Network

Security
R&D - CITS
Introduction to Network Security
 Network security is a critical aspect of modern technology,
involving;
 Measures taken to safeguard a network and its associated data
from unauthorised access, use, disclosure, disruption,
modification, or destruction.
 These measures include; physical security, access control,
firewalls, intrusion detection systems, encryption, and data
backup.
 Definition
Network Security refers to the measures taken by any
organization to secure its communication network and data using
both hardware and software systems.
 Levels of network security
Physical Network Security.
This is the security which involves protecting the network devices
from un authorised access. It include and routers, switches,cables,
computer, etc.
Technical Network Security.
It primarily focuses on protecting the data stored in the
network or data involved in transitions through the
network. It protects access to unauthorized users, and
malicious activities.

4
 Levels of network security cont...
Administrative Network Security.
This level of network security that protects user behavior like how the
permission has been granted and how the authorization process takes
place.

4
 Types of Network Security controls.

Administrative Network Security.

This level of network security that protects user behavior like how the
permission has been granted and how the authorization process takes
place.

4
Network Antivirus Software
Antivirus software is a type of software used to prevent,
scan, detect and delete viruses from a computer. Once
installed, most antivirus software will run automatically
in the background to provide real-time protection
against virus attacks.

4
This is defined as a solution that continuously records
system activities and events taking place on endpoints.
EDR can detect malicious activity on an endpoint as a
result of zero-day exploits, advanced persistent threats,
file less or malware-free attacks, which do not leave
signatures and can, therefore, evade legacy anti-virus
Wireless Security​
Wireless security is defined as the protection of unauthorized access
and malicious attempts to a wireless or Wi-Fi network. Wi-Fi is highly
susceptible to hacking if weak wireless protocols are enabled. A
wireless network designed with current wireless security protocols,
such as WPA2 can deter cyber-attacks.

4
Types of Network Security controls.

Network Access Control.

Network Access Control or NAC is a network solution that enables
only compliant, authenticated, and trusted endpoint devices to
access network resources and infrastructure.
Network Security Policies
This is a policy that informs the employees of an organization the
requirements for protecting assets within the infrastructure. A
network security policy that is easily interpreted and enforced can
protect the network from accidental or intentional data loss, lessen
the risk of cyber-attacks, and preserve the integrity of corporate data.

