Network Security & Threats

Overview

Network security is essential for protecting computers and data within a network from various threats. As networks allow devices to communicate and share resources, they also become targets for malicious actors aiming to disrupt operations, steal data, or gain unauthorised access. Understanding network security threats and countermeasures helps ensure that networks remain safe and reliable.

Common Network Security Threats

Hackers: Individuals who attempt to gain unauthorised access to a system, often to steal, alter, or destroy data.
Viruses: Malicious programs that replicate themselves and spread, causing harm to files or network performance.
Unauthorised Access: Accessing a network without permission, which can lead to data theft or tampering.
Denial of Service (DoS): An attack that overloads a network or server, making it unavailable to legitimate users by flooding it with excessive requests.
Spyware: Software that secretly monitors and records user actions, often used to steal personal information or data.
SQL Injection: A type of attack where malicious SQL code is injected into a database query to access or manipulate data.
Phishing: A technique used to trick users into providing sensitive information, like passwords or credit card details, by pretending to be a legitimate entity.
Pharming: Redirects users from legitimate websites to fake ones without their knowledge, often to steal sensitive information.

Key Security Measures and Tools

Firewalls

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It creates a barrier between a trusted internal network and untrusted external networks (such as the Internet).

Function: Filters traffic based on rules, blocking unauthorised access while allowing safe traffic.
Types: Can be hardware-based (physical device) or software-based (installed on individual systems).
Benefits: Prevents unauthorised access, stops suspicious incoming traffic, and can prevent certain types of attacks.

Proxies

A proxy server acts as an intermediary between users and the internet, allowing requests from users to pass through it before reaching their destination.

Function: Masks users' IP addresses, filters content, and provides control over what users can access.
Benefits: Enhances privacy, can cache content to improve load times, and adds a layer of security by hiding network details.

Encryption

Encryption transforms data into a secure format, making it unreadable without the correct decryption key. It's essential for protecting data in transit or storage.

Function: Ensures that even if data is intercepted, it cannot be read by unauthorised parties.
Types:
- Symmetric Encryption: Uses the same key for encryption and decryption.
- Asymmetric Encryption: Uses a pair of keys – one public (for encryption) and one private (for decryption).
Benefits: Protects sensitive information such as passwords, financial data, and personal information from unauthorised access.

Other Preventive Measures

Secure Passwords: Strong passwords make it harder for attackers to gain unauthorised access.
- Best Practices: Use a combination of letters, numbers, and symbols; avoid common words; and change passwords regularly.
Anti-virus Software: Scans for and removes viruses and other malicious software from a computer or network.
- Function: Detects, quarantines, and removes malicious software to prevent it from spreading or causing harm.
- Regular Updates: Must be updated frequently to protect against new viruses.
Anti-spyware Software: Specifically designed to detect and remove spyware, protecting users from unauthorised monitoring.
- Function: Blocks spyware from being installed and monitors for unusual activity that might indicate spyware.
Two-Factor Authentication (2FA): Adds an extra layer of security by requiring a second form of verification in addition to a password.
- Types: SMS codes, authenticator apps, or biometric verification (e.g., fingerprint or facial recognition).
- Benefits: Protects against unauthorised access, even if a password is compromised.
Intrusion Detection Systems (IDS): Monitors network traffic for suspicious activity and sends alerts if it detects potential threats.
- Function: Helps detect and respond to attacks early, minimising potential damage.

Examples of Threats and Appropriate Countermeasures

Threat	Description	Prevention & Countermeasures
Viruses	Replicating malware that infects files	Anti-virus software, regular system updates
Unauthorised Access	Access without permission	Strong passwords, firewalls, two-factor authentication
DoS Attack	Overloads servers to disrupt service	Firewalls, load balancers, monitoring traffic patterns
SQL Injection	Malicious SQL code in database queries	Input validation, parameterised queries, web app firewalls
Phishing	Tricks users into revealing information	Anti-phishing training, email filters, 2FA
Pharming	Redirects users to fake websites	DNS security, web browser security settings
Spyware	Secretly monitors user activity	Anti-spyware software, regular system scans

Note Summary

infoNote

Common Mistakes

Using Weak Passwords: Simple or default passwords are easy to guess. Always use complex passwords.
Skipping Software Updates: Many updates include security patches. Ignoring them can leave networks vulnerable to known exploits.
Relying on One Security Layer: Effective network security requires multiple layers, including firewalls, encryption, and anti-malware tools.
Ignoring User Education: Phishing and social engineering attacks often succeed because users are unaware of security risks. User awareness is crucial.