- Leased lines are usually rented from phone

Topic 5 Networks
companies
- WANs used by many organisations including:
- Computers can be stand alone or connected to a - Universities with campuses
network - Branches of a bank
- A network consists of 2 or more connected - Government organisations
devices that exchange & share resources
The Internet is the biggest known WAN in the
Network Advantages world, but uses mesh topology
Resources can be shared:
- Files & Data --------------------------------------------------------------------
- Peripherals (hardware ie printers)
- Software licences PAN (Personal Area Network)
Communication - A PAN connects electronic devices within a
- Email / calendars user's immediate area.
- Collaborative working - The size of a PAN ranges from a few
Centralisation centimeters to a few meters.
- Storage & Back up (cloud/server)
- Security (ie deployment of new software updates
- Access to the internet / www / broadband

Network Disadvantages
Impacting the network organisation wide:
Can be vulnerable to:
- Malware
- Network outages
- Dependency on server/cloud
- Need for skilled maintenance
- Purchasing hardware is expensive

--------------------------------------------------------------------

LAN (Local Area Network) Example: The connection between a Bluetooth

A LAN operates on a single site such as a school,
hotel or business using their own cabling systems
WAN (Wide Area Network)
- Two or more networks are connected together to
form one network
-The networks are a large distance apart
earpiece & a smartphone.
--------------------------------------------------------------------
A client-server network LAN
- The server is a powerful computer which provides
services or resources required by any of the clients
- A client is a computer which requests the
services or resources provided by the server
- Suitable for organisations - small & large

How client-server communicate LAN

>> Client uses the address of the server to make a
connection
>> The client sends a request to the server to
request services from the server
>> The server obtains the address of the client
once the client makes connection to the server
Server then sends requested data/services to the
client
Advantages:
- Central security (access rights /user names etc)
- Central installation of software
- Central storage
- Server performs processing tasks /requests from
client
- Different servers manage different tasks/services
Disadvantages:
- Server failure - all users affected
- Require specialist IT staff to administer the
network
- Expensive to set up
--------------------------------------------------------------------
Benefits of Cloud Servers
1. Storage capacity can be scaled up & down
… so no need to buy more secondary storage /
only pay for what is used/needed
2. Centrally store resources in one place…. rather
than scattered across many secondary storage
devices
3. Files can be uploaded / downloaded, anytime/
anywhere on any device… as long as internet
connection
4. Can be set up to automatically backup /
synchronise
Disadvantages of cloud servers
• Storage host could be targeted by hackers
• Less control over files
• An untrustworthy employee (of the cloud storage
provider) could steal files
• Reliant on the storage provider for security /
safekeeping
• Files could be intercepted / corrupted during
upload / download
--------------------------------------------------------------------
Peer-to-peer architecture
A peer-to-peer network has no central server
Suitable for a small companies with fewer PCs
- No central server controls files or security
- All computers can easily see files on all other
computers
- All computers can communicate with each other
without going through a server
- BUT If a computer is switched off, data cannot be
retrieved
When used: small user numbers, security not an
issue, workstation based applications used
Advantages:
1.No central server required
2. Easy to add extra nodes
3. Each computer can be provider & receiver
Disadvantages:
1. Node failure - all users affected
2. Difficult to administer
3. Difficult to monitor security
Network hardware
Additional hardware is required to connect a
stand-alone computer to a LAN
- A Network Interface Card/Controller (NIC)
in your computer or device
- A router or switch, which provides access
to a local area network
- A modem is required to connect to the
Internet – this is usually combined with the
router inside a single device
- A Wireless Access Point (WAP) connects
wireless devices to a network. Many home
wireless access points are part of a router
Router
- Looks at the destination of packets of data and
sends them to the network that is closer towards
their destination
- A home router will route packets between the
home LAN and the Internet
Switch
- Switches connect each node (computer) in a
network
- They know the MAC address of all connected
computers and devices
- When a packet of data arrives, they can send it to
the correct computer
- Hubs, by comparison will send the data to all
connected computers
--------------------------------------------------------------------
Internet / www
The internet is a (global) network of networks of
connected devices
- The Internet is the largest Wide Area
Network (WAN) in the world
The www is the collection of web pages/service
accessed using the internet
- the www is resources located via URLs
/domain names
The internet is the infrastructure and the www is a
service that runs on that infrastructure
The Internet
>> Internet Backbone: The high speed data
transmission routes between interconnected
networks
>> Can handle high volumes of data traffic,
because data can travel via multiple routes
>> The Internet - world largest mesh topology
because it needs to be easily scalable mesh
topology allows this as it is decentralised nodes
connect with other nodes around them
>> Enables it to span a huge geographic area,
because additional nodes can be added to
expand coverage
>> Self-healing/resilient/allows alternative paths,
which means data will still reach its destination
even if a node or connection fails
--------------------------------------------------------------------
IP Addressing
The unique identifier when sending /
receiving data packets over the internet
is an IP address
IPv4 Addressing
32 bits / four 8-bit denary numbers (0-255)
separated by dots 72.129.214.16
IPv6 Addressing
128-bit represented in hex, separated by colons
1023:0ef1:0000:0000:34dd:00fe:0189:2233
Why IPv6 addressing was introduced:
- Running out of IPv4 addresses/the number of
(internet) connected devices has grown
- IPv6 addresses are long/longer than IPv4
- The number of possible addresses is large/will
last much longer
--------------------------------------------------------------------
Packet switching
>> A file is broken up into data ‘packets’
>> Each packet is given a header containing
- The sender's IP address
- The receivers IP address
- The Packet sequence number
- The Checksum
 A DNS server translates a web address (URL) into
an IP address
- google.com translates to 216.58.204.35
>> The packets may flow through the Internet via
different routes Processes used to find the IP address of a web
>> Routers forward data packets between server & download a page.
networks & select the best routes
>> Receiver's IP address is needed so the router
can forward on
>> Sender's IP address is needed in case there is
an error in transmission

