Network Security

This section explores the network security fundamentals, explaining types of cyber-attacks, threats to network integrity, and methods to identify and mitigate vulnerabilities. Proper use of secure passwords, encryption, anti-malware software, and firewalls are essential in defending against these threats.

Forms of Attack

Definition: Cyber-attacks are attempts to exploit vulnerabilities in a network or computer system. These attacks aim to disrupt services, steal data, or cause damage.

Common Attack Types

Phishing: Deceptive emails or messages trick users into revealing personal information or downloading malware.

Denial of Service (DoS): Floods a network or server with traffic to make it unavailable to legitimate users.

Brute Force: Repeatedly attempts all possible passwords to gain unauthorised access to accounts.

SQL Injection: Malicious code is inserted into a database query to manipulate data and access sensitive information.

Threats to Networks

Malware (Malicious Software)

Definition: Software designed to harm, exploit, or otherwise compromise a network or computer.

Types of Malware

Viruses: Attach to files or programs and spread when these are shared.

Worms: Self-replicating programs that spread independently across networks.

Trojan Horses: Appear legitimate but contain harmful code, often used to create backdoors.

Spyware: Monitors user activity and steals personal data without the user’s knowledge.

Ransomware: Encrypts files and demands a ransom for decryption keys.

Other Threats

Social Engineering: Manipulates people into divulging confidential information or performing actions that compromise security.

Insider Threats: Employees or authorised users with access to sensitive data may misuse it intentionally or accidentally.

Botnets: Networks of compromised computers controlled remotely to launch attacks (e.g., spam distribution or DDoS).

Identifying and Preventing Vulnerabilities

Penetration Testing

Definition: Simulated cyber-attacks to identify and fix vulnerabilities within a network before they can be exploited.

Purpose: Helps organisations understand potential weaknesses and strengthen their security.

Network Forensics

Definition: Investigating network activity to detect, analyse, and understand security incidents.

Use: Logs and traces network traffic to identify how an attack occurred and who was involved.

Network Policies

Definition: Formal guidelines that dictate how network resources and data are used and protected.

Includes: Rules for acceptable use, remote access policies, and guidelines for responding to security breaches.

User Access Levels

Definition: Controls to restrict access to sensitive information based on a user’s role or level of authority.

Purpose: Limits exposure to sensitive data, reducing the risk of unauthorised access and accidental modification.

Passwords, Encryption, Anti-malware, and Firewalls

Secure Passwords

Characteristics: Strong passwords are usually at least 8–12 characters long, with a mix of letters, numbers, and symbols.

Importance: A secure password is essential for protecting user accounts against brute force attacks.

Encryption

Definition: Converts data into a coded format, making it unreadable without a decryption key.

Use: Ensures data confidentiality, especially during transmission over insecure networks (e.g., internet communications).

Example: Websites with HTTPS use encryption to protect users’ data from interception.

Anti-Malware

Definition: Software designed to detect, block, and remove malicious software (malware).

Function: Scans files and monitors network traffic for malicious activity, quarantining or removing detected malware.

Firewalls

Definition: A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Types

Hardware Firewalls: Installed as a physical device, usually at the network’s entry point, to protect all devices on the network.

Software Firewalls: Installed on individual devices to provide additional security.

Function: Blocks unauthorised access to a network while allowing legitimate communications.