0% found this document useful (0 votes)
13 views

Copy of Topic 5 Networks Revision Notes

The document provides an overview of various types of networks, including LANs, WANs, and PANs, highlighting their advantages and disadvantages. It explains the importance of network hardware, protocols, and the Internet's infrastructure, including IP addressing and packet switching. Additionally, it discusses wireless technologies and their impact on network performance, as well as the functions of email protocols and data transmission methods.

Uploaded by

ychitnis13
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
13 views

Copy of Topic 5 Networks Revision Notes

The document provides an overview of various types of networks, including LANs, WANs, and PANs, highlighting their advantages and disadvantages. It explains the importance of network hardware, protocols, and the Internet's infrastructure, including IP addressing and packet switching. Additionally, it discusses wireless technologies and their impact on network performance, as well as the functions of email protocols and data transmission methods.

Uploaded by

ychitnis13
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

- Leased lines are usually rented from phone

Topic 5 Networks
companies
- WANs used by many organisations including:
- Computers can be stand alone or connected to a - Universities with campuses
network - Branches of a bank
- A network consists of 2 or more connected - Government organisations
devices that exchange & share resources
The Internet is the biggest known WAN in the
Network Advantages world, but uses mesh topology
Resources can be shared:
- Files & Data --------------------------------------------------------------------
- Peripherals (hardware ie printers)
- Software licences PAN (Personal Area Network)
Communication - A PAN connects electronic devices within a
- Email / calendars user's immediate area.
- Collaborative working - The size of a PAN ranges from a few
Centralisation centimeters to a few meters.
- Storage & Back up (cloud/server)
- Security (ie deployment of new software updates
- Access to the internet / www / broadband

Network Disadvantages
Impacting the network organisation wide:
Can be vulnerable to:
- Malware
- Network outages
- Dependency on server/cloud
- Need for skilled maintenance
- Purchasing hardware is expensive

--------------------------------------------------------------------

LAN (Local Area Network) Example: The connection between a Bluetooth


A LAN operates on a single site such as a school, earpiece & a smartphone.
hotel or business using their own cabling systems
--------------------------------------------------------------------
WAN (Wide Area Network)
- Two or more networks are connected together to A client-server network LAN
form one network - The server is a powerful computer which provides
-The networks are a large distance apart services or resources required by any of the clients
- A client is a computer which requests the
services or resources provided by the server
- Suitable for organisations - small & large

How client-server communicate LAN


>> Client uses the address of the server to make a
connection • Storage host could be targeted by hackers
>> The client sends a request to the server to • Less control over files
request services from the server • An untrustworthy employee (of the cloud storage
>> The server obtains the address of the client provider) could steal files
once the client makes connection to the server • Reliant on the storage provider for security /
Server then sends requested data/services to the safekeeping
client • Files could be intercepted / corrupted during
upload / download
Advantages:
- Central security (access rights /user names etc) --------------------------------------------------------------------
- Central installation of software
- Central storage Peer-to-peer architecture
- Server performs processing tasks /requests from
client A peer-to-peer network has no central server
- Different servers manage different tasks/services Suitable for a small companies with fewer PCs

Disadvantages:
- Server failure - all users affected
- Require specialist IT staff to administer the
network
- Expensive to set up

--------------------------------------------------------------------

- No central server controls files or security


- All computers can easily see files on all other
Benefits of Cloud Servers computers
1. Storage capacity can be scaled up & down - All computers can communicate with each other
… so no need to buy more secondary storage / without going through a server
only pay for what is used/needed - BUT If a computer is switched off, data cannot be
retrieved
2. Centrally store resources in one place…. rather When used: small user numbers, security not an
than scattered across many secondary storage issue, workstation based applications used
devices
Advantages:
3. Files can be uploaded / downloaded, anytime/ 1.No central server required
anywhere on any device… as long as internet 2. Easy to add extra nodes
connection 3. Each computer can be provider & receiver