Reassembling the data

>> Recipients computer re-orders the packets into
the correct order using the packet numbers
>> Each packet is checked for errors
>> Corrupt packets are requested to be resent,
using the sender's IP address

Checksum
>> Checksum algorithm applied to the packet
before it leaves sources computer
>> The source calculated checksum is added to
--------------------------------------------------------------------
the header
>> At the receiving end the checksum algorithm is
Wired Vs Wireless transmissions
reapplied
>> The newly calculated checksum is compared to
Benefits of Wired connection
the sent checksum
- It has greater bandwidth / more bits per second
>> If they don't match a resend request is issued
- The connection does not get worse the further
you are from the router / more reliable
--------------------------------------------------------------------
- Connection does not get obstructed by walls,
ceilings, and furniture
Uniform Resource Locator (URL)
- More secure

Disadvantages of Wired connection

--------------------------------------------------------------------
- Installation/maintenance is more complex
- Devices need to be physically connected
- Less portable / limited by length of cable
- Limited number of devices can be connected
- Some digital devices can’t use wired connection
- Trip hazard

Copper cable
Domain Name Service (DNS) - Widely used in ethernet
 - Flexible/ Durable
- Unlikely to have interference
Fibre- optic cable
- More secure
- Less signal degradation
- Greater bandwidth
--------------------------------------------------------------------
Connecting to the internet by creating a network
between smartphone / tablet / devices
Advantage rather than the free Wi-Fi connection:
- A faster connection speed… because fewer
users/devices sharing the bandwidth-
- Improved security /stated security issue…
because it uses secure cellular data
connection
- not on public network & has to approve
users
Ways that the performance of a wireless network
can be affected by its environment.
- Wireless networks have shorter range
because of walls/floors can block signal //
solid structures block signals
- Interference from other devices as can
operate on same band frequency
- Wireless has a low speed as all devices
must share the bandwidth
- The more devices connected the more
bottlenecks occur as all wanting to share
same bandwidth
Wireless networks transmit data using radio
waves :
- Wi-Fi - BlueTooth
- Zigbee - RFID
- NFC
BUT they are susceptible to interference from
objects / nearby electronic / radio devices
Wireless Network Interface Cards (WNIC)
Built into every networked device capable of
connecting to a wireless network
Wireless access point
- A wireless Access Point (WAP) is a device
that allows wireless devices to connect to a
wired network using Wi-Fi
- WAP usually connects to a router via a
wired network
Wi-Fi
Using Wi-Fi, devices communicate with a wireless
access point (WAP), which can be a standalone
device or built into a router or switch
Benefits : Portable connections
However - Low bandwidth (compared to wired)
- More security risks (compared to wired)
WiFi standards
802.11b/g/n uses the 2.4GHz frequency
802.11a/n/ac uses the 5GHz frequency
--------------------------------------------------------------------
Mobile wireless technologies
Mobile wireless technologies allow digital networks
to be formed
- 3G gave speeds fast enough for basic web
browsing & email
- 4G is much faster & gives speeds capable
of streaming video
- 5G has speeds comparable to home wired
connections
Higher frequencies:
- More waves per second (carries more data in the
same time)
- Gives greater bandwidth
- More stable & less prone to interference
Benefits of 5G:
* Give faster responses to communications,
upload/download & sharing
* More reliable & available in more places
* More secure & improved privacy
* Better user experience
* Uses wireless communication
--------------------------------------------------------------------
Bluetooth
Bluetooth is common in most homes and offices to Expression to calculate minimum transmission rate
connect devices such as headphones, controllers required to transmit a 250 MiB file in exactly one
- Bluetooth is used typically for a direct hour. There are 3600 seconds in an hour.
connection between two devices

Zigbee
Used for two-way communication between sensors
& control systems
- Short range (10-100m)
- Only used for sending simple data Expression to calculating transfer time
- Ideal for devices with: low cost/power/data A user wishes to download an album of music
usage which is 150 Megabytes in size.
NFC (near Field communication)
How long will this take with a 70 Mbps connection
NFC is used for wireless data transfer between 2 150 MB = 150*8 Mb
devices in very close proximity (<10cm) 150*8 Mb / 70 Mbps = 17 seconds
- No pairing code needed
- NFC chip inside one device activated by a
How long will this take with 300 Mbps connection?
chip in another device
- Small amounts of data can be transferred
150*8 Mb / 300 Mbps = 4 seconds
when held close to each other
- Used in mobile phones/devices to allow --------------------------------------------------------------------
wireless payment methods like apple pay
Transmission over the Internet
-------------------------------------------------------------------- Data is broken into packets & sent across the
internet using different routes
Range
Range is the maximum distance that a signal is
able to reach

Latency
Latency is delay between a signal being sent &
received measured in milliseconds
>> Packets can arrive out of order, so are
Wi-Fi will add slightly more delay than a wired sequenced using the packet number.
- as there is interference >> The checksum ensures all packets have arrived
- also an amount of time to encrypt & decrypt data
Each packet consists of:
Speed
The actual rate of data transfer in a given time, Header Payload Footer
measured in bits per second
- Sender/receiver IP Data Signals the
address end of a
A network has a speed of 19.08 megabits per
- Packet number packet
second. The equivalent speed in bits per second:
19.08 megabits - Checksum
19 080 x1000 kilobits
19 080 000 x 1000 bits (already in bits, so no *8) --------------------------------------------------------------------
Protocols
Bandwidth The set of rules is called a protocol
Measure of the capacity of a network - the amount
of data that can be transferred in a given time, Communication protocols are a set of rules
measured in bits per second governing data transmission between devices:
HTTP (hypertext transfer protocol) is used for
Transmission Rates expressions accessing and receiving web pages via the Internet

