COURSE CODE: CSC325

COURSE TITLE: COMPUTER NETWORK AND SECURITY

NUMBER OF UNITS: 2 UNITS

UNIT 1- INTRODUCTION TO COMPUTER NETWORK

What Is A Network
In the simplest form, data transfer can take place between two devices that are directly
connected by some form of communication medium. But it is not practical for two devices
to be directly Point–to–Point connected. This is due to the following reasons:

(i) The devices are very far apart.

(ii) There is a set of devices, each of which may require to connect to others at various
times.

The solution to this problem is to connect each device to a communication network. A

computer network means an interconnected set of autonomous systems that permit
distributed processing of information. To meet the needs of various applications, networks
are available with different interconnection layouts and plans, methods of access, protocols,
and media. Networks can be classified based on geographical coverage.

Classification of Networks
✔ Local Area Network (LAN)
✔ Metropolitan Area Network (MAN)
✔ Wide Area Network (WAN)

Local Area Network (LAN)

A local area network is a relatively smaller and privately-owned network with a maximum
span of 10km to provide local connectivity within a building or small geographical area.
The LANs are distinguished from other kinds of networks by three characteristics:

1. Size
2. Transmission technology, and
3. Topology

Accordingly, there are many LAN standards known as IEEE area standards 802. x.

Metropolitan Area Network (MAN)

Metropolitan Area Network is defined as less than 50km and provides regional connectivity
typically within a campus or small geographical area. It is designed to extend over an entire
city. It may be a single network, such as a cable television network, or it may be a means of
connecting a number of LANs into a large network, so that resources may be shared LAN–
to–LAN as well as device-to-device. For example, a company can use a MAN to connect to
the LANs in all of its offices throughout a city.

1
Wide Area Network (WAN)
Wide Area Network provides no limit of distance. In most WANs, the subnet consists of
two distinct components. Transmission lines, also called circuits or channels, and routers.
Transmission lines are used for moving bits between machines, whereas routers are used to
connect two or more transmission lines. A WAN provides long-distance transmission of
data, voice, image, and video information over large geographical areas that may comprise
a country, a continent, or even the whole world. In contrast to LANs (which depend on their
own hardware for transmission), WANs may utilize public, leased, or private
communication devices usually in combination, and span their own unlimited number of
miles.

A WAN that is wholly owned by a single company is often referred to as an enterprise

network.

Computer Network Goals/Motivation

The main goal of a computer network is to enable its users to share resources and to access
these resources (i.e. hard disks, high-quality expensive laser printers, modems, peripheral
devices, licensed software. etc.), regardless of their physical locations. Physical locations
may be a few feet or even thousands of miles apart, but users exchange data and programs
in the same way. In other words, distance is removed as a barrier for the above application.
The computer network thus creates a global environment for its users and computers.
Another goal is to provide communication services (such as E–mail) and in general, to
provide a robust transport network. i.e., (highway) over which application can be built.

Applications of Networks
The following is a list of some applications of computer networks.

Generic application
⮚ Resource sharing (CPU, peripherals, information, and software)
⮚ Personal communication (text+graphics+audio+video)
⮚ Network-wide information discovery and retrieval.

We are now moving from personalized computing to network computing. Therefore, its
applications are increasing every day.

Types of Network
There are basically two types of networks based on whether the network contains switching
elements or not. These are Point–to–Point network and Broadcast network.

Point–to–Point Network or Switch Network

Point–to–Point networks consist of many connections between individual pairs of machines.
To go from the source destination, a packet on this type of network may have to first visit
one or more intermediate machine routers. When a packet is sent from one router to another
intermediate router, the entire packet is stored at each intermediate router, till the output line
is free and then forwarded. A subnet using this principle is called Point–to–Point or Packet
switched network.

Some possible topologies for a Point–to–Point subnet are:

2
Star
In a star topology, each device has a dedicated Point–to–Point link only to a central
controller, usually called a hub. These devices are not linked to each other. If one device
wants to send data to another, it sends to the hub which then relays the data to the other
connected devices. In a star, each device needs only one link and one I/O Port to connect it
to any number of other devices. This factor makes it easy to install and configure. Far less
cabling need to be housed and additions, moves and deletions involve only one connection
between that device and the hub.