4. Can be set up to automatically backup / Disadvantages:


synchronise 1. Node failure - all users affected
2. Difficult to administer
3. Difficult to monitor security
Disadvantages of cloud servers
Network hardware The Internet
Additional hardware is required to connect a
stand-alone computer to a LAN >> Internet Backbone: The high speed data
- A Network Interface Card/Controller (NIC) transmission routes between interconnected
in your computer or device networks
- A router or switch, which provides access
to a local area network >> Can handle high volumes of data traffic,
- A modem is required to connect to the because data can travel via multiple routes
Internet – this is usually combined with the
router inside a single device >> The Internet - world largest mesh topology
- A Wireless Access Point (WAP) connects because it needs to be easily scalable mesh
wireless devices to a network. Many home topology allows this as it is decentralised nodes
wireless access points are part of a router connect with other nodes around them

Router >> Enables it to span a huge geographic area,


- Looks at the destination of packets of data and because additional nodes can be added to
sends them to the network that is closer towards expand coverage
their destination
- A home router will route packets between the >> Self-healing/resilient/allows alternative paths,
home LAN and the Internet which means data will still reach its destination
even if a node or connection fails
Switch
--------------------------------------------------------------------

IP Addressing
The unique identifier when sending /
receiving data packets over the internet
is an IP address
- Switches connect each node (computer) in a
network
IPv4 Addressing
- They know the MAC address of all connected
32 bits / four 8-bit denary numbers (0-255)
computers and devices
separated by dots 72.129.214.16
- When a packet of data arrives, they can send it to
the correct computer
IPv6 Addressing
- Hubs, by comparison will send the data to all
128-bit represented in hex, separated by colons
connected computers
1023:0ef1:0000:0000:34dd:00fe:0189:2233
--------------------------------------------------------------------
Why IPv6 addressing was introduced:
- Running out of IPv4 addresses/the number of
Internet / www
(internet) connected devices has grown
- IPv6 addresses are long/longer than IPv4
The internet is a (global) network of networks of
- The number of possible addresses is large/will
connected devices
last much longer
- The Internet is the largest Wide Area
Network (WAN) in the world
--------------------------------------------------------------------
The www is the collection of web pages/service
Packet switching
accessed using the internet
>> A file is broken up into data ‘packets’
- the www is resources located via URLs
>> Each packet is given a header containing
/domain names
- The sender's IP address
- The receivers IP address
The internet is the infrastructure and the www is a
- The Packet sequence number
service that runs on that infrastructure
- The Checksum
A DNS server translates a web address (URL) into
an IP address
- google.com translates to 216.58.204.35
>> The packets may flow through the Internet via
different routes Processes used to find the IP address of a web
>> Routers forward data packets between server & download a page.
networks & select the best routes
>> Receiver's IP address is needed so the router
can forward on
>> Sender's IP address is needed in case there is
an error in transmission

Reassembling the data


>> Recipients computer re-orders the packets into
the correct order using the packet numbers
>> Each packet is checked for errors
>> Corrupt packets are requested to be resent,
using the sender's IP address

Checksum
>> Checksum algorithm applied to the packet
before it leaves sources computer
>> The source calculated checksum is added to
--------------------------------------------------------------------
the header
>> At the receiving end the checksum algorithm is
Wired Vs Wireless transmissions
reapplied
>> The newly calculated checksum is compared to
Benefits of Wired connection
the sent checksum
- It has greater bandwidth / more bits per second
>> If they don't match a resend request is issued
- The connection does not get worse the further
you are from the router / more reliable
--------------------------------------------------------------------
- Connection does not get obstructed by walls,
ceilings, and furniture
Uniform Resource Locator (URL)
- More secure

Disadvantages of Wired connection


- Installation/maintenance is more complex
- Devices need to be physically connected
- Less portable / limited by length of cable
- Limited number of devices can be connected
- Some digital devices can’t use wired connection
-------------------------------------------------------------------- - Trip hazard

Copper cable
Domain Name Service (DNS) - Widely used in ethernet
- Flexible/ Durable
- Unlikely to have interference
Fibre- optic cable
- More secure
- Less signal degradation
- Greater bandwidth

--------------------------------------------------------------------

Connecting to the internet by creating a network


between smartphone / tablet / devices
Advantage rather than the free Wi-Fi connection: Wi-Fi
- A faster connection speed… because fewer Using Wi-Fi, devices communicate with a wireless
users/devices sharing the bandwidth- access point (WAP), which can be a standalone
- Improved security /stated security issue… device or built into a router or switch
because it uses secure cellular data
connection Benefits : Portable connections
- not on public network & has to approve However - Low bandwidth (compared to wired)
users - More security risks (compared to wired)