HTTPS (secure HTTP) encrypts the information so
that it cannot be understood by an eavesdropper
FTP
File Transfer Protocol (FTP) is used for sending or
retrieving files to or from a FTP server
How email works
>> When an email is sent from a computer it will
first be sent to a mail server using the SMTP
protocol
>> It is then forwarded on by other SMTP servers
>> When reaches destination mail server its stored
>> The user’s computer uses POP or IMAP to
access the email
SMTP
This is an email protocol used for sending email
Email software
POP & IMAP
These email retrieval protocols fetch message
data & attachments from your remote mail server
POP (Post-Office Protocol) downloads new
message to your local device
- Then delete them from the server
- Useful when limited server storage
- Resoves privacy issues
- No CPU issues with synching large amounts of
messages
IMAP (Internet Message Access Protocol)
- Messages reside on the server
- good if there is limited space on a device
- Messages can be accessed by multiple devices
- Messages are only are removed if the user
deletes them
- synced with the mail server in realtime
TCP/IP (Transmission Control Protocol)
- Breaks up messages sent over the Internet into
small chunks called packets
- Reassembles the packets at the other end
- Detects errors (checksum)
- Resends lost messages
- IP (Internet Protocol)
- Routes the individual packets from one IP
address to another
--------------------------------------------------------------------
TCP/IP protocol stack
Defines 4 layer stack that enable exchange of data
over the Internet
Application:
- Interacts with the user
- Selects & uses the correct protocol to transmit
data, interacts with the user
● SMTP,
● IMAP, POP3,
● FTP
● HTTP / HTTPS
The Application layer uses the correct protocol to
correctly display the data, web page or email for
the user
Transport:
Splits data into packets, identifies ports,
numbers packets, adds total of packets,
checks packet transmission has been achieved
Transport layer (sending)
The Transport layer creates the connection
between two computers, or ‘hosts’ using:
TCP (Transmission Control Protocol)
- Identifies server & client port to use
- Divides the data into packets
- Numbers the packets
- Adds the total number of packets
- Sets up communication between hosts - Senders and receivers using different software
/ Establishes end to end comms and hardware can communicate using the same
- Passes the packets to the network layer layer protocols

Transport layer (receiving) --------------------------------------------------------------------

Topologies have an affect on:
- Checks packets have arrived ● Performance
- using the checksum ● Scalability
- Determines if content is correct ● Reliability
- Requests resending of lost/damage packets ● Security
- Reassembles packets into correct order --------------------------------------------------------------------
- Passes to reassembled packets to the
application layer Star topology

Network layer (sending)

The Network layer is responsible for routing
packets
- Routers operate on this layer
- Uses Internet Protocol (IP)
- Adds source/destination IP address
- Establishes sockets
(IP address followed by a port number)
- Routes packets - moves packets onto next
network node Each device has a physical attachment to a routing
device - the switch
Network layer (receiving)
• Strips source/destination IP addresses Star Advantages
• Passes the packet to the transport/next layer ● Easy to connect / remove nodes
• Adds/removes packet headers ● Fast data transfer to the switch as each wire
isn’t shared
Data Link layer (sending) ● Easy to detect failures of a node
Controls physical connections between pieces of ● If one cable fails the other computers are
hardware not affected

• Adds MAC addresses to the packets Star Disadvantages

• Sends the packets on their way
• Adds headers and trailers
Protocols Used :
● MAC (Media Access Control)
● Ethernet
● Wi-Fi
Data Link layer (receiving)
The link layer removes the MAC address and
passes packets up to the Internet layer
● Performance/number of nodes depends on
the switch capability
● Requires additional hardware - central
switch & network cables
● If the central switch fails the whole network
goes down
--------------------------------------------------------------------
Bus topology

Advantages of layers
- Layers are self-contained
- Functionality of one layer can be changed without
affecting the functionality of other layers
In a bus topology, computers and other devices are
all connected to a central coaxial cable
Ring Disadvantages
Terminators are placed at each end of the cable to ● if any of the nodes fail, the ring is broken
absorb signals and prevent them reflecting down and data cannot be transmitted
the cable ● it is difficult to troubleshoot a ring network
topology
Bus Advantages ● because all nodes are wired together, the
● Less cable so cheaper to install the network network must be temporarily stopped to add
● Easier to plan/set/maintain additional nodes
● Easier to add / remove devices
--------------------------------------------------------------------
Bus Disadvantages
● The single cable is shared by many devices Mesh
so there will be many ‘collisions’ of data if Nodes act as routers for data in order to relay &
data is sent at the same time send data in the network
● Network performance degrades as more
devices are added
● If the main cable is damaged, the whole
network fails
● Any device can view all data on the cable
creating a security risk

--------------------------------------------------------------------

Ring topology
Data is sent around the ring, passed from one node
to the next until it reaches its destination.
A partial mesh network is usually used, often in
conjunction with star topologies to create larger
networks

