ICT LECTURE 6

PREPARED BY MRS CHINYAMA

COMPUTER NETWORK SECURITY AND
TROUBLESHOOTING
 OBJECTIVES
• By the end of this lesson you should be able to:
• Define what computer security is
• Define computer threats
• How to protect our networks from the computer threats
• Define troubleshooting
 INTRODUCTION

• Before we talk about computer security, we need to understand in general

terms what security is. Security is a continuous process of protecting an
object from unauthorized access.
• It is a state of being or feeling protected from harm. That object in that state
may be a person, an organization such as a business, or property such as a
computer system or a file. Security comes from secure which means,
according to Webster Dictionary, a state of being free from care, anxiety, or
fear.
 INTRODUCTION

• An object can be in a physical state of security or a theoretical state of security. In

a physical state, a facility is secure if it is protected by a barrier like a fence,
has secure areas both inside and outside, and can resist penetration by
intruders. This state of security can be guaranteed if the following four
protection mechanisms are in place: deterrence, prevention, detection, and
response.
 INTRODUCTION

• Deterrence is usually the first line of defence against intruders who may try to
gain access. It works by creating an atmosphere intended to frighten
intruders. Sometimes this may involve warnings of severe consequences if
security is breached.
• Prevention is the process of trying to stop intruders from gaining access to the
resources of the system. Barriers include firewalls, demilitarized zones
(DMZs), and the use of access items like keys, access cards, biometrics, and
others to allow only authorized users to use and access a facility.
 INTRODUCTION
• Detection occurs when the intruder has succeeded or is in the process of gaining access to the
system. Signals from the detection process include alerts to the existence of an intruder.
Sometimes these alerts can be real time or stored for further analysis by the security
personnel.
• Response is an aftereffect mechanism that tries to respond to the failure of the first three
mechanisms. It works by trying to stop and/or prevent future damage or access to a facility.
• Digital barriers – commonly known as firewalls, can be used. Firewalls are hardware or
software tools used to isolate the sensitive portions of an information system facility from the
outside world and limit the potential damage by a malicious intruder
 COMPUTER NETWORK SECURITY

• Computer network security consists of measures taken by business or some

organizations to monitor and prevent unauthorized access from the outside
attackers.
• Different approaches to computer network security management have different
requirements depending on the size of the computer network. For example, a home
office requires basic network security while large businesses require high
maintenance to prevent the network from malicious attacks.
• Network Administrator controls access to the data and software on the network. A
network administrator assigns the user ID and password to the authorized person
 COMPUTER SECURITY
• This is a study, which is a branch of computer science, focusing on creating a
secure environment for the use of computers. It is a focus on the “behaviour
of users,” if you will, required and the protocols in order to create a secure
environment for anyone using computers. This field, therefore, involves four
areas of interest: the study of computer ethics, the development of both
software and hardware protocols, and the development of best practices.
 NETWORK SECURITY
• Computer networks are distributed networks of computers that are either strongly
connected meaning that they share a lot of resources from one central computer or
loosely connected, meaning that they share only those resources that can make the
network work. When we talk about computer network security, our focus object model
has now changed. It is no longer one
computer but a network. So computer network security is a broader study of computer
security. It involves creating an environment in which a computer network, including all
its resources, which are many; all the data in it both in storage and in transit; and all its
users, is secure. Because it is wider than computer security, this is a more complex field
of study than computer security involving more detailed mathematical designs of
cryptographic, communication, transport, and exchange protocols and best practices.
 INFORMATION SECURITY
• Information security is even a bigger field of study including computer and
computer network security. This study is found in a variety of disciplines,
including computer science, business management, information studies, and
engineering. It involves the creation of a state in which information and data
are secure. In this model, information or data is either in motion through the
communication channels or in storage in databases on server. This, therefore,
involves the study of not only more detailed mathematical designs of
cryptographic, communication, transport, and exchange protocols and best
practices but also the state of both data and information in motion.
 SECURING THE COMPUTER SYSTEM