Ways that the performance of a wireless network WiFi standards


can be affected by its environment. 802.11b/g/n uses the 2.4GHz frequency
- Wireless networks have shorter range 802.11a/n/ac uses the 5GHz frequency
because of walls/floors can block signal //
solid structures block signals --------------------------------------------------------------------
- Interference from other devices as can
operate on same band frequency Mobile wireless technologies
- Wireless has a low speed as all devices Mobile wireless technologies allow digital networks
must share the bandwidth to be formed
- The more devices connected the more - 3G gave speeds fast enough for basic web
bottlenecks occur as all wanting to share browsing & email
same bandwidth - 4G is much faster & gives speeds capable
of streaming video
Wireless networks transmit data using radio - 5G has speeds comparable to home wired
waves : connections
- Wi-Fi - BlueTooth
- Zigbee - RFID Higher frequencies:
- NFC - More waves per second (carries more data in the
same time)
BUT they are susceptible to interference from - Gives greater bandwidth
objects / nearby electronic / radio devices - More stable & less prone to interference

Wireless Network Interface Cards (WNIC) Benefits of 5G:


Built into every networked device capable of * Give faster responses to communications,
connecting to a wireless network upload/download & sharing
* More reliable & available in more places
Wireless access point * More secure & improved privacy
- A wireless Access Point (WAP) is a device * Better user experience
that allows wireless devices to connect to a * Uses wireless communication
wired network using Wi-Fi
- WAP usually connects to a router via a --------------------------------------------------------------------
wired network

Bluetooth
Bluetooth is common in most homes and offices to Expression to calculate minimum transmission rate
connect devices such as headphones, controllers required to transmit a 250 MiB file in exactly one
- Bluetooth is used typically for a direct hour. There are 3600 seconds in an hour.
connection between two devices

Zigbee
Used for two-way communication between sensors
& control systems
- Short range (10-100m)
- Only used for sending simple data Expression to calculating transfer time
- Ideal for devices with: low cost/power/data A user wishes to download an album of music
usage which is 150 Megabytes in size.
NFC (near Field communication)
How long will this take with a 70 Mbps connection
NFC is used for wireless data transfer between 2 150 MB = 150*8 Mb
devices in very close proximity (<10cm) 150*8 Mb / 70 Mbps = 17 seconds
- No pairing code needed
- NFC chip inside one device activated by a
How long will this take with 300 Mbps connection?
chip in another device
- Small amounts of data can be transferred
150*8 Mb / 300 Mbps = 4 seconds
when held close to each other
- Used in mobile phones/devices to allow --------------------------------------------------------------------
wireless payment methods like apple pay
Transmission over the Internet
-------------------------------------------------------------------- Data is broken into packets & sent across the
internet using different routes
Range
Range is the maximum distance that a signal is
able to reach

Latency
Latency is delay between a signal being sent &
received measured in milliseconds
>> Packets can arrive out of order, so are
Wi-Fi will add slightly more delay than a wired sequenced using the packet number.
- as there is interference >> The checksum ensures all packets have arrived
- also an amount of time to encrypt & decrypt data
Each packet consists of:
Speed
The actual rate of data transfer in a given time, Header Payload Footer
measured in bits per second
- Sender/receiver IP Data Signals the
address end of a
A network has a speed of 19.08 megabits per
- Packet number packet
second. The equivalent speed in bits per second:
19.08 megabits - Checksum
19 080 x1000 kilobits
19 080 000 x 1000 bits (already in bits, so no *8) --------------------------------------------------------------------
Protocols
Bandwidth The set of rules is called a protocol
Measure of the capacity of a network - the amount
of data that can be transferred in a given time, Communication protocols are a set of rules
measured in bits per second governing data transmission between devices:
HTTP (hypertext transfer protocol) is used for
Transmission Rates expressions accessing and receiving web pages via the Internet
- Resends lost messages
HTTPS (secure HTTP) encrypts the information so - IP (Internet Protocol)
that it cannot be understood by an eavesdropper - Routes the individual packets from one IP
address to another
FTP
File Transfer Protocol (FTP) is used for sending or --------------------------------------------------------------------
retrieving files to or from a FTP server
TCP/IP protocol stack
How email works Defines 4 layer stack that enable exchange of data
>> When an email is sent from a computer it will over the Internet
first be sent to a mail server using the SMTP
protocol
>> It is then forwarded on by other SMTP servers
>> When reaches destination mail server its stored
>> The user’s computer uses POP or IMAP to
access the email