The Internet is highly complex as it combines many

Ring Advantages
● Transfer rates are quick no network
collisions
● Adding additional nodes has very little
impact on bandwidth
● No need for switch/hub as not routed
directly to a node. Packets are passed node
to node
● Easy to add addition workstations
● Easy to find faults (as all tokens end up at
one workstation)
● Cheap to set up as minimal cabling
networks together, but many parts operate as a
partial mesh
Wireless mesh networks
Only one node needs a wired Internet connection
– no other cabling or infrastructure is required
Mesh Advantages
● No single point of failure – it is resilient
● Expansion and modification can be done
without disrupting the network
 ● Data can be transmitted from different
devices simultaneously
Mesh Disadvantages
● Can involve redundant connections
● Expensive to install
● Needs more cabling if using wired
connections
● Higher power consumption
● Network maintenance harder to maintain
--------------------------------------------------------------------
Network Vulnerabilities
A network vulnerability is a weakness that can be
exploited by a criminal to gain unauthorised
access to resources & information.
sticks
- that may infect a network with malware
- The hacker would then be able to gain access to
information from the network.
--------------------------------------------------------------------
Digital device attacks
Digital devices like webcams & DVD’s can be used
in a cyberattack.
- They become part of a botnet - a collection of
devices connected via the internet which have
been infected by malware.
- Hackers can use these devices to attack global
organisations.
--------------------------------------------------------------------

Eavesdropping Distributed Denial of Service (DDoS)

Data may be intercepted during transmission over
a network
- Eavesdropping is when a hacker intercepts data
being sent to or from a network to a device or
another network.
- Packet sniffing
- Man in the middle
- Wireless eavesdropping

>> A malicious attempt to disrupt normal traffic of a

targeted server
>> Floods server with requests the server can’t
respond fast enough so slows down or goes offline
>> Uses multiple interconnected devices in
different locations to establish a botnet
>> Attacker directs attack -sends remote
instructions to each bot to send requests to the
targeted IP address
>> Firewall ( hard to distinguish bots )