4
Network security tools
Wireshark.
It is a widely used open-source network protocol analyzer that enables
users to record and analyze network traffic in real-time. Features
includes:- Captures and displays packets in real-time, Supports various
network protocols and file formats, Provides detailed packet analysis and
filtering capabilities
Network security tools cont...
Snort
It is a free and open-source intrusion detection and prevention system
that can detect and block network attacks. Features includes Real-
time traffic analysis and packet logging, Protocol analysis, content
searching, and pattern matching, Flexible rule-based language for
customizing detection and response Multi-platform support and
integration with other security tools
Network security tools cont...
Nmap.
It is a powerful network mapping tool that scans networks and provides
information about open ports, services, and vulnerabilities. It detect
hosts and services on a network, Perform port scanning, OS detection, and
vulnerability scanning, Supports a variety of scanning techniques and
output formats, Integration with other security tools and platforms Cross-
platform compatibility
Network security tools cont...
Metasploit.
It is a framework that allows users to test the security of networks and
applications by exploiting known vulnerabilities. Features includes,
Automated vulnerability scanning, Post-exploitation actions and lateral
movement, Remote control of compromised systems Integration with
other security tools, Comprehensive exploit database
Network security tools cont...
Nessu.
It is a popular network security tool used for vulnerability scanning,
detection, and assessment. It can identify security flaws in networks and
provide detailed reports on how to fix them. It supports multiple
operating systems and platforms Perform comprehensive security checks
on network devices and systems, Provide detailed reports on
vulnerabilities found and potential security risks, Supports compliance
checks with various security standards and regulations
 Challenges of network security
Remote Work
Remote work has opened networks up to threats like never before. The
number of personal devices serving as network endpoints has
multiplied exponentially as a product of remote offices. Employees
increasingly connect to insecure networks when they work outside
their offices or homes.
Investment in Security Tools.
IT professionals clearly recognized that most of companies do
not give importance to buy license or to upgrade security
tools unless they face loss of data.
Challenges of network security cont...
User Account Privileges
Insider threats are particularly challenging, whether intentional or
derived from honest network user mistakes. Losing a work
device or emailing the wrong person can happen to anyone.
Leaks, misused account privileges, or identity theft from a
phishing campaign can compromise user data, meaning that
the people authorized to use your network are a major
security vulnerability.
Challenges of network security cont...
Unpatched Vulnerabilities
For hackers, it is easier to attack a patched vulnerability than to invent a
new exploit method. When security companies discover a network
vulnerability, they generally begin to work on patching it up, and
hackers know that breaking those patches is highly effective.
Shortages of IT Staffing
The IT staffing shortage is especially evident in the security
filed. Shortage of skilled IT staff is the third biggest problem
recognized by Gartner in their 2016 CIO Agenda
 Network security threats
Spoofing attack
Masquerade attack where the source information is falsified Examples:
media access control (MAC) cloning IP spoofing, Email spoofing,
Caller ID spoofing, Web spoofing, Biometric spoofing Card cloning
On-Path attack
Man-in-the-Middle (MITM) attack: attacker sits between two
communicating nodes without them knowing the
conversation is being eavesdropped Examples: ARP (Address
Resolution Protocol ) poisoning attack, Replay attack,
Downgrade attack, Session hijacking attack, Evil twin attack
and Man-in-the-Browser attack: malicious browser plugin etc.
 Network security threats cont..
ARP Poisoning
Victim’s ARP table is tricked into recording the attacker’s MAC address for
the legitimate system such as Man-in-the-Middle attack, Can lead to a
data disclosure attack.
Replay attack
Information (credentials) captured over the network are replayed later, Pass
the Hash attack Replay attack that uses stolen NTLM credentials against
Microsoft network authentication services Countermeasures: encrypted
timestamps, multifactor authentication, one-time passwords
 Network security threats cont..
Downgrade attack
Attacker manipulates the security negotiation stage between two endpoints
to implement a weaker encryption package Examples: Implementing DES
instead of AES, POODLE attack tricks a web browser and web server to
downgrade from TLS 1.0 to SSL 3.0
DNS Poisoning
False address information recorded in the Domain Name System, DNS server
zone tablets/hosts file, DNS servers will cache the IP address answer, DNS
cache poisoning Countermeasures: Least privilege management, DNSSEC,
TSIG
 Network security threats cont..
Power blackout
This simply refers to situation where power goes off and end up shutting
down all the network devices down such as computer, router and switches.
Hackers
Network hacking refers to the act of gaining unauthorized access to a
computer network and its infrastructure resources, such as devices, servers,
software, and other services.
 Measures and Controls of Network Security
Network Segmentation.
Network segmentation collates an organization’s data into separate groups that
share common functions, ensuring that access to one group does not
guarantee outright access to another. Network segmentation also allows
organizations to control which members of the organization have access to
certain information that shouldn’t be available in the general network
landscape.
Intrusion Prevention Systems.
Intrusion prevention systems (IPSs) are designed to spring into action as soon
as a network security risk is detected and respond by blocking it.
 Measures and Controls of Network Security cont..
Honey pot
This is a network set up with intentional vulnerabilities hosted on a decoy
server to attract hackers. The primary purpose is to test network security by
inviting attacks. This approach helps security experts study an actual attacker's
activities and methods to improve network security.
Network firewall
This is a security device used to prevent or limit illegal access to private
networks by using policies defining the only traffic allowed on the network; any
other traffic seeking to connect is blocked
 Measures and Controls of Network Security cont..
Identification:

Identification deals with confirming the identity of a user, process, or device

accessing the network
The identification process includes verifying a user ID and a password. Users
need to provide both the credentials in order to gain access to the network
Example: Username, Account Number, etc.
Authentication:
Authentication refers to verifying the credentials provided by the user while attempting to connect to a network. A typical user authentication consists of a user
ID and a password. The other forms of authentication are authenticating a website using a digital certificate, comparing the product and the label associated with
it.
Example: Password, PIN, etc.
 Measures and Controls of Network Security cont..
Authorization:
Authorization refers to the process of providing permission to access the Resources or perform an action on the network. The mechanism of authorization can allow
the network administrator to create access permissions for users as well as verify the access permissions created for each user.
Example: A user can only read the file but not write to or delete it.

Accounting:
User accounting refers to tracking the actions performed by the user on a network. This Includes verifying the files accessed by the user, functions like alteration or
modification of the files or data. It keeps track of who, when, how the users access the network. It helps in identifying authorized and unauthorized actions.
 Measures and Controls of Network Security cont..
Intranet
Internal, private network not to be directly accessed from the internet or defined as a private network used by an organization. Its primary purpose is to help
employees securely communicate with each other, to store information, and to help collaborate
De-militarized Zone (DMZ)
This is a perimeter network that protects and adds an extra layer of security to an organization's internal local-area network from untrusted traffic.
Routing Control:
Enables selection of particular physically secure routes for certain data and allows routing changes once a breach of security is suspected.
 Benefits of Network
Security
Builds trust.
Security for large systems translates to security for everyone. Network security
Boosts client and consumer confidence, and it protects your business from the
reputational and legal fallout of a security breach.
Mitigates risk.
The right network security solution will help your business stay compliant with
Business and government regulations, and it will minimize the business and
financial impact of a breach if it does occur.
 Benefits of Network
Security
Protects proprietary information.
Your clients and customers rely on you to protect their Sensitive information.
Your business relies on that same protection, too. Network security ensures
the protection of information and data shared across the network.
Enables a more modern workplace.
From allowing employees to work securely from any location
Using VPN to encouraging collaboration with secure network
access, network security provides options to enable the future
of work. Effective network security also provides many levels of
security to scale with your growing business.
END