Tree
A tree topology is a variation of a star. As in a star mode in a tree are linked to a central hub
that controls the traffic to the network. However, not every device plugs directly into the
central hub. The majority of devices connect to a secondary hub that in turn is connected to
the central hub.

The advantages and disadvantages of a tree topology are generally the same as those of
stars. The addition of secondary hubs, however, brings two further advantages. First, it
allows more devices to be attached to a single central hub and can, therefore, increase the
distance a signal can travel between devices. Second, it isolates the network and prioritizes
communication from different computers.

Ring
In a ring topology, each device has a dedicated Point–to–Point line configuration only, with
the two devices on either side of it. A signal is passed along the ring in one direction from
device to device until it reaches its destination. Each device in the ring incorporates a
repeater. When a device receives a signal intended for another device, its repeater
regenerates the bits and passes them along. A ring is relatively easy to install and
3
reconfigure. Each device is linked to its immediate neighbors. However, unidirectional
traffic can be a disadvantage. In a simple ring, a break-in ring can disable the entire network.
This weakness can be solved by using a dual ring or switch capable of closing off the break.

Bus
Bus, unlike other topologies, is a multi–point configuration. One long cable act as a
backbone to link all the devices in the network.

The advantages of bus topology include the use of the installation. A disadvantage includes
difficult reconfiguration and fault isolation.

Broadcast Networks
Broadcast networks have a single communication channel that is shared by all the machines
on the network. Short messages, called packets, sent by any machine are received by all the
others. An address field within the packet specifies for when it is intended. Upon receiving
a packet, a machine checks the address field. If the packet is intended for itself, it processes
the packet; if the packet is intended for some other machine, it is just ignored. Broadcast
systems generally also allow the possibility of addressing a packet to all destinations by
using a special code in the address field.

When a packet with this code is transmitted, it is received and processed by every machine
on the network, and this mode of operation is called broadcasting. Some broadcast systems
also support transmission to a subset of the machines, something known as multicasting.
One possible scheme is to reserve one-bit multicasting. The remaining (n–1) address bits
can hold a group number. Each machine can “subscribe” to any or all of the groups. When
a packet is sent to a certain group, it is delivered to all machines subscribing to that group.

Reference Model
In this section, we will discuss two important network architectures: the OSI reference
model and the TCP/IP reference model.

OSI (Open System Interconnection) Reference Model

The OSI model is based on a proposal developed by the International Standards
Organization as a first step towards international standardization of the protocols used in
the various layers. The model is called the ISO – OSI (International Standard Organization–
Open Systems Interconnection) Reference Model because it deals with connecting open
systems – that is, systems that are open for communication with other systems. Its main
objectives were to:

(i) Allow the manufacture of different systems to interconnect equipment through

standard interfaces.
(ii) Allow software and hardware to integrate well and be portable on different systems.

The OSI model has seven layers shown below. The principles that were applied to arrive at
the seven layers are as follows:

1. Each layer should perform a well–defined function.

4
2. The function of each layer should be chosen with an eye toward defining
internationally standardized protocols.
3. The layer boundaries should be chosen to minimize the information flow across the
interfaces.

The seven layers of the ISO OSI Reference Model are:

(a) Physical Layer

(b) Data Link Layer
(c) Network Layer
(d) Transport Layer
(e) Session Layer
(f) Presentation Layer
(g) Application Layer.

The Physical Layer

5
The physical layer defines the electrical and mechanical specifications of cables,
connectors, and signaling options that physically link two nodes on a network.

The Data Link Layer

The main task of the Data Link Layer is to provide error-free transmission. It accomplishes
this task by having the sender break the input data up into data frames, transmit the frames
sequentially, and process the acknowledgment frames sent back to the receiver.

The Data Link Layer creates and recognizes frame boundaries. This can be accomplished
by attaching special bit patterns to the beginning and end of the frame. If these bit patterns
can accidentally occur in the data, special care must be taken to make sure these patterns
are not incorrectly interpreted as frame delimiters.

The Network Layer

While the Data Link Layer is responsible for end-to-end delivery, the network layer ensures
that each packet travels from its source to its destination successfully and efficiently. A key
design issue is determining how packets are routed from source to destination. Routes can
be based on static tables that are “wired into” the network and rarely changed.

They can also be determined at the start of each conversation, for example, a terminal
session. Finally, they can be highly dynamic, being determined anew for each packet, to
reflect the current network load.