SMTP
This is an email protocol used for sending email
Email software Application:
- Interacts with the user
POP & IMAP - Selects & uses the correct protocol to transmit
These email retrieval protocols fetch message data, interacts with the user
data & attachments from your remote mail server ● SMTP,
● IMAP, POP3,
POP (Post-Office Protocol) downloads new ● FTP
message to your local device ● HTTP / HTTPS
- Then delete them from the server
- Useful when limited server storage The Application layer uses the correct protocol to
- Resoves privacy issues correctly display the data, web page or email for
- No CPU issues with synching large amounts of the user
messages
Transport:
IMAP (Internet Message Access Protocol) Splits data into packets, identifies ports,
- Messages reside on the server numbers packets, adds total of packets,
- good if there is limited space on a device checks packet transmission has been achieved
- Messages can be accessed by multiple devices
- Messages are only are removed if the user Transport layer (sending)
deletes them The Transport layer creates the connection
- synced with the mail server in realtime between two computers, or ‘hosts’ using:
TCP (Transmission Control Protocol)
TCP/IP (Transmission Control Protocol)
- Breaks up messages sent over the Internet into - Identifies server & client port to use
small chunks called packets - Divides the data into packets
- Reassembles the packets at the other end - Numbers the packets
- Detects errors (checksum) - Adds the total number of packets
- Sets up communication between hosts - Senders and receivers using different software
/ Establishes end to end comms and hardware can communicate using the same
- Passes the packets to the network layer layer protocols

Transport layer (receiving) --------------------------------------------------------------------


Topologies have an affect on:
- Checks packets have arrived ● Performance
- using the checksum ● Scalability
- Determines if content is correct ● Reliability
- Requests resending of lost/damage packets ● Security
- Reassembles packets into correct order --------------------------------------------------------------------
- Passes to reassembled packets to the
application layer Star topology

Network layer (sending)


The Network layer is responsible for routing
packets
- Routers operate on this layer
- Uses Internet Protocol (IP)
- Adds source/destination IP address
- Establishes sockets
(IP address followed by a port number)
- Routes packets - moves packets onto next
network node Each device has a physical attachment to a routing
device - the switch
Network layer (receiving)
• Strips source/destination IP addresses Star Advantages
• Passes the packet to the transport/next layer ● Easy to connect / remove nodes
• Adds/removes packet headers ● Fast data transfer to the switch as each wire
isn’t shared
Data Link layer (sending) ● Easy to detect failures of a node
Controls physical connections between pieces of ● If one cable fails the other computers are
hardware not affected

• Adds MAC addresses to the packets Star Disadvantages


• Sends the packets on their way ● Performance/number of nodes depends on
• Adds headers and trailers the switch capability
● Requires additional hardware - central
Protocols Used : switch & network cables
● MAC (Media Access Control) ● If the central switch fails the whole network
● Ethernet goes down
● Wi-Fi
--------------------------------------------------------------------
Data Link layer (receiving)
The link layer removes the MAC address and Bus topology
passes packets up to the Internet layer

Advantages of layers
- Layers are self-contained
- Functionality of one layer can be changed without
affecting the functionality of other layers
In a bus topology, computers and other devices are
all connected to a central coaxial cable
Ring Disadvantages
Terminators are placed at each end of the cable to ● if any of the nodes fail, the ring is broken
absorb signals and prevent them reflecting down and data cannot be transmitted
the cable ● it is difficult to troubleshoot a ring network
topology
Bus Advantages ● because all nodes are wired together, the
● Less cable so cheaper to install the network network must be temporarily stopped to add
● Easier to plan/set/maintain additional nodes
● Easier to add / remove devices
--------------------------------------------------------------------
Bus Disadvantages
● The single cable is shared by many devices Mesh
so there will be many ‘collisions’ of data if Nodes act as routers for data in order to relay &
data is sent at the same time send data in the network
● Network performance degrades as more
devices are added
● If the main cable is damaged, the whole
network fails
● Any device can view all data on the cable
creating a security risk