• Creating security in the computer system model we are embarking on in this lecture
means creating secure environments for a variety of resources. In this model, a
resource is secure, based on the above definition, if that resource is protected from
both internal and external unauthorized access. These resources, physical or not, are
objects. Ensuring the security of an object means protecting the object from
unauthorized access both from within the object and externally. In short, we protect
objects. System objects are either tangible or nontangible. In a computer network
model, the tangible objects are the hardware resources in the system, and the
intangible object is the information and data in the system, both in transition and
static in storage.
 HARDWARE

• Protecting hardware resources include protecting:

• End-user objects that include the user interface hardware components such
as all client system input components, including a keyboard, mouse, touch
screen, light pens, and others. Network objects like firewalls, hubs, switches,
routers, and gateways which are vulnerable to hackers.
• Network communication channels to prevent eavesdroppers from
intercepting network communications
 SOFTWARE

• Protecting software resources includes protecting hardware-based software,

operating systems, server protocols, browsers, application software, and
intellectual property stored on network storage disks and databases. It also
involves protecting client software such as investment portfolios, financial
data, real estate records, images or pictures, and other personal files
commonly stored on home and business computers.
ASPECTS OF NETWORK SECURITY:
 ASPECTS OF NETWORK SECURITY:

Following are the desirable properties to achieve secure communication:

1. Privacy: Privacy means both the sender and the receiver expects
confidentiality. The transmitted message should be sent only to the
intended receiver while the message should be opaque for other users. Only
the sender and receiver should be able to understand the transmitted
message as eavesdroppers can intercept the message. Therefore, there is a
requirement to encrypt the message so that the message cannot be
intercepted. This aspect of confidentiality is commonly used to achieve
secure communication.
 ASPECTS OF NETWORK SECURITY:

2. Message Integrity: Data integrity means that the data must arrive at the
receiver exactly as it was sent. There must be no changes in the data
content during transmission, either maliciously or accident, in a transit. As
there are more and more monetary exchanges over the internet, data
integrity is more crucial. The data integrity must be preserved for secure
communication.
3. End-point authentication: Authentication means that the receiver is sure
of the sender?s identity, i.e., no imposter has sent the message.
 ASPECTS OF NETWORK SECURITY:

4. Non-Repudiation: Non-Repudiation means that the receiver must be able

to prove that the received message has come from a specific sender. The
sender must not deny sending a message that he or she send. The burden
of proving the identity comes on the receiver. For example, if a customer
sends a request to transfer the money from one account to another
account, then the bank must have a proof that the customer has requested
for the transaction.
 ASPECTS OF NETWORK SECURITY:

5. Access Control — it is the prevention of unauthorized use of a resource.

This specifies the users who can have access to the resource, and what are
the users permitted to do once access is allowed.
6. Availability — it assures that the data and resources requested by
authorized users are available to them when requested.
 PRIVACY

• The concept of how to achieve privacy has not been changed for thousands
of years: the message cannot be encrypted. The message must be rendered
as opaque to all the unauthorized parties. A good encryption/decryption
technique is used to achieve privacy to some extent. This technique ensures
that the eavesdropper cannot understand the contents of the message.
• Data encryption converts data from a readable, plaintext format into an
unreadable, encoded format: cipher text. Users and processes can only read
and process encrypted data after it is decrypted. The decryption key is secret,
so it must be protected against unauthorized access.
SOURCES OF SECURITY THREATS
 SOURCES OF SECURITY THREATS

• The security threat to computer systems springs from a number of factors that
include weaknesses in the network infrastructure and communication protocols that
create an appetite and a challenge to the hacker mind, the rapid growth of
cyberspace into a vital global
communication and business network on which international commerce and
business transactions are increasingly being performed and many national critical
infrastructures are being connected, the growth of the hacker community whose
members are usually experts at gaining
unauthorized access into systems that run not only companies and governments but
also critical national infrastructures
 SOURCES OF SECURITY THREATS

• The vulnerability in operating system protocols whose services run the

computers that run the communication network, the insider effect resulting
from
workers who steal and sell company databases and the mailing lists or even
confidential business documents, social engineering, physical theft from
within the organizations of things such as laptop and hand-held computers
with powerful communication technology and more
potentially sensitive information, and security as a moving target.
 WEAKNESSES IN NETWORK INFRASTRUCTURE
AND COMMUNICATION PROTOCOLS