When a packet has to travel from one network to another to get to its destination, many
problems can arise. The addressing used by the second network may be different from the
first one. The second one may not accept the packet at all because it is too large. The
protocols may differ, and so on. It is up to the network layer to overcome all these problems
to allow heterogeneous networks to be interconnected.

The Transport Layer

The basic function of the transport layer is to accept data from the session layer, split it up
into smaller units if need be, pass these to the Network Layer, and ensure the pieces all
arrive correctly at the other end. Furthermore, all this must be done efficiently, and in a way
that isolates the upper layers from the inevitable changes in the hardware technology.

The transport layer provides location and media-independent data transfer service to the
session and upper layers.

The Session Layer

The main tasks of the session layer are to provide:
Session establishment
● Session Release– Orderly or Abort
Data Exchange
Expedited Data Exchange.

The session layer allows users on different machines to establish sessions between them. A
session allows ordinary data transport, as does the transport layer, but it also provides
enhanced services useful in some applications. A session might be used to allow a user to
log into a remote time-sharing system or to transfer a file between two machines.
6
One of the services of the session layer is to manage dialogue control. Sessions can allow
traffic to go in both directions at the same time, or in only one direction at a time. If traffic
can only go one way at a time (analogous to a single railroad track), the session layer can
help keep track of whose turn it is.

A related session service is token management. For some protocols, it is essential that both
sides do not attempt the same operation at the same time. To manage these activities, the
session layer provides tokens that can be exchanged. Only the side holding the token may
perform the critical operation.

Another session service is synchronization. Consider the problem that might occur when
trying to do a two–hour file transfer between two machines with a one-hour mean time
between crashes. After each transfer is aborted, the whole transfer would have to start over
again and would probably fail again the next time as well. To eliminate this problem, the
session layer provides a way to insert after the last checkpoint has to be repeated.

The Presentation Layer

Unlike all the lower layers which are just interested in moving bits reliably from here to
there, the presentation layer is concerned with the syntax and semantics of the information
transmitted.

A typical example of a presentation service is encoding data in a standard agreed-upon way.

Most user programs do not exchange random binary bit strings, they exchange things such
as people’s names, dates, amounts of money, and invoices. These items are represented as
character strings, integers, floating–point numbers and data structures composed of several
simpler items. Different computers have different codes for representing character strings,
(e.g., ASCII and Unicode), integers (e.g., one’s complement and two’s complement), and
so on. In order to make it possible for computers with different representations to
communicate, the data structure to be exchanged can be defined in an abstract way, along
with a standard encoding to be used “on the wire”.

The presentation layer manages these abstract data structures and converts from the
representation used inside the computer to the network standard representation and back.

Application Layer
The application layer supports functions that control and supervise OSI application
processes such as starting/maintaining/stopping the application, allocating/de–allocate OSI
resources, accounting, checkpointing, and recovering. It also supports remote job execution,
file transfer protocol, message transfer, and virtual terminal.

TCP Reference Model

The TCP/IP network architecture is a set of protocols that allow communication across
multiple device networks. The architecture evolved out of research that had the original
objective of transferring packets across three different packet networks: the ARPANET
packet–switching networks, a packet radio network, and a packet satellite network. The
military orientation of the research placed a premium on robustness with regard to failures
in the network and on flexibility in operating over diverse networks. The environment led

7
to a set of protocols that are highly effective in enabling communication among the many
different types of computer systems and networks. Today, the
internet has become the primary fabric for interconnecting the world’s computers. In this
section, we introduce the TCP/IP network architecture and TCP/IP is the main protocol for
carrying information.

The diagram below shows the TCP/IP network architecture, which consists of four layers.
The Application Layer provides services that can be used by other applications. For
example, protocols have been developed for remote login, for email, for file transfer, and
for network management.

The Application Layer programs are intended to run directly over the transport layer. Two
basic types of services are offered in the transport layer. The first service consists of reliable
connection–oriented transfer of a byte stream, which is provided by the Transmission
Control Protocol (TCP). The second service consists of best–effort connectionless transfer
of individual messages, which is provided by the User Datagram Protocol (UDP). This
service provides no mechanisms for error recovery or flow control. UDP is used for
applications that require quick but necessary flow control. UDP is used for applications that
require but necessarily a reliable delivery layer.

