Please enable JavaScript.
Coggle requires JavaScript to display documents.
1.4 network security - Coggle Diagram
1.4 network security
Anti-Malware software
Protecting against malware: Users can defend against malware through quality application code, timely software patches, and regular monitoring.
Anti-malware software:
Detects, quarantines, or removes malware (e.g., viruses, trojans, worms).
Includes real-time scanning to check files before use and scheduled scans for regular checks.
Detection methods:
Comparing files to known malware databases.
Monitoring files for suspicious activity.
Malware handling options:
Clean: Remove malware from an infected file while preserving its content.
Quarantine: Isolate potentially infected files to prevent further harm.
Delete: Remove infected files entirely.
Keeping anti-malware effective:
Regular updates are essential for staying protected against new malware threats.
Many programs update automatically when connected to the internet.
Penetration testing
Importance of network security testing:
Organisations invest heavily in network security, but testing the effectiveness of security measures is crucial.
Security failures can damage a business's reputation and result in significant fines for compromised personal data.
Penetration testing:
A method used to test the system’s security by simulating hacker attacks to identify vulnerabilities.
Types of penetration testing:
Black-box testing: Mimics an external attack with no prior knowledge of the system, using brute force and known software vulnerabilities to gain access.
White-box testing: Simulates an insider attack by someone with access and knowledge of the system, helping protect against internal threats.
Firewalls
Firewall function: Sits between a trusted network (e.g., home network) and an untrusted network (e.g., internet) to prevent malicious traffic and control data flow.
Traffic control:
Permits authorized traffic to pass through.
Blocks malicious or unauthorized traffic.
Firewall types:
Basic firewalls are included in most operating systems (e.g., Microsoft Windows) and network access devices (e.g., ISP-provided routers).
Larger organizations may use dedicated firewalls to handle higher traffic volumes
User access levels
Create strong passwords: Use a mix of upper-case and lower-case letters, numbers, and special characters (e.g., *, $, #). Avoid personal information (e.g., names, birthdays).
Avoid reusing passwords: Using the same password for multiple accounts increases risk if one account is compromised.
Change passwords regularly: Periodically update passwords to ensure old ones cannot be used by others.
Don't write down or share passwords: Writing passwords down or sharing them increases the risk of unauthorized access.
Use a password manager: Store and generate secure passwords, check for duplicates, and receive alerts for compromised accounts.
Default passwords: Change weak default passwords immediately to prevent system vulnerabilities.
Encryption
Encryption techniques: Used to keep data and communications secure from interceptors.
Ciphers:
Caesar cipher: An ancient encryption method using a shared secret (key) to encrypt and decrypt messages.
Asymmetric ciphers: Use different keys for encryption and decryption, with separate keys for sender and recipient.
Vernam cipher: A theoretically perfect cipher where each character is encrypted with its own unique key.
Forms of attack:
Malware
Malware is software designed to damage computer systems or steal data. Common types include viruses, trojans, and worms, which behave differently.
Malware serves various purposes:
Spyware tracks your activity.
Keyloggers capture what you type.
Ransomware blocks access to your files.
To stay safe, users must understand how their systems can be exposed and take steps like updating software and scanning regularly for malware. Each threat has a way to defend against it.
Social engineering, e.g. phishing, people as the ‘weak point’
Social engineering refers to tricks used by cybercriminals to steal personal information like IDs or passwords. Common techniques include phishing, shouldering, blagging, and pharming. Unlike other cybercrimes, social engineering involves people deceiving or manipulating other people.
While technology can protect against unauthorised access, human error remains the biggest risk. For example, systems can enforce strong passwords, but they can’t stop someone from accidentally sharing their login details.
To avoid falling victim, users need to stay aware. Software can also help by detecting and warning about potential scams.
Brute-force attacks
Password attacks are ways to steal someone's password. Two common methods are brute force attacks and dictionary attacks:
Brute Force Attack
A program tries every possible combination of characters until it finds the password.
Short passwords with limited characters are easier to crack. For example, a 6-letter lowercase password has 308 million possibilities, which a computer can guess in seconds.
Longer passwords with more characters (e.g., uppercase, lowercase, numbers, and symbols) are much harder to crack. A 32-character password can have over 2.34 × 10¹⁰⁸ possibilities—an unimaginably large number.
Dictionary Attack
Uses a list of known passwords (a "dictionary") to guess the correct one.
The list may include common passwords or hacked passwords shared online.
If you reuse the same password across sites and one is hacked, it could appear in a dictionary. Hackers can then use it to access your other accounts.
Tip: Avoid short or common passwords, and don’t reuse passwords across sites. Use unique, strong passwords for better security
Denial of service attacks
Servers are computers that provide services to clients, like a web server providing webpages. Servers run 24/7, always ready to respond to requests.
Denial-of-Service (DoS) Attack
In a DoS attack, a server is overwhelmed with more requests than it can handle, making it unable to process requests from legitimate users.
Example:
Imagine 500 students rushing the school canteen at once; the staff can’t serve everyone, leaving others unable to get lunch. In February 2020, Amazon Web Services faced a DoS attack at 2.3 terabits per second!
Distributed Denial-of-Service (DDoS) Attack
A DDoS attack is like a DoS attack but launched from many computers at once, usually part of a botnet. A botnet is a network of infected computers controlled by a single operator, used to send massive requests to a server simultaneously.
Key Takeaway
DoS and DDoS attacks disrupt server services by overloading them with traffic, preventing legitimate users from accessing them.
Data interception and theft
In a computer network, data moves through cables or radio signals. If someone gains unauthorized access, they can intercept the data.
Accessing a wired network usually requires physical entry to a building, but wireless networks are easier to access if you're nearby. This is why encrypting wireless data is crucial.
Man-in-the-Middle Attack
This happens when a hacker intercepts the connection between two people or systems. They can:
Steal the data being shared.
Alter the data so the recipient receives tampered information.
Users are often unaware the attack is happening.
Example: A hacker might set up a free, unencrypted Wi-Fi hotspot. Any data sent over this network can be intercepted easily.
Key Takeaway
Wireless data must be encrypted to protect against interception and tampering.
The concept of SQL injection
SQL injection is a hacking method that exploits vulnerabilities in SQL statements to access or harm a database.
What is SQL?
SQL (Structured Query Language) is used to manage and query databases. For example, when you log into a website, your username and password are checked against a database using an SQL query.
How SQL Injection Works
If a website doesn’t validate user inputs properly, hackers can insert extra commands into fields like login forms to manipulate the database or bypass login systems.
1.4.2 Identifying and preventing vulnerabilities
Physical security
Legally required to secure personal data and sensitive information (commercial, financial) to prevent unauthorized access.
Authentiation
Ensures users are who they claim to be when signing in.
Traditional method: userID and password.
Modern systems often use two-factor authentication or biometric security.
Firewalls and MAC address filtering to control access.
Secure network devices against unauthorized physical access.
Building security
Security guards and access control mechanisms (smart cards, access codes) manage building entry.
CCTV monitors movements around and inside buildings.
Servers and key communication equipment should be kept in locked rooms or cabinets.
Devices should be password-protected and sensitive data encrypted.
Many organisations restrict storing data locally or leaving laptops unattended (e.g., in vehicles).