspection, intrusion prevention
systems, anti-virus, and more. Most notably, it includes deep packet inspection (DPI).
While basic firewalls only look at packet headers, deep packet inspection examines the
data within the packet itself, enabling users to more effectively identify, categorize, or
stop packets with malicious data.
 Cont..
• Proxy firewalls filter network traffic at the application level. Unlike basic
firewalls, the proxy acts an intermediary between two end systems. The
client must send a request to the firewall, where it is then evaluated
against a set of security rules and then permitted or blocked. Most
notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP
and FTP, and use both stateful and deep packet inspection to detect
malicious traffic.
 Email Security
• Email security is the practice of protecting email accounts and
communications from unauthorized access, loss, or
compromise.
• Organizations can enhance their email security posture by
establishing policies and using tools to protect against malicious
threats such as malware, spam, and phishing attacks.
• Cybercriminals target email because it is an easy entry point to
other accounts and devices—and it relies in large part on human
error. All it takes is one misguided click to cause a security crisis
for an entire organization.
 Why is email security important?
• Email has been a primary communication tool in the workplace for more than
two decades. More than 333 billion emails are sent and received daily
worldwide—and employees get an average of 120 emails a day. This spells
opportunity for cybercriminals who use business email compromise attacks,
malware, phishing campaigns, and a host of other methods to steal valuable
information from businesses. Most cyberattacks—94 percent—begin with a
malicious email. Cybercrime cost more than $4.1 billion in 2020, with business
email compromise causing the most damage, according to the FBI’s Internet
Crime Complaint Center (IC3). The consequences can be severe, leading to
significant financial, data, and reputational losses.
 The benefits of email security
• Businesses of all sizes are realizing the importance of prioritizing
email security. An email security solution that safeguards employee
communication and reduces cyberthreats is important because it
helps to:
• Protect a company’s brand, reputation, and bottom line. Email threats can
lead to devastating costs, operational disruption, and other severe
consequences.
• Enhance productivity. With a robust email security solution in place,
businesses can reduce potential disruptions to operations and downtime
because of a cyberattack.
• Ensure compliance with data protection laws such as the General Data
Protection Regulation (GDPR) and help overcome the many intangible
costs of a cyberattack such as business disruption, legal fees, regulatory
fines.
 Email security best practices
• In response to the fast-changing email threat landscape, enterprises have
established email security best practices to support communication and
guard against threats. Top email security best practices include:
• Educate employees with periodic training to minimize the risk of human error and
ensure that employees—often considered a company’s first line of defense—
understand the importance of email security.
• Invest in user awareness training so users can learn how to recognize the signs of a
phishing attack and other indicators of malicious intent.
• Upgrade to an email security solution that provides advanced threat protection.
• Implement multifactor authentication (MFA) to prevent account compromise. Asking
users to provide more than one way to sign into accounts is an easy way to help secure
organizational data.
• Review protections against business email compromise attacks through methods like
spoofing and impersonation.
• Move high-risk processes and transactions to more authenticated systems.
 Anti-virus and Anti-malware software
• Viruses are a specific malware program that is capable of replicating
themselves and spread throughout the system, whereas malware is
an umbrella term that refers to all kinds of malicious software
including viruses, Trojans, adware, rootkits, spyware, and
ransomware.
• This means viruses are malware, but not all malware are viruses.
Antivirus is a software program designed to detect and destroy
viruses and other malicious software from the system, whereas an
antimalware is a program that protects the system from all kinds of
malware including viruses, Trojans, worms, and adware.
 Cont..
• Both antivirus and antimalware are software utility programs designed to
protect your computer from all sorts of harmful programs. However,
antivirus software are specifically designed to protect your digital
environment meaning they protect your system against all classic, more
established online threats such as viruses, Trojans and worms.
• Antimalware, on the other hand, typically protect the system against the
newer and more sophisticated malware programs in order to strengthen
security. Antivirus is a common term for all cyber security programs,
whereas antimalware is a software program that defends against all
malware including viruses and worms.
 How antivirus software works
• Antivirus software typically runs as a background process, scanning
computers, servers or mobile devices to detect and restrict the spread of
malware. Many antivirus software programs include real-time threat
detection and protection to guard against potential vulnerabilities and
perform system scans that monitor device and system files, looking for
possible risks.
• Antivirus software usually performs the following basic functions:
• Scans directories or specific files against a library of known malicious signatures to
detect abnormal patterns indicating the presence of malicious software.
• Enables users to schedule scans so they run automatically.
• Lets users initiate new scans at any time.
• Removes any malicious software it detects either automatically in the background or
notifies users of infections and prompts them to clean the files.
 VPN
• VPN stands for Virtual Private Network. It is a
technology that enables users to create a
secure and encrypted connection between
their device and the internet. VPNs can be
used to protect your online privacy, bypass
internet censorship, and access geo-
restricted content.
• When you use a VPN, your internet traffic is
routed through a remote server operated by
the VPN provider. Your device connects to
the VPN server through an encrypted tunnel,
which means that your online activities are
shielded from prying eyes, including your
internet service provider, government
agencies, and hackers.