• Compounding the problems created by the design philosophy and policy are
the weaknesses in the communication protocols. The Internet is a packet
network that works by breaking data, to be transmitted into small individually
addressed packets that are downloaded on the network's mesh of switching
elements. Each individual packet finds its way through the network with no
predetermined route and the packets are reassembled to form the original
message by the receiving element. To work successfully, packet networks
need a strong trust relationship that must exist among the transmitting
elements.
 RAPID GROWTH OF CYBERSPACE

• There is always a security problem in numbers. Since its beginning as ARPANET, in

the early 1960s, the Internet has experienced phenomenal growth. As it grew, it
brought in more and more users with varying ethical standards, added more services,
and created more responsibilities.
• As more and more people enjoyed the potential of the Internet, more and more
people with dubious motives were also drawn to the Internet because of its
enormous wealth of everything they were looking for. Such individuals have posed a
potential risk to the information content of the Internet and such a security threat
has to be dealt with.
 THE GROWTH OF THE HACKER
COMMUNITY
• Although other factors contributed significantly to the security threat, in the
general public view, the number one contributor to the security threat of
computer and telecommunication networks more than anything else is the
growth of the hacker community. Hackers have
managed to bring this threat into news headlines and people's living rooms
through the ever increasing and sometimes devastating attacks on computer
and telecommunication systems using viruses, worms, and distributed denial
of services.
 VULNERABILITY IN OPERATING SYSTEM
PROTOCOL
• One area that offers the greatest security threat to global computer systems is
the area of software errors especially network operating systems errors. An
operating system plays a vital role not only in the smooth running of the
computer system in controlling and providing
vital services, but it also plays a crucial role in the security of the system in
providing access to vital system resources. A vulnerable operating system can
allow an attacker to take over a computer system and do anything that any
authorized super user can do, such as changing files, installing and running
software, or reformatting the hard drive.
 THE INVISIBLE SECURITY THREAT -
THE INSIDER EFFECT
• Quite often news media reports show that in cases of violent crimes such as
murder, one is more likely to be attacked by someone one does not know.
However, real official police and court records show otherwise. This is also
the case in computer infrastructure security. Research data from many
reputable agencies consistently show that the greatest threat to security in
any enterprise is the guy down the hall.
 SOCIAL ENGINEERING

• Beside the security threat from the insiders themselves who knowingly and
willingly are part of the security threat, the insider effect can also involve
insiders unknowingly being part of the security threat through the power of
social engineering. Social engineering consists of an array of methods an
intruder such as a hacker, both from within or outside the organization, can
use to gain system authorization through masquerading as an authorized user
of the network. Social engineering can be carried out using a variety of
methods, including physically impersonating an individual known to have
access to the system, online, telephone, and even by writing.
 HOW SERIOUSLY SHOULD YOU TAKE
THREATS TO COMPUTER SECURITY?
• The first step in understanding computer and network security is to formulate a
realistic assessment of the threats to those systems. You will need a clear picture of
the dangers in order to adequately prepare a defence.
• A better way to assess the threat level to your system is to weigh the attractiveness
of your system to potential intruders against the security measures in place. Keep in
mind, too, that the greatest external threat to any system is not hackers, but malware
and denial of service attacks. Malware includes viruses, worms, Trojan horses, and
logic bombs. And beyond the external attacks, there is the issue of internal
problems due to malfeasance or simple ignorance.
THE MOST COMMON NETWORK SECURITY THREATS
 IDENTIFYING TYPES OF THREATS
Most attacks can be categorized as one of six broad classes:
1. Malware: This is a generic term for software that has a malicious purpose. It
includes virus attacks, worms, adware, Trojan horses, and spyware. This is the
most prevalent danger to your system.
2. Security breaches: This group of attacks includes any attempt to gain unauthorized
access to your system. This includes cracking passwords, elevating privileges,
breaking into a server… all the things you probably associate with the term
hacking.
3. Denial of service (DoS) attacks: These are designed to prevent legitimate access to
your system.
 IDENTIFYING TYPES OF THREATS