--------------------------------------------------------------------

Ring topology
Data is sent around the ring, passed from one node
to the next until it reaches its destination.
A partial mesh network is usually used, often in
conjunction with star topologies to create larger
networks

The Internet is highly complex as it combines many


Ring Advantages networks together, but many parts operate as a
● Transfer rates are quick no network partial mesh
collisions
● Adding additional nodes has very little Wireless mesh networks
impact on bandwidth Only one node needs a wired Internet connection
● No need for switch/hub as not routed – no other cabling or infrastructure is required
directly to a node. Packets are passed node
to node
● Easy to add addition workstations Mesh Advantages
● Easy to find faults (as all tokens end up at ● No single point of failure – it is resilient
one workstation) ● Expansion and modification can be done
● Cheap to set up as minimal cabling without disrupting the network
● Data can be transmitted from different sticks
devices simultaneously - that may infect a network with malware
- The hacker would then be able to gain access to
Mesh Disadvantages information from the network.
● Can involve redundant connections
● Expensive to install --------------------------------------------------------------------
● Needs more cabling if using wired
connections Digital device attacks
● Higher power consumption Digital devices like webcams & DVD’s can be used
● Network maintenance harder to maintain in a cyberattack.
- They become part of a botnet - a collection of
-------------------------------------------------------------------- devices connected via the internet which have
been infected by malware.
Network Vulnerabilities - Hackers can use these devices to attack global
A network vulnerability is a weakness that can be organisations.
exploited by a criminal to gain unauthorised
access to resources & information. --------------------------------------------------------------------

Eavesdropping Distributed Denial of Service (DDoS)


Data may be intercepted during transmission over
a network
- Eavesdropping is when a hacker intercepts data
being sent to or from a network to a device or
another network.
- Packet sniffing
- Man in the middle
- Wireless eavesdropping

>> A malicious attempt to disrupt normal traffic of a


targeted server
>> Floods server with requests the server can’t
respond fast enough so slows down or goes offline
>> Uses multiple interconnected devices in
different locations to establish a botnet
>> Attacker directs attack -sends remote
instructions to each bot to send requests to the
targeted IP address
>> Firewall ( hard to distinguish bots )

--------------------------------------------------------------------

Software Vulnerabilities Hacking


Unpatched software – if software / security People who misuse computers are known
updates are not installed then the software will be as hackers
vulnerable - Hackers will use automated or manual
Out-of-date anti-malware attempts to access programs or data
Example - antivirus isn’t regularly updated it won’t
be able to detect the latest viruses Protect by: Firewall used to block access by
unauthorised devices
--------------------------------------------------------------------
--------------------------------------------------------------------
Malicious USB devices
- many of which look like normal USB memory Brute force attacks
A brute force attack is a hacking method that uses Type of malware that encrypts the hard drive of a
trial & error to crack passwords, login credentials & computer
encryption keys. - The user is unable to read any files
- Can be carried out manually or on the computer or run any programs
automatically by software - They need to pay a ransom, usually
by a cryptocurrency such
Protect by: Strong passwords, two step verification, as bitcoin
set limit for number of attempts, drop down boxes
Protect by: Anti-malware , regular back-ups
--------------------------------------------------------------------
--------------------------------------------------------------------
Malware
Malware are executable programs that run on a Social engineering
computer Social engineering is the ability to obtain
confidential information by tricking people
Computer viruses infect computers
- replicate their code in other programs,
however needs a host to do this
- harm the computer by deleting, corrupting
or modifying files
A worm replicates itself in order to spread to other
computers without a host
- They might cause no damage to the
attacked computers
- They slow down networks and computers
Shoulder surfing
Trojan horses disguised as program, game or A hacker / person spies on a user on an electronic
cracked file / email which is something the user device to gain information on:
wants - Personal identification details
- Has negative program code which - Passwords
causes damage, takes control, or provides - Login details
access to the computer - Sensitive information
How?
Protect by: Anti-virus, however ensuring regular - Looking over someone's shoulder at ATM
updates - Watching someone type their password into
computer
-------------------------------------------------------------------- - Sending Phishing email
- Pharming
Spyware
Spyware is a type of malware that gathers Protect by:
information about users - passwords, payment - tilt the screen away from possible viewers/position
details yourself with your back to a wall … to ensure no
- The information is then sent to a hacker one can see the screen
who is able to misuse it - shield your screen/keypad/keyboard when
- The spyware may be hidden inside an app, entering (sensitive/personal) information … to stop
software, file attachment or malicious people seeing/memorising passwords/ sensitive
website item/sensitive/personal information
- use long/strong passwords … to prevent
Protect by: Anti-malware, Anti-spyware onlookers memorising them as you type
- use a screen/privacy filter… as it will prevent
-------------------------------------------------------------------- anyone not sitting directly in front of the screen
from reading the display
--------------------------------------------------------------------
Ransomware
Pharming Preventing vulnerabilities
A form of cyber attack that redirects a user from a
genuine website to a fake one Penetration testing
- The user types in the url and is redirected to ‘Pen’ testing is the practice of deliberately trying to
the fake website find security vulnerabilities in your own systems
- The malware installation file must be The goal of penetration testing is to:
executed first, and then it can run on the - identify the targets of potential cyber attacks
computer after every reboot - identify possible entry points
- attempt to break in
Protect by: Check urls, using HTTPS, using - report back the findings
trusted ISP --------------------------------------------------------------------

