Network Security: A Comprehensive Guide to Securing Computer Networks from Cyber Threats

COMMUNICATION TECHNOLOGIES
2.6 NETWORK SECURITY

This section looks at various security issues, what threats are there and what protection methods methods are available.

AUTHENTICATION METHODS

With the increase of vulnerabilities and sensitive data being kept and used electronically, methods of authenticating that the user is genuine and has the correct access rights has developed. As well as stronger passwords no being required many systems now use biometric authentication methods such as face recognition, finger print recognition and retina scans. Biometric methods help make the system more secure and in many cases make it easier and more user-friendly for the user.

FIREWALLS

Firewalls aim to prevent unauthorised access to computers and systems. They look at requests being made and data been received, through a mixture of hardware and software they filter data from passing through including unauthorised attempts and websites that have been banned.

MAC ADDRESS FILTERING

Every computer has a unique and permanent MAC (Media Access Control) address. In order to connect to a network the MAC address is used and identified by the network. The network administrator can filter MAC address that are allowed or not allowed to join the network. MAC address filtering in this way helps keep networks more secure and running more smoothly.

ENCRYPTION

Encryption is the process of changing information to an un-readable format, by doing this it prevents any hackers from reading and using the data, it does not stop hackers from getting the data. A mathematical algorithm is done on the original data to convert it to cyphertext (un-readable data), when the data has reached its intended destination the algorithm is used to decrypt the data so it can be read.

Private and public keys are used to ensure the same encryption algorithm encodes and decodes the data. Learn more on this topic with ENCRYPTION CHALLENGE 1

HASHING

Hashing is a technique used in data encryption to ensure the integrity and authenticity of the data. Hashing involves using a mathematical algorithm to generate a fixed-length string of characters, called a hash, from the input data. The hash is unique to the input data and is typically much shorter in length than the original data.

In data encryption, hashing is commonly used to verify that the encrypted data has not been tampered with during transmission or storage. Before the data is transmitted or stored, a hash of the original data is generated and sent along with the encrypted data. When the encrypted data is received, the recipient generates a hash of the received data and compares it to the hash sent with the data. If the hashes match, the recipient can be sure that the data has not been tampered with and is authentic.

Hashing can also be used to store passwords securely. When a user creates a password, the password is hashed and the hash is stored in a database. When the user logs in, the entered password is hashed and compared to the stored hash. If the hashes match, the user is authenticated and granted access.

Hashing is a useful tool in data encryption as it provides a fast and efficient way to ensure data integrity and authenticity, and is commonly used in a variety of applications, including data storage, data transmission, and user authentication.

HACKING

Hacking is the process of gaining access to computer systems by exploiting weaknesses in the system. There are many different types of hackers, some good and some bad. There are many different types of hacking from exploiting user vulnerability to brute force/trial and error methods. Some different categories of hackers include 'White Hat', 'Grey Hat' and 'Black Hat' hackers.

PHISHING - Phishing is the process of targeting a users, usually via email to get them to click a link and enter personal details. The Phishing email pretends to be from a genuine source and will normal direct you to a fake website that looks like an original real website of a company such as a bank.

PHARMING - Pharming is the process of intentionally redirecting users to a fake website, this could be done on client-side or server-side or by exploiting frequent misspellings. The fake website will look the same as a genuine website and is set up with the intention to gain knowledge of sensitive user information.

BLAGGING - Blagging is a social method of getting information from someone, the blagger will talk someone into giving them the details they require, the blagger make phone calls and pretend to be a representative fro organisations such as a bank.

SHOULDERING - Shouldering or shoulder surfing is where a someone watches over the shoulder of a person to gain sensitive information, such as watching over the shoulder of a person entering their PIN number.

This is not the place to learn any hacking methods, however for more information on ethical hacking check out: Ethical Hacking Tutorials | Steam Labs

PENETRATION TESTING

PEN TESTING - Pen testing, also known as Penetration testing is the process of testing for system vulnerabilities, it is normally done to simulate real world threat and system weaknesses.

WHITE BOX PEN TESTING - White box pen testing is where the hacker works with the developer to try to exploit any weak areas in the system, all of the source code may be made available to allow for thorough testing.

BLACK BOX PEN TESTING - Black box pen testing is where a hacker is not given any more information than would be expected to be given to the public. The hacker is an ethical hacker trying to find weaknesses in the system however unlike to the white box testing the hacker is not given any head starts or in house information.

MALICIOUS CODE

Malicious code or MALWARE is designed to cause disruption to computer systems from hindering performance to deleting data and even rendering the system un-usable. Malware comes in various variants such as viruses, trojans and spyware:

VIRUS - On of the key elements of a virus is that it is self replicating, it is designed to spread from one system to another. Like a biological virus some may have little to no effect on a system other can cause the system to shut down completely.

TROJAN - A Trojan is designed to look and act like normal software and is often purposely installed by unsuspecting users. Once installed it will provide an opening for other malware to enter the system.

SPYWARE - Spyware is designed to spy on what the user is doing, typing, browsing and clicking. The spyware will be hidden on the users system so the user does not know it is there. This information gain can then be used in unethical ways.

RESEARCH TASK
Research a hacker and create a brief presentation or poster on interesting facts about the hacker.
What did they do?
What type of hacker are they?
What did the hack effect?
What was the outcome of the hack?

WPA AND WEP

WEP (Wired Equivalent Practice) is an old security protocol that has not been replaced with WPA WiFi Protected Access, we are now on WPA version 3. WPA3 provides high level encryption for wireless connections along with protecting the source so users cannot access admin only areas.

PROTECTION METHODS

There are many methods to help keep systems safe, one of the most important one is user training and awareness this is also one of the most difficult measures to protect and one of the most vulnerable areas exploited. Other protection methods include Firewalls, Anti-spyware, Anti-Virus software and Physical security.

As can be seen in the video showing Google's security measure, Physical security is a major aspect of keeping data secure, it is the process of physically keeping un-authorised people away from data access.

1: Encryption prevents people from accessing data? TRUE or FALSE
2: What is the purpose of a firewall
3: Name 3 different methods of user authentication
4: Give two examples of physical security
5: Describe what a Denial Of Service attack is?
6: For a person who is just a starting to use computers, what advise would you give them to help keep them secure online.

NEXT: ERROR CHECKING