4. Web attacks: This is any attack that attempts to breach your website. Two
of the most common such attacks are SQL injection and cross-site
scripting.
5. Session hijacking: These attacks are rather advanced, and involve an attacker
attempting to take over a session.
6. DNS poisoning: This type of attack seeks to compromise a DNS server so
that users can be redirected to malicious websites, including phishing
websites.
 MALWARE
• Malware is a generic term for software that has a malicious purpose. The three types
of malware: viruses, Trojan horses, and spyware. Trojan horses and viruses are the
most widely encountered.
• According to Symantec (makers of Norton antivirus and other software products),
a virus is “a small program that replicates and hides itself inside other programs,
usually without your knowledge” (Symantec, 2003). A computer virus is similar to a
biological virus; both are designed to replicate and spread. The most common
method for spreading a virus is using the victim’s email account to spread the virus
to everyone in their address book. Some viruses don’t actually harm the system
itself, but all of them cause network slowdowns due to the heavy network traffic
caused by the virus replication.
 MALWARE(2)

• A Trojan horse or Trojan is a type of malware that is often disguised as

legitimate software. Trojans can be employed by cyber-thieves and hackers
trying to gain access to users' systems. Users are typically tricked by some
form of social engineering into loading and executing Trojans on their
systems. Once activated, Trojans can enable cyber-criminals to spy on you,
steal your sensitive data, and gain backdoor access to your system. These
actions can include: Deleting data, Blocking data, Modifying data, Copying data and
Disrupting the performance of computers or computer networks
 MALWARE (3)

• Another category of malware currently on the rise is spyware. Spyware is

simply software that literally spies on what you do on your computer.
Spyware can be as simple as a cookie—a text file that your browser creates and
stores on your hard drive—that a website you have visited downloads to your
machine and uses to recognize you when you return to the site. However,
that flat file can then be read by the website or by other websites. Any data
that the file saves can be retrieved by any website, so your entire Internet
browsing history can be tracked.
 MALWARE (4)

• A logic bomb is software that lays dormant until some specific condition is
met. That condition is usually a date and time. When the condition is met,
then the software does some malicious act such as deleting files, altering
system configuration, or perhaps releasing a virus.
• Another form of spyware, called a key logger, records all of your keystrokes.
Some key loggers also take periodic screenshots of your computer. Data is
then either stored for later retrieval by the person who installed the key
logger or is sent immediately back via email.
 MALWARE (4)

• Computer worm: Computer worms are pieces of malware programs that

replicate quickly and spread from one computer to another. A worm spreads
from an infected computer by sending itself to all of the computer’s
contacts, then immediately to the contacts of the other computers.
 PHISHING

• Phishing is a method of a social engineering with the goal of obtaining

sensitive data such as passwords, usernames, credit card numbers.
• The attacks often come in the form of instant messages or phishing emails
designed to appear legitimate. The recipient of the email is then tricked into
opening a malicious link, which leads to the installation of malware on the
recipient’s computer. It can also obtain personal information by sending an
email that appears to be sent from a bank, asking to verify your identity by
giving away your private information.
 ROOTKIT

• Rootkit is a collection of software tools that enables remote control and

administration-level access over a computer or computer networks. Once remote
access is obtained, the rootkit can perform a number of malicious actions; they
come equipped with keyloggers, password stealers and antivirus disablers.
• Rootkits are installed by hiding in legitimate software: when you give permission to
that software to make changes to your OS, the rootkit installs itself in your
computer and waits for the hacker to activate it. Other ways of rootkit distribution
include phishing emails, malicious links, files, and downloading software from
suspicious websites.
 MAN-IN-THE-MIDDLE ATTACKS

• Man-in-the-middle attacks are cybersecurity attacks that allow the attacker to

eavesdrop on communication between two targets. It can listen to a
communication which should, in normal settings, be private.
 COMPROMISING SYSTEM SECURITY

• Cracking: is the appropriate word for intruding into a system without

permission, usually with malevolent intent. Any attack that is designed to
breach your security, either via some operating system flaw or any other
means, can be classified as cracking.
• Social engineering: is a technique for breaching a system’s security by exploiting
human nature rather than technology.
• Hacking: hacking is the process of bypassing computer safeguards in order to
gain access to them
 DENIAL OF SERVICE ATTACKS