--------------------------------------------------------------------

Software Vulnerabilities Hacking

Unpatched software – if software / security
updates are not installed then the software will be
vulnerable
Out-of-date anti-malware
Example - antivirus isn’t regularly updated it won’t
be able to detect the latest viruses
--------------------------------------------------------------------
Malicious USB devices
- many of which look like normal USB memory
People who misuse computers are known
as hackers
- Hackers will use automated or manual
attempts to access programs or data
Protect by: Firewall used to block access by
unauthorised devices
--------------------------------------------------------------------
Brute force attacks
A brute force attack is a hacking method that uses
trial & error to crack passwords, login credentials &
encryption keys.
- Can be carried out manually or
automatically by software
Protect by: Strong passwords, two step verification,
set limit for number of attempts, drop down boxes
--------------------------------------------------------------------
Malware
Malware are executable programs that run on a
computer
Computer viruses infect computers
- replicate their code in other programs,
however needs a host to do this
- harm the computer by deleting, corrupting
or modifying files
A worm replicates itself in order to spread to other
computers without a host
- They might cause no damage to the
attacked computers
- They slow down networks and computers
Trojan horses disguised as program, game or
cracked file / email which is something the user
wants
- Has negative program code which
causes damage, takes control, or provides
access to the computer
Protect by: Anti-virus, however ensuring regular
updates
--------------------------------------------------------------------
Spyware
Spyware is a type of malware that gathers
information about users - passwords, payment
details
- The information is then sent to a hacker
who is able to misuse it
- The spyware may be hidden inside an app,
software, file attachment or malicious
website
Protect by: Anti-malware, Anti-spyware
--------------------------------------------------------------------
Ransomware
Type of malware that encrypts the hard drive of a
computer
- The user is unable to read any files
on the computer or run any programs
- They need to pay a ransom, usually
by a cryptocurrency such
as bitcoin
Protect by: Anti-malware , regular back-ups
--------------------------------------------------------------------
Social engineering
Social engineering is the ability to obtain
confidential information by tricking people
Shoulder surfing
A hacker / person spies on a user on an electronic
device to gain information on:
- Personal identification details
- Passwords
- Login details
- Sensitive information
How?
- Looking over someone's shoulder at ATM
- Watching someone type their password into
computer
- Sending Phishing email
- Pharming
Protect by:
- tilt the screen away from possible viewers/position
yourself with your back to a wall … to ensure no
one can see the screen
- shield your screen/keypad/keyboard when
entering (sensitive/personal) information … to stop
people seeing/memorising passwords/ sensitive
item/sensitive/personal information
- use long/strong passwords … to prevent
onlookers memorising them as you type
- use a screen/privacy filter… as it will prevent
anyone not sitting directly in front of the screen
from reading the display
--------------------------------------------------------------------
Pharming
A form of cyber attack that redirects a user from a
genuine website to a fake one
- The user types in the url and is redirected to
the fake website
- The malware installation file must be
executed first, and then it can run on the
computer after every reboot
Protect by: Check urls, using HTTPS, using
trusted ISP
--------------------------------------------------------------------
Phishing
Phishing is a type of social engineering technique
Emails, texts or phone calls are sent to users
commonly pretending to be from a bank or website
Will try to get personal information:
● Usernames
● Passwords
● Credit cards details
What to look out for:
Greeting: The phishers don’t know your name –
just your email address, so the greeting is not
personalised
The sender’s address is often a variation on a
genuine address
Forged link: The link looks genuine, but the URL
attached to it may not link to the website given. Roll
your mouse over it to check