There are several reasons why people use VPNs, including:
• Privacy and Security: VPNs encrypt your internet traffic, making it difficult
for others to intercept and read your online activities. This is especially
important when using public Wi-Fi networks, which are often insecure and
can expose you to various security risks.
• Bypassing Censorship: VPNs can help you access websites and online
services that are blocked in your country or region. This is particularly useful
for people living in countries with strict internet censorship laws, such as
China and Iran.
• Geo-restriction: Certain streaming services, such as Netflix, Amazon Prime,
and Disney+, have different content libraries for different regions. With a
VPN, you can connect to a server in another country and access content that
is not available in your region.
• Business Use: VPNs are commonly used by businesses to allow remote
workers to securely access company networks and data.
 How VPN works?
• A VPN works by creating a secure and encrypted connection between your
device and a remote server operated by a VPN provider. Here's how a VPN
works in more detail:
• Encryption: When you use a VPN, your internet traffic is encrypted, meaning
that it is converted into a code that can only be deciphered with the right key.
This encryption process helps to protect your data from being intercepted and
read by unauthorized parties.
• Tunneling: The encrypted traffic is then sent through a secure tunnel between
your device and the VPN server. This tunnel is created using protocols such as
OpenVPN, L2TP, and IKEv2. The tunneling process adds an extra layer of
protection to your online activities, making it difficult for others to intercept
your traffic.
Cont..
• VPN Server: Once your traffic reaches the VPN server, it is decrypted and
sent out to the internet. The server acts as a middleman between your
device and the internet, making it difficult for others to trace your online
activities back to you.
• IP Address: When you connect to a VPN server, you are assigned a new IP
address. This address is typically located in a different country or region
than your actual location, which means that you can access geo-restricted
content and bypass internet censorship.
• Data Security: The VPN server also helps to protect your data from hackers
and other malicious actors. By routing your internet traffic through the VPN
server, your device is shielded from potential threats on the internet.
 Network Access Control
• Network Access Control (NAC) is a security solution that helps to
ensure that only authorized and secure devices are allowed to
connect to a network. NAC is typically implemented through a
combination of authentication, authorization, and accountability
measures.
• Authentication: Authentication is the process of verifying the
identity of a device or user before allowing access to a network.
This is typically done through the use of usernames and
passwords, digital certificates, biometrics, or other forms of
authentication. Authentication helps to ensure that only
authorized users and devices are allowed on the network.
• Authorization: Authorization is the process of determining what
resources a user or device can access once they have been
authenticated. This includes things like which applications, files,
and services a user can access on the network. Authorization is
typically managed through role-based access control (RBAC), which
assigns different levels of access based on a user's job function or
level of authorization.
• Accountability: Accountability is the process of tracking and
monitoring user and device activity on the network. This includes
things like recording user login times, tracking file access and
modifications, and monitoring network traffic. Accountability helps
to identify and mitigate potential security threats by providing a
record of network activity that can be analyzed in the event of a
security breach.
Common Network Security Threats
• In today's world, network security is a major concern for individuals
and organizations alike. There are various types of network security
threats that can harm the network and its users. Here are four
common network security threats:
• Virus
• Trojan horse
• Computer Worm
• Phishing Attacks
 Virus
• A computer virus is a malicious program or code that is designed to
replicate itself and spread from one computer to another. The term
"virus" is often used to describe any type of malicious software, but
technically a virus is a specific type of malware that attaches itself to a
legitimate(valid) program or file and spreads when that program or file is
executed.
• A virus works by attaching itself to a legitimate program or file and
replicating itself. It can spread from one computer to another through
various means, such as email attachments, infected websites, or infected
files shared over a network. Once a virus infects a computer, it can
perform a range of malicious activities, such as corrupting files, stealing
sensitive information, or even taking control of the system.
 Example of how a virus can work
• Let's say you receive an email from an unknown sender with an attachment
that looks like a document. When you open the attachment, the virus
contained in the document is activated and begins to replicate itself. It can
then spread to other files on your computer, as well as to other computers
on your network.
• Once the virus has infected your system, it can cause a variety of problems.
It can delete or corrupt files, steal personal information, or even use your
computer to launch attacks on other systems. Some viruses are designed to
remain hidden and silently collect data or perform other malicious
activities over a long period of time.
 Some examples of popular viruses along with their
work:
• Melissa: The Melissa virus emerged in 1999 and spread through infected email
attachments. It targeted Microsoft Word and Outlook and would automatically
email itself to 50 of the user's contacts. This caused email servers to crash due to
the high volume of email traffic.
• Code Red: The Code Red virus emerged in 2001 and targeted servers running
Microsoft's Internet Information Services (IIS) web server software. It would create
a "backdoor" on the server, allowing attackers to remotely control the system. The
virus also launched a distributed denial of service (DDoS) attack on certain IP
addresses.
• Nimda: The Nimda virus emerged in 2001 and was spread through email
attachments and infected websites. It would infect computers running Windows
operating systems and spread through open network shares. The virus could cause
significant damage to computer systems, including deleting files and corrupting
data.