• In a denial of service (DoS), the attacker does not actually access the system.
Rather, he or she simply blocks access from legitimate users. One common
way to do prevent legitimate service is to flood the targeted system with so
many false connection requests, that the system cannot respond to legitimate
requests. DoS is probably the most common attack on the Web.
 WEB ATTACKS

• By their nature, web servers have to allow communications. Oftentimes, websites

allow users to
interact with the website. Any part of a website that allows for user interaction is
also a potential point for attempting a web-based attack. SQL injections involve
entering SQL (Structured Query Language) commands into login forms (username
and password text fields) in an attempt to trick the server into executing those
commands. The most common purpose is to force the server to log the attacker on,
even though the attacker does not have a legitimate username and password. While
SQL injection is just one type of web attack, it is the most common.
 DNS POISONING

• Most of your communication on the Internet will involve DNS, or Domain

Name Service. DNS is what translates the domain names you and I
understand (like www.ChuckEasttom.com) into IP addresses that computers
and routers understand. DNS poisoning uses one of several techniques to
compromise that process and redirect traffic to an illicit site, often for the
purpose of stealing personal information.
 WHAT IS ADWARE?
• Adware is unwanted software designed to throw advertisements up on your
screen, most often within a web browser. Some security professionals view it
as the forerunner of the modern-day PUP (potentially unwanted program).
Typically, it uses an underhanded method to either disguise itself as
legitimate, or piggyback on another program to trick you into installing it on
your PC, tablet, or mobile device
WAYS TO SECURE A COMPUTER
NETWORK
 WAYS TO SECURE A COMPUTER
NETWORK
• Computer and network security breaches seem to be in the news every day,
and they’re costing the organizations that fall prey millions of dollars.
 PUT IN AND MONITOR FIREWALL
PERFORMANCE
• A firewall is a piece or set of software or hardware designed to block
unauthorized access to computers and networks. In very simple terms, a
firewall is a series of rules that control incoming and outgoing network
traffic; computers and networks that “follow the rules” are allowed into
access points, and those that don’t are prevented from accessing your system.
 UPDATE PASSWORDS

• Every quarter is the recommended for updating password, but more often is
better. However, there is a fine line: changing passwords too often can cause
confusion, leading employees to reach out to IT for reminders of their
username and passwords.
• In addition to using passwords that feature both letters, symbols and
numbers — and some uppercase letters — for added security, require
employees to regularly change any personal passwords used on systems that
have access to business networks (your business will have its own, but many
computers also allow personal passwords).
 MAINTAIN YOUR ANTI-VIRUS
SOFTWARE
• If you’re not performing regular updates of your anti-virus software, you’re
putting your network at greater risk and creating potential cybersecurity
issues, as hackers find ways to “crack” these tools and can deploy new
viruses. Staying ahead of them by using the latest versions of software is
critical.
• Run your ant virus at least daily
 CREATE A VIRTUAL PRIVATE NETWORK
(VPN)
• VPNs create a far more secure connection between remote computers
(home networks or computers used by people on the road) and other “local”
computers and servers. These networks are essentially only available to
people who should have access to your systems, including your wireless
network, and to equipment that’s been authorized in your network settings. A
VPN can dramatically decrease the likelihood that hackers can find a wireless
access point and wreak havoc on your system.
 TRAINING YOUR EMPLOYEES

• All the tools and tricks in the book won’t do much good if the people using
your system aren’t following computer security best practices. Frequent
reminders about the risks and the steps to mitigate them will help keep
network security top of mind; some organizations work these kinds of
updates into mandatory meetings to help communicate the importance.
Educating employees about how to avoid major security risks is possibly the
greatest weapon you have in combating cybercrime
 ENCRYPT YOUR DATA

• Whether your computer houses your life’s work or a load of files with
sentimental value like photos and videos, it’s likely worth protecting that
information. One way to ensure it doesn’t fall into the wrong hands is to
encrypt your data. Encrypted data will require resources to decrypt it; this
alone might be enough to deter a hacker from pursuing action.
 KEEP UP WITH SYSTEM AND SOFTWARE
SECURITY UPDATES
• While software and security updates can often seem like an annoyance, it
really is important to stay on top of them. Aside from adding extra features,
they often cover security holes. This means the provider of the operating
system (OS) or software has found vulnerabilities which give hackers the
opportunity to compromise the program or even your entire computer.
• Typically if an update is available for your OS, you’ll get a notification. You
can often opt to update immediately or set it to run at a later time. While it
can be inconvenient to stop what you’re doing for half an hour for an update
to take place, it’s often best to just get it done out of the way.
 NETWORK TROUBLESHOOTING

• What is network troubleshooting?