Request for personal information: Genuine
organisations never do this
Sense of urgency: Criminals try to persuade you
that something bad will happen if you don’t act fast
Poor spelling, grammar and tone
Protect by: Network policy, firewall, user
awareness of phishing clues
--------------------------------------------------------------------
Preventing vulnerabilities
Penetration testing
‘Pen’ testing is the practice of deliberately trying to
find security vulnerabilities in your own systems
The goal of penetration testing is to:
- identify the targets of potential cyber attacks
- identify possible entry points
- attempt to break in
- report back the findings
--------------------------------------------------------------------
White box penetration testing
Testing simulates a malicious insider with
knowledge of the system
- They will have permission to try to find
weaknesses in the computer systems
- They may have basic credentials such as a
username and password for the target
system
- They will be given network and system
information to help target possible attacks
--------------------------------------------------------------------
Black box penetration testing
Testing simulates an external hacking or cyber
warfare attack
- The company or engineer trying to find
weaknesses in the system has no inside
knowledge of the target system such as
passwords or layout of the network
structure
- This simulates the damage that
someone with no inside
knowledge could do
--------------------------------------------------------------------
Ethical hacking
Hacking is often associated with illegal activities,
however, this is not always the case
● Black hat hacking is unethical - involves a
hacker gaining unauthorised access to a
computer system or data
● White hat hacking has the permission of
the owner of the computer system or data.
● If they find any security holes, they will
inform the organisation and help them to fix
the problem
Benefits of Ethical hacking
• Ethical hackers are white hat hackers Modular Testing
• Attempt to access the network as a hacker does Testing individual sections of code to ensure that
• Don’t attempt to change or steal data they work as expected & don’t contain security
• Looking for weaknesses in the network issues before they are added to the rest of the
• Weakness pointed out system
• Weaknesses fixed
• Could be employed by the business --------------------------------------------------------------------
• Could work for another specialist company
• Can include penetration testing Commercial analysis tools
Software is used to find weaknesses in a network
-------------------------------------------------------------------- Can be configured to check for a range of
weaknesses
Audit trails - Results/reports generated identifying faults
Audit trails are a record of activities that have taken Weaknesses fixed
place on a computer system
- Automatic record of who changed what and --------------------------------------------------------------------
when
- Identifies suspicious/malicious User policies
activity/changes Collection of rules & guidelines that govern the
- Identifies the point at which errors /security behaviours of network devices / users. Typically
issues occurred covers:
- Enables programs to be rolled back to ● Access controls
previous state ● Password requirements
- Improves accountability ● Info on audit trail requirements
-------------------------------------------------------------------- ● Info on how/when patches should be
applied
Design Stages: ● How security is set up and maintained
Protecting Systems when writing Code ● Review scheduling
It is important to think about security at the design ● Need reviewing because:
stage of a software package as this may stop some - Changes in new laws & regulations
cyber attacks being possible. - changes in requirements means
security is compromised
● What threats is the software likely to face?
● Does the software need security features --------------------------------------------------------------------
like usernames / passwords, or will security
be provided by the network in some other Firewalls
way? Separate a trusted network from an untrusted
● How will patches be installed? network (normally the Internet)
● Should the software use encryption? - Data is sent around a network in small
● Does the system need to create an audit packets of information
trail? - These packets are checked to see where
they are coming from and going to