• Sasser: The Sasser virus emerged in 2004 and exploited a vulnerability
in Microsoft Windows to infect computers. It would scan for vulnerable
systems on a network and replicate itself to infect other systems. The
virus caused computers to crash and prevented users from accessing
the internet.
• WannaCry: The WannaCry virus emerged in 2017 and used a
vulnerability in Microsoft Windows to spread rapidly across networks.
It would encrypt files on infected computers and demand a ransom to
restore access. The virus caused significant damage worldwide,
affecting businesses, hospitals, and government agencies.
• It is important to use anti-virus software and keep software up-to-date
to protect against these threats. Additionally, users should be cautious
of email attachments and links from unknown sources and regularly
back up important files to mitigate the impact of a virus infection.
 Trojan horse
• A Trojan horse is a type of malware that is designed to appear as a
legitimate program or file, but actually contains malicious code that can
harm a computer system. It is named after the Trojan horse from Greek
mythology, as it disguises itself as a harmless object to gain entry to a
system.
• Trojan horses are often spread through social engineering tactics, such
as email attachments or fake software downloads. Once the user
executes the Trojan, it can perform a variety of malicious activities,
including stealing personal information, installing other malware, or
taking control of the system.
 There are several types of Trojan horses, including:
• Remote Access Trojans (RATs): RATs allow attackers to take control of a
computer system remotely. They can be used to spy on a user's activity,
steal sensitive information, or install additional malware.
• Banking Trojans: Banking Trojans are designed to steal banking information,
such as login credentials and credit card numbers, from the victim's
computer. They can intercept and modify web traffic to capture sensitive
data.
• DDoS Trojans: DDoS (Distributed Denial of Service) Trojans are designed to
infect a large number of computers and use them to launch DDoS attacks
against a target website or server.
• Backdoor Trojans: Backdoor Trojans create a "backdoor" on the infected
system, allowing attackers to remotely control the system and perform
malicious activities.
How to be safe from Trojan horse
• To protect against Trojan horses, it is important to use anti-
virus software, keep software up-to-date, and be cautious of
email attachments and software downloads from unknown
sources. Additionally, users should avoid clicking on links or
downloading attachments from suspicious emails, and never
download software from untrusted sources.
 Computer Worm
• A computer worm is a type of malware that is designed to spread rapidly
through a computer network and replicate itself. Unlike viruses, which
require user interaction to spread, worms can spread automatically
without any user action.
• Computer worms can cause a range of damage, from slowing down
computer systems to crashing entire networks. They can also be used to
steal sensitive information or take control of computer systems.
• Computer worms are often spread through email attachments or infected
websites, and they can also exploit vulnerabilities in software or
operating systems to spread. Once a worm infects a system, it can use
that system to scan the network for other vulnerable systems and
replicate itself.
 Some notable examples of computer worms
include:
• Morris Worm: The Morris Worm was one of the first computer worms to
gain widespread attention. It emerged in 1988 and targeted UNIX-based
systems. It replicated itself rapidly and caused significant damage to the
Internet at the time.
• Conficker: Conficker is a worm that emerged in 2008 and targeted
Microsoft Windows operating systems. It was able to spread rapidly across
networks and cause significant disruption. Conficker was estimated to have
infected millions of computers worldwide.
• Stuxnet: Stuxnet is a worm that was discovered in 2010 and is believed to
have been designed to target industrial control systems. It is considered one
of the most sophisticated computer worms ever discovered and is believed
to have been created by a nation-state for cyber espionage or cyber warfare
purposes.
 Phishing attacks
• Phishing attacks are a type of cyber attack in which attackers use
social engineering tactics to trick users into tell sensitive
information, such as passwords, usernames, credit card numbers, or
other personal information. The term "phishing" is a play on the
word "fishing," as attackers are attempting to attract users into
taking the bait(food on hook) and providing their information.
• Phishing attacks can take many forms, but they often involve emails
or text messages that appear to be from a legitimate source, such as
a bank, social media platform, or online retailer. These messages
often contain a link to a fake website that looks like the real thing,
but is actually designed to steal user information.
 Cont..
• For example, a phishing email may appear to be from a user's bank and
ask them to click on a link to log in and verify their account information.
The link may lead to a fake website that looks like the bank's website, but
is actually controlled by the attacker. When the user enters their login
credentials, the attacker can steal that information and use it for
fraudulent purposes.
• Another common form of phishing attack is known as spear phishing.
Spear phishing is a more targeted form of phishing in which attackers
research their victims to create messages that are more personalized and
convincing. For example, an attacker may research a company's
employees on social media to create a phishing email that appears to be
from a trusted colleague.
 How to avoid to be victim of Phishing Attack
• To protect against phishing attacks, users should be cautious
of emails or messages that ask them to provide personal
information or click on links. They should also verify the
legitimacy of a website before entering sensitive information
by checking the URL and looking for secure HTTPS
connections. Additionally, users should use two-factor
authentication whenever possible to add an extra layer of
security to their accounts. Organizations should also provide
regular security training to employees to help them identify
and avoid phishing attacks.