• Network troubleshooting is the systematic process of searching for,
diagnosing, and correcting network issues. It’s also defined as a logical
process network engineers follow to improve the overall network operations.
• Troubleshooting is a repetitive, rigorous, and effective process that involves
regular analysis and testing of individual network components to ensure
smooth operations.
 WHY IS NETWORK TROUBLESHOOTING
IMPORTANT?

• Network troubleshooting is important as it helps IT managers understand

network component issues, reduce downtime, and improve the network's
Quality of Service (QoS) for users.
• With an effective and reliable network monitoring system, it’s easier to
troubleshoot issues, identify network slowdown quickly, analyze latency
metrics, trace packets, and more.
NETWORK TROUBLESHOOTING STEPS

1. Identify the Problem Begin by cataloging the symptoms of the problem

but be aware that the symptoms are not the problem. Further investigate by
interviewing the user that witnessed the issue, asking them to recreate the
issue if possible. Ask, what has changed? What issues are characterized by
these symptoms?
2. Establish a Theory of Probable Cause: At this point, symptoms have
been identified, and the probable causes to those symptoms listed.
Prioritize these potential causes from simplest and most likely, similarly to
the example in the beginning section above.
NETWORK TROUBLESHOOTING STEPS
3. Test Probable Cause Theory to Determine Actual Cause: Now, appropriately
test each problem, progressing through the simplest to the least likely. This may
seem an unnecessary step when considering the next step, “making an action
plan”; however, because many common troubleshooting problems are simple, like
plugging in a cable, the list of causes and the plan to fix it seem to be one step. In
more complex issues, like WAN outages, there can be several issues requiring a
rigorous testing phase.
4. Establish an Action Plan and Execute the Plan: Supported by diagnostic
testing, a plan for fixing the network issue must be formulated. Clearly, the more
complex the problem, the more in-depth the plan, sometimes the problem extends
beyond a network manager’s domain and needs to be elevated to a higher level.
NETWORK TROUBLESHOOTING STEPS
• Verify Full System Functionality: An essential step is verification, which creates the feedback
needed in order to eliminate possible causes. A baseline can be used to compare if the network is
truly functioning normally. If the system is not functional, begin with the next probable cause on
the list.
• 6. Document the Process Documentation can be done during the testing and troubleshoot
process, or it can be done after. In either case, documenting findings, actions taken, and
outcomes create a history that can be returned to if further issues arise. Analyzing solutions to
issues over time may also reveal patterns within the network setup and configuration that
preventative measures can eliminate.
• Clearly, the approach is simple, however, based on the network area in trouble and the nature of
the issue, specialized technical knowledge is a prerequisite to determine specifically how and what
could possibly go wrong.
 COMMON NETWORK TROUBLESHOOTING
PROBLEMS

• Networks small and large will exhibit general types of problems, some basic, some
very complex. Listed are categories of basic areas network issues.
• Cable Issues — Cable issues can manifest in several ways, from a simple
disconnected cable to frayed or damaged lines. Checking connections is usually the
first step in troubleshooting before moving onto more involved causes.
• Connectivity Issues — Connectivity issues can arise if network devices are
misconfigured, damaged, or faulty. Testing the network interface and port on the
 COMMON NETWORK TROUBLESHOOTING
PROBLEMS
• Software Issues — Software issues and network performance may suffer
after software updates; incompatible versions could be a source of network
interruptions.
• Traffic Overload Issues — Traffic overload is a real-time network issue
when bandwidth is overused, and network devices cannot keep traffic
flowing. Unlike discovering a disconnected wire and easily reconnecting it,
managing traffic over a congested network requires a deeper technical
understanding to troubleshoot properly