Denis SASSOU N’GUESSO University

Faculty of Applied Sciences

Third year of degree level

Math computer science course
Specialty network security and computer systems

Theme: Type of Network Security Protection

Group members :

 ENGAMBET ISSAC
 NZAOU CHRIST BERRION
 ELENGA REOFEL FIRNED
 KOKOLO WILFRIDE DAINA
 BOUKYTHA BORGES PRINCE
 MABIALA WILFRIED
BARDEAUL

Teach by:
Pr Alphonse MAKOSSO
Dr MOUMBOUILOU MAHOUNGOU
Introduction:
In our digital age where data travels at unprecedented speed, protecting computer networks has
become a major concern for businesses, governments and individuals. Computer networks are the backbone
of modern communication, connecting billions of devices around the world. However, this global
interconnectedness is also an open door to varied and sophisticated cyber threats that seek to exploit
vulnerabilities in computer systems. Computer network security encompasses a set of measures and
strategies aimed at protecting the integrity, confidentiality and availability of data and services. Types of
computer network protection are diverse and can be classified into several main categories: firewalls,
intrusion detection and prevention systems, data encryption, access controls, endpoint security, and
application security, among others.

1
 A. Why Protect the Network?
Protecting computer networks is essential for several reasons:
 Protect sensitive data
Protecting sensitive data consists of ensuring its confidentiality and integrity to avoid leaks or
unauthorized access. Sensitive data includes personal information, financial data, trade secrets, and any
information deemed critical to an organization.
 Ensure availability of services
Ensuring service availability means preventing interruptions caused by attacks, outages, or other incidents
that may render services inaccessible to users.
 Meet legal requirements
Organizations must comply with various data protection and privacy laws and regulations. Failure to
comply with these requirements may result in financial, legal and reputational penalties.
 Maintain user and customer trust
Network security is crucial to maintaining user and customer trust. A data breach can seriously damage a
company's reputation and lead to loss of customers.
 Indeed, network security is essential because without protection, these networks remain
vulnerable to various attacks, jeopardizing the confidentiality, integrity, and availability of
information.
Computer networks are vulnerable to a multitude of attacks, each with its own dangers and methods of
execution. Here is a detailed exploration of some of the most common attacks:
 Denial of service attacks (DoS/DDoS)
Denial of service (DoS) and distributed denial of service (DDoS) attacks aim to make a service
unavailable by overloading the network or server with malicious requests.

 Denial of Service (DoS): A single machine attacks a target by sending a massive flood of
requests, exhausting the server's resources, making it unable to respond to legitimate requests.

 Distributed Denial of Service (DDoS): Uses multiple machines, often compromised computers
forming a network of "botnets", to launch a coordinated attack from numerous points of origin.

 Intrusions and hacking:

Intrusions and hacks involve unauthorized access to systems and data, often with the aim of stealing
sensitive information or causing damage.

 Intrusion: Unauthorized access to a system through vulnerabilities, such as weak passwords, out-
of-date software, or unsecured networks.

2
  Hacking: Manipulation and exploitation of computer systems to gain profit or cause damage,
often carried out by cybercriminals or hackers.

 Malware and viruses

Malware (malicious software) and viruses are programs designed to damage or steal information from a
computer network.

 Malware: An umbrella term for all types of malware, including viruses, ransomware, Trojans,
spyware, etc.
 Virus: A type of malware that spreads by inserting itself into other executable programs and
replicating itself when those programs are executed.

 Phishing and social engineering

Phishing and social engineering exploit trust and psychological manipulation to obtain confidential
information by masquerading as a trusted entity.

 Phishing: Sending fake emails or messages that appear to come from trusted sources, asking for
personal information such as passwords or credit card numbers.
 Social engineering: Manipulating people into revealing confidential information or performing
compromising actions.

 Clandestine listening (eavesdropping)

Eavesdropping, or eavesdropping, involves intercepting private communications between two parties,
often for the purposes of espionage or the collection of sensitive information.

 Passive: The attacker simply listens to communications without modifying them.

 Active: The attacker intercepts and modifies communications.

B. The Different Types of Network Security Protection

1) Physical Security
Physical security is a fundamental component of network security because it aims to protect hardware
infrastructure, such as servers, data centers and other network equipment, from physical threats. It is based
on several technologies and methods to prevent intrusions, theft, sabotage and damage caused by natural or
accidental incidents. Here are some essential components and technologies to ensure effective physical
security:
 Access control
RFID badges and access cards: Allow access to sensitive areas to be restricted using electronic cards
that only authorized people can possess. Biometric readers: Systems that verify identity by fingerprint,
facial recognition, or iris scanning for strict access control. Access codes and passwords: Use of PIN codes
or passwords to restrict entries, often combined with other means such as badges for increased security.
 Monitoring and alarm systems

