Unit-7 Network security

7.1 Introduction to network security

Network security is the security provided to a network from
unauthorized access and risks. It is the duty of network
administrators to adopt preventive measures to protect their
networks from potential security threats.

Computer networks that are involved in regular transactions and

communication within the government, individuals, or business
require security. The most common and simple way of protecting a
network resource is by assigning it a unique name and a
corresponding password.

7.2 Types of network security

7.2.1 Firewall protection

Firewalls
A firewall is a network security system that manages and regulates
the network traffic based on some protocols. A firewall establishes a
barrier between a trusted internal network and the internet.

Firewalls exist both as software that run on a hardware and as

hardware appliances. Firewalls that are hardware-based also
provide other functions like acting as a DHCP server for that
network.

Most personal computers use software-based firewalls to secure

data from threats from the internet. Many routers that pass data
between networks contain firewall components and conversely,
many firewalls can perform basic routing functions.

Firewalls are commonly used in private networks or intranets to

prevent unauthorized access from the internet. Every message
entering or leaving the intranet goes through the firewall to be
examined for security measures.
An ideal firewall configuration consists of both hardware and
software based devices. A firewall also helps in providing remote
access to a private network through secure authentication
certificates and logins.

Hardware and Software Firewalls

Hardware firewalls are standalone products. These are also found in

broadband routers. Most hardware firewalls provide a minimum of
four network ports to connect other computers. For larger networks
− e.g., for business purpose − business networking firewall
solutions are available.

Software firewalls are installed on your computers. A software

firewall protects your computer from internet threats.

7.2.2 Email security

Basically, Email security refers to the steps where we protect the email messages and
the information that they contain from unauthorized access, and damage. It involves
ensuring the confidentiality, integrity, and availability of email messages, as well as
safeguarding against phishing attacks, spam, viruses, and another form of malware. It
can be achieved through a combination of technical and non-technical measures.

Some standard technical measures include the encryption of email messages to protect
their contents, the use of digital signatures to verify the authenticity of the sender, and
email filtering systems to block unwanted emails and malware, and the non-technical
measures may include training employees on how to recognize and respond to phishing
attacks and other email security threats, establishing policies and procedures for email
use and management, and conducting regular security audits to identify and address
vulnerabilities.
We can say that email security is important to protect sensitive information from
unauthorized access and ensure the reliability and confidentiality of electronic
communication.

7.2.3 Antivirus and Antimalware

7.2.4 Virtual Private Network

VPN stands for Virtual Private Network. It allows you to connect your computer to
a private network, creating an encrypted connection that masks your IP address
to securely share data and surf the web, protecting your identity online.

A virtual private network, or VPN, is an encrypted connection over the Internet

from a device to a network. The encrypted connection helps ensure that sensitive
data is safely transmitted. It prevents unauthorized people from eavesdropping
on the traffic and allows the user to conduct work remotely. VPN technology is
widely used in corporate environments.

A VPN connection is shown in the figure below −

In this figure, Routers R1 and R2 use VPN technology to guarantee privacy for
the organization.

VPN connections are used in two important ways −

 To establish WAN connections using VPN technology between two distant networks that
may be thousands of miles apart, but where each has some way of accessing the internet.
 To establish remote access connections that enable remote users to access a private
network through a public network like the internet.

7.2.5 Network Access Control

Network Access Control (NAC) refers to the methods and technologies used by
organizations to manage and control access to their networks. The primary goal of NAC
is to ensure that only authorized users and devices are granted access to the network
while preventing unauthorized access and potential security threats.

Here's how NAC typically works:

1. Authentication: Users and devices are required to authenticate themselves

before gaining access to the network. This can involve various methods such as
username/password, digital certificates, biometric authentication, or multi-factor
authentication (MFA).
2. Endpoint Security Assessment: Before allowing access to the network, NAC
systems may conduct security assessments on endpoints (devices) seeking
access. This assessment checks for things like up-to-date antivirus software,
operating system patches, and compliance with security policies.
3. Policy Enforcement: NAC systems enforce network access policies based on
predefined rules and criteria. These policies specify which users or devices are
 allowed to access specific parts of the network, what resources they can access,
and under what conditions.
4. Continuous Monitoring: NAC solutions often include continuous monitoring
capabilities to detect any unauthorized or suspicious activities occurring within
the network. This helps in identifying and responding to potential security threats
in real-time.

7.3 common network security threats

Malware, short for malicious software, refers to any software intentionally designed to
cause damage to a computer, server, network, or device, or to gain unauthorized access
to systems or data. There are several types of malware, each with its own characteristics
and methods of operation. Some common types of malware include:

1. Viruses: Viruses are programs that replicate themselves and infect other files on
a computer or network. They often attach themselves to executable files and can
cause damage by corrupting or deleting data, stealing information, or disrupting
system functionality.
2. Worms: Worms are standalone malware programs that can self-replicate and
spread across networks without requiring user interaction. They exploit
vulnerabilities in network services to propagate and can cause widespread
damage by consuming network bandwidth, slowing down systems, or launching
additional attacks.
3. Trojans: Trojans, or Trojan horses, are malware programs disguised as legitimate
software to trick users into installing them. Once installed, Trojans can perform
various malicious actions, such as stealing sensitive information, spying on user
activities, or providing remote access to attackers.
4. Ransomware: Ransomware encrypts files or locks down systems, rendering them
inaccessible to users until a ransom is paid. It often spreads through phishing
emails, malicious attachments, or exploit kits and can cause significant data loss
and financial damage to organizations and individuals.
5. Spyware: Spyware is designed to secretly monitor and collect information about
a user's activities without their consent. It can capture keystrokes, log browsing
habits, record passwords, and transmit sensitive data to remote servers,
compromising user privacy and security.
6. Adware: Adware displays unwanted advertisements or redirects users to
malicious websites to generate revenue for the attacker. While not always
inherently malicious, adware can degrade system performance, disrupt user
experience, and expose users to other forms of malware.
Phishing attacks
Phishing attacks are a type of cyber attack in which attackers use deceptive emails,
text messages, or other communication methods to trick individuals into providing
sensitive information, such as login credentials, personal information, or financial
details. Phishing attacks are one of the most common and effective methods used
by cybercriminals to steal information, spread malware, or gain unauthorized
access to systems.