-------------------------------------------------------------------- - Packets that don’t match filtering rules are
dropped, known as a packet filter
Code review - Firewalls can be run on dedicated hardware or as
Carried out by programmers /software specialist software
Can identify/remove code security vulnerability
- Can highlight where there is unpatched Firewall features:
software ● Monitors in / out traffic using a set of rule:
- Checks efficiency of code / bad ● authorised/unauthorised: computers,
programming practices addresses, protocols
● Can block certain malicious computers by
-------------------------------------------------------------------- filtering
 packets from a certain IP (Internet Protocol)
address
● Can prevent access to certain ports on the
network.
This is known as port blocking
● Malicious or inappropriate websites can be
blocked
● Dedicated hardware firewalls are expensive
● Software firewalls will slow down a
computer
--------------------------------------------------------------------
Access control
Usernames & passwords are one of the most
important ways of protecting computers/servers
- They prevent unauthorised people from
using the system
- They also apply the correct access
permissions to the user’s account
--------------------------------------------------------------------
Password policies
Strong passwords:
● Minimum length of characters
● Include at least one lowercase letter
● Include at least one uppercase letter
● Include at least one symbol
● Change password every month
● Should not be:
○ Names of family, friends or pets
○ Dictionary words or place names
○ Holiday destinations
--------------------------------------------------------------------
Multi-factor Authentication
A user needs to provide two or more independent
credentials to verify their identity before gaining
access to a system, account, or resource.
- Enhances security by ensuring that access
is granted only when multiple forms of
verification are met.
--------------------------------------------------------------------
User access levels
Access rights may be set on disks, folders and
even individual files
1. Read: allows user to open the file and read
the contents.
2. Write: allows user to modify contents, write
data to the file or delete the file.
3. Execute: allows user to execute the
instructions in a file (such as a .exe file).
--------------------------------------------------------------------
Biometric authentication
Biometrics measure a person’s physical
characteristics to verify their identity
Biometric methods include:
● Facial recognition
● Finger print scanning
● Retinal scans
● Voice recognition
--------------------------------------------------------------------
Physical security
Physical security is where hardware, software and
networks are protected by physical methods
1. (Electronic/combination) lock on doors
2. Swipe/key cards/biometrics
3. Security guards/security patrol
4. CCTV cameras / surveillance technology
5. Asset tagging/marking
--------------------------------------------------------------------
Securing operating systems
The methods & practices used to protect an
operating system from unauthorized access,
vulnerabilities, and potential attacks.
● Applying updates and patches: Regularly
updating the OS to fix known security
vulnerabilities.
● Setting up user permissions: Configuring
different access levels for users to control
who can access specific data or system
functions.
● Using antivirus and anti-malware
software: Installing software to detect and
 prevent malicious programs from
compromising the OS.
● Configuring firewalls: Setting up firewalls
to monitor and control incoming and
outgoing network traffic.
● Using strong authentication methods:
Enforcing strong passwords and, if
available, multi-factor authentication to
reduce the risk of unauthorized access.

--------------------------------------------------------------------

Cloud storage security protection:

Users should:
1. Choose strong authentication credentials
(username/password)
2. Not share credentials
3. Not have automatic login to cloud / leaving
machine unattended
4. Changing password regularly
5. Password protect documents

Cloud storage provider should:

1. Infrastructure (e.g. firewall/servers) must be
secure from unauthorised access
2. Keeping their security software up to date
3. Policy and procedures effective in preventing an
insider attack / a data breach
4. Data protection laws in the resident country must
be obeyed
5. Backup and restore procedures
6. Use encryption