3
 Surveillance cameras (CCTV): Placed at access points, in corridors, and around facilities to monitor
movement in sensitive areas in real time. Motion and intrusion sensors: These sensors detect unauthorized
activity in a specific area, triggering alerts or alarms. Alarm systems: Connected to sensors and cameras,
they warn in the event of intrusion or suspicious movement and can instantly notify security services.
 Fire protection
Smoke and heat detection systems: Used to quickly detect the start of a fire. Smoke and heat detectors
are typically interconnected for automatic deployment. Automatic fire extinguishers: Systems such as
sprinklers or inert gas extinguishing devices (for example, FM-200) to extinguish the fire without damaging
equipment. Temperature and Humidity Control: Prevents overheating of sensitive equipment and maintains
stable humidity to prevent short circuits.
 User training and awareness
Users should be trained in security best practices, such as recognizing phishing attempts, using strong
passwords, and being aware of security risks.
 Secure infrastructure and restricted access to facilities
Secure fences and gates: Sensitive facilities are surrounded by fences, often monitored by guards, and
equipped with reinforced gates to limit access. On-Site Security: Security guards may be assigned to
constantly monitor the premises and verify identities upon entry. Locking and padlocks: On server racks or
network cabinets, locking devices limit direct access to equipment.
 Power management and energy redundancy
Uninterrupted Power Sources (UPS): In the event of a power outage, UPS systems provide temporary
power to keep equipment running. Backup generators: Generators take over in the event of a prolonged
outage, ensuring the continuity of critical operations. System Redundancy: Preventing single points of
failure by using redundant systems to protect data and equipment. These technologies and measures
contribute to robust physical protection by limiting the risk of disruptions, whether caused by human or
environmental factors, thereby ensuring the availability and integrity of critical infrastructure. on site to
prevent unauthorized access to critical installations.

2) Logical security
Logical security refers to the implementation of security mechanisms by software, it is based on the
implementation of a logical access control system based on an authentication, identification and
authorization service, and it is also based on: the systems put in place to guarantee confidentiality including
cryptography, effective management of passwords and authentication procedures, anti-virus measures and
safeguarding of sensitive information
 Access Control Authentication:

 Definition: The process of verifying a user's identity before allowing them access to network
resources.
 Techniques:
o Passwords: Users must provide a secret password.
o Smart cards: Use of physical cards that must be inserted into a reader.

4
 o Biometrics: Using physical characteristics such as fingerprints, facial recognition or iris
to identify users.
 Authorization:
 Definition: The process of setting permissions and access levels for users after authentication.
 Types:
o Role-based (RBAC): Users are assigned rights based on their role in the organization.
o Attribute-based (ABAC): Access is granted based on attributes like department, project,
etc.
 Data Encryption
Encryption in Transit:

 Definition: Protection of data when transmitted between two points in the network.
 Techniques:
SSL/TLS: Protocols used to secure communications over the Internet. For example, when connecting to
an online bank, the data is encrypted to prevent interception.
Encryption at Rest:

 Definition: Protection of data stored on storage devices (hard drives, databases).

 Techniques:
o AES (Advanced Encryption Standard): A commonly used symmetric encryption
standard.
o RSA: An asymmetric encryption standard for protecting sensitive data.
 Firewalls
Packet Filtering:

 Definition: Analysis of data packets to determine whether they should be allowed or blocked.
 Types:
o Hardware firewall: Physical devices deployed at the edge of the network.
o Software firewall: Programs installed on servers and computers to control network traffic.

 Application Level Gateways:

 Definition: Controls access to specific applications by deeply inspecting data packets.
 Uses:
Proxies: Intermediaries between users and web services to filter content and protect applications.

 Intrusion Detection and Prevention Systems (IDS/IPS) Intrusion Detection Systems (IDS):
 Definition: Systems that monitor the network to detect suspicious activity.
 Features:
o Signature Analysis: Comparing network activity with known threat signatures.
o Behavior analysis: Detection of abnormal behavior that could indicate an attack.
 Intrusion Prevention Systems (IPS):
 Definition: Systems that not only detect intrusions but also take steps to block them.

5
  Features:
Real-time attack blocks: Prevents threats from compromising the network by automatically blocking
detected attacks.
 Antivirus and Antimalware
Detection and Elimination:

 Definition: Software designed to detect, prevent and remove malware.

 Types of malware: Viruses, worms, trojans, ransomware, spyware.

 Real-Time Protection:
Definition: Continuous monitoring of systems to block malware before it causes damage.
Patch and Update Management
 Regular Updates:
Definition: Applying security patches and updates to address vulnerabilities in software and operating
systems.
 Logical Access Controls
Security Policies:
Definition: Establishing policies that govern access to resources, such as complex passwords and
password change rules.

6
Conclusion
In conclusion, protecting computer networks is an essential necessity in today's digital world. We have
seen that networks play a central role in sharing information and operating modern infrastructures.
Protecting these networks is essential to ensure the confidentiality, integrity and availability of data,
while ensuring the continuity of services and maintaining user trust. Networks are continually
threatened by various types of attacks, such as denial of service (DoS/DDoS) attacks, intrusions and
hacks, malware and viruses, phishing and social engineering, and eavesdropping. Each attack uses
specific techniques to compromise the security of systems and steal or damage critical information. To
defend against these threats, different protection measures must be implemented. Among them, we
discussed firewalls, intrusion detection and prevention systems (IDS/IPS), data encryption, access
controls, endpoint security, and application security. These solutions, combined strategically, strengthen
the security posture of an IT network.

7
Security Tips :
a. Update systems regularly: Apply security patches and software updates regularly to close
vulnerabilities.

b. Use two-factor authentication (2FA): Strengthen user account security with double
verification.

c. Encrypt data: Use encryption protocols like SSL/TLS to protect communications in

transit and encrypt stored data.

d. User training: Educate employees on security best practices, such as recognizing phishing
attempts and using strong passwords.

e. Monitoring and auditing: Implement network monitoring tools and conduct regular
security audits to detect and fix vulnerabilities.

f. Regular backups: Perform regular backups of critical data and test the restoration of
backups.

By incorporating these tips into your security practices, you can create a more secure network
environment and better protect your information from cyberattacks.