-------------------------------------------------------------------- White box penetration testing


Testing simulates a malicious insider with
Phishing knowledge of the system
Phishing is a type of social engineering technique - They will have permission to try to find
Emails, texts or phone calls are sent to users weaknesses in the computer systems
commonly pretending to be from a bank or website - They may have basic credentials such as a
username and password for the target
system
- They will be given network and system
information to help target possible attacks
--------------------------------------------------------------------

Black box penetration testing


Testing simulates an external hacking or cyber
warfare attack
- The company or engineer trying to find
Will try to get personal information: weaknesses in the system has no inside
● Usernames knowledge of the target system such as
● Passwords passwords or layout of the network
● Credit cards details structure
- This simulates the damage that
What to look out for: someone with no inside
Greeting: The phishers don’t know your name – knowledge could do
just your email address, so the greeting is not
personalised --------------------------------------------------------------------
The sender’s address is often a variation on a
genuine address Ethical hacking
Forged link: The link looks genuine, but the URL Hacking is often associated with illegal activities,
attached to it may not link to the website given. Roll however, this is not always the case
your mouse over it to check
Request for personal information: Genuine ● Black hat hacking is unethical - involves a
organisations never do this hacker gaining unauthorised access to a
Sense of urgency: Criminals try to persuade you computer system or data
that something bad will happen if you don’t act fast ● White hat hacking has the permission of
Poor spelling, grammar and tone the owner of the computer system or data.
● If they find any security holes, they will
Protect by: Network policy, firewall, user inform the organisation and help them to fix
awareness of phishing clues the problem

--------------------------------------------------------------------
Benefits of Ethical hacking
• Ethical hackers are white hat hackers Modular Testing
• Attempt to access the network as a hacker does Testing individual sections of code to ensure that
• Don’t attempt to change or steal data they work as expected & don’t contain security
• Looking for weaknesses in the network issues before they are added to the rest of the
• Weakness pointed out system
• Weaknesses fixed
• Could be employed by the business --------------------------------------------------------------------
• Could work for another specialist company
• Can include penetration testing Commercial analysis tools
Software is used to find weaknesses in a network
-------------------------------------------------------------------- Can be configured to check for a range of
weaknesses
Audit trails - Results/reports generated identifying faults
Audit trails are a record of activities that have taken Weaknesses fixed
place on a computer system
- Automatic record of who changed what and --------------------------------------------------------------------
when
- Identifies suspicious/malicious User policies
activity/changes Collection of rules & guidelines that govern the
- Identifies the point at which errors /security behaviours of network devices / users. Typically
issues occurred covers:
- Enables programs to be rolled back to ● Access controls
previous state ● Password requirements
- Improves accountability ● Info on audit trail requirements
-------------------------------------------------------------------- ● Info on how/when patches should be
applied
Design Stages: ● How security is set up and maintained
Protecting Systems when writing Code ● Review scheduling
It is important to think about security at the design ● Need reviewing because:
stage of a software package as this may stop some - Changes in new laws & regulations
cyber attacks being possible. - changes in requirements means
security is compromised
● What threats is the software likely to face?
● Does the software need security features --------------------------------------------------------------------
like usernames / passwords, or will security
be provided by the network in some other Firewalls
way? Separate a trusted network from an untrusted
● How will patches be installed? network (normally the Internet)
● Should the software use encryption? - Data is sent around a network in small
● Does the system need to create an audit packets of information
trail? - These packets are checked to see where
they are coming from and going to
-------------------------------------------------------------------- - Packets that don’t match filtering rules are
dropped, known as a packet filter
Code review - Firewalls can be run on dedicated hardware or as
Carried out by programmers /software specialist software
Can identify/remove code security vulnerability
- Can highlight where there is unpatched Firewall features:
software ● Monitors in / out traffic using a set of rule:
- Checks efficiency of code / bad ● authorised/unauthorised: computers,
programming practices addresses, protocols
● Can block certain malicious computers by
-------------------------------------------------------------------- filtering
packets from a certain IP (Internet Protocol) User access levels
address Access rights may be set on disks, folders and
● Can prevent access to certain ports on the even individual files
network.
This is known as port blocking 1. Read: allows user to open the file and read
● Malicious or inappropriate websites can be the contents.
blocked 2. Write: allows user to modify contents, write
● Dedicated hardware firewalls are expensive data to the file or delete the file.
● Software firewalls will slow down a 3. Execute: allows user to execute the
computer instructions in a file (such as a .exe file).

-------------------------------------------------------------------- --------------------------------------------------------------------

Access control Biometric authentication

Usernames & passwords are one of the most Biometrics measure a person’s physical
important ways of protecting computers/servers characteristics to verify their identity
- They prevent unauthorised people from
using the system Biometric methods include:
- They also apply the correct access ● Facial recognition
permissions to the user’s account ● Finger print scanning
● Retinal scans
-------------------------------------------------------------------- ● Voice recognition

Password policies --------------------------------------------------------------------

Strong passwords: Physical security


● Minimum length of characters
● Include at least one lowercase letter Physical security is where hardware, software and
● Include at least one uppercase letter networks are protected by physical methods
● Include at least one symbol
● Change password every month 1. (Electronic/combination) lock on doors
● Should not be: 2. Swipe/key cards/biometrics
○ Names of family, friends or pets 3. Security guards/security patrol
○ Dictionary words or place names 4. CCTV cameras / surveillance technology
○ Holiday destinations 5. Asset tagging/marking

-------------------------------------------------------------------- --------------------------------------------------------------------

Multi-factor Authentication Securing operating systems


A user needs to provide two or more independent The methods & practices used to protect an
credentials to verify their identity before gaining operating system from unauthorized access,
access to a system, account, or resource. vulnerabilities, and potential attacks.
- Enhances security by ensuring that access
is granted only when multiple forms of ● Applying updates and patches: Regularly
verification are met. updating the OS to fix known security
vulnerabilities.
● Setting up user permissions: Configuring
different access levels for users to control
who can access specific data or system
functions.
● Using antivirus and anti-malware
-------------------------------------------------------------------- software: Installing software to detect and
prevent malicious programs from
compromising the OS.
● Configuring firewalls: Setting up firewalls
to monitor and control incoming and
outgoing network traffic.
● Using strong authentication methods:
Enforcing strong passwords and, if
available, multi-factor authentication to
reduce the risk of unauthorized access.

--------------------------------------------------------------------

Cloud storage security protection:

Users should:
1. Choose strong authentication credentials
(username/password)
2. Not share credentials
3. Not have automatic login to cloud / leaving
machine unattended
4. Changing password regularly
5. Password protect documents

Cloud storage provider should:


1. Infrastructure (e.g. firewall/servers) must be
secure from unauthorised access
2. Keeping their security software up to date
3. Policy and procedures effective in preventing an
insider attack / a data breach
4. Data protection laws in the resident country must
be obeyed
5. Backup and restore procedures
6. Use encryption

You might also like