Application Layer

Transport Layer
Internet Layer

Network Interface
Layer

TCP/IP Network Architecture

The TCP/IP model does not require strict layering. In other words, the application layer has
the option or bypassing intermediate layers. For example, an application layer may run
directly over the internet.

The Internet Layer handles the transfer of information across multiple networks through
the use of gateways of routers, as shown below. The Internet Layer corresponds to the part
of the OSI network layer that is concerned with the transfer of packets between machines
that are connected to different networks. It must, therefore, deal with the routing of packets
across these networks as well as with the control of congestion. A key aspect of the internet
layer is the definition of globally unique addresses for machines that are attached to the
Internet.

The internet layer provides a single service, namely: best–effort connectionless packet
transfer. IP packets are exchanged between routers without a connection set up; the packets
are routed independently, so they may traverse different paths. For this reason, IP packets
are also called datagrams. The connectionless approach makes the system robust; that is,
if failures occur in the network, the packets are routed around the points of failure; there is
no need to set up the connections. The gateways that interconnect the intermediate networks
8
may discard packets when congestion occurs. The responsibility for recovery from these
losses is passed on to the transport layer.

Finally, the Network Interface layer is concerned with the network–specific aspects of the
transfer of packets. As such, it must deal with the part of the OSI network layer and data
link layer. Various interfaces are available for connecting end computer systems to specific
networks such as X.25, ATM, frame relay, Ethernet, and token ring.

The Internet Layer and Network Interface Layers

The network interface layer is particularly concerned with the protocols that access the
intermediate networks. At each gateway, the network access protocol encapsulates the IP
packet into a packet or frame of the underlying network or link. The IP packet is recovered
at the exit gateway of the given network. This gateway must then encapsulate the IP packet
into a packet or frame of the type of the next network or link.

This approach provides a clear separation of the internet layer from the technology-
dependent network interface layer. This approach also allows the internet layer to provide
a data transfer service, that is, a transparent sense of not depending on the details of the
underlying networks. The next section provides a detailed example of how IP operates over
the underlying networks.

The figure below shows some of the protocols of the TCP/IP protocol suite. The figure
shows two of the many protocols that operate over TCP, namely, HTTP and SMTP. The
figure also shows DNS and Real-time Protocol (RTP), which operate over UDP. The
transport layer protocols TCP and UDP, on the other hand, operate over IP. Many network
interfaces are defined to support IP. The salient part of the figure below is that all higher–
layer protocols access the network interfaces through IP. This feature provides the capability
to operate over multiple networks. The IP protocol is complemented by additional protocols
(ICMP, IGMP, ARP, and RARP) that are required to operate the internet.

9
TCP/IP PROTOCOL GRAPH

The hourglass shape of the TCP/P protocol graph underscores the features that make TCP/IP
so powerful. The operation of the single IP protocol over various networks provides
independence from the underlying network technologies. The communication services of
TCP and UDP provide a network-independent platform on which applications can be
developed. By allowing multiple network technologies to coexist, the Internet is able to
provide ubiquitous connectivity and achieve enormous economies of scale.

Difference between OSI Reference Model & TCP

10
 UNIT TWO - NETWORK SECURITY

What Is Network Security?

Network security, a specialized field within cybersecurity, encompasses the policies,

procedures, and technologies organizations use to protect their networks and any network
assets or traffic. Regardless of industry or size, all organizations must prepare against threats
like data loss, unauthorized access, and network-based attacks.

Network security is crucial for protecting business-critical infrastructure and assets,

minimizing the attack surface, and preventing advanced attacks. Network security solutions
use a layered approach to protect networks internally and externally. Vulnerabilities are
present in many areas, including end-point devices, users, applications, and data paths.

In recent years, organizations and networks have changed. The modern IT environment is
distributed, with the growth of the cloud, edge computing, and the Internet of Things (IoT).
The massive transition to remote work has also created new security challenges. In the
2020s, network security must go beyond the traditional network perimeter, to adopt a zero-
trust security approach.

Network security is the practice of protecting corporate networks from intrusions and data
breaches. Common network security threats include social engineering attacks aimed at
stealing user credentials, Denial of Service (DoS) attacks that can overwhelm network
resources, and malware used by attackers to establish a persistent hold on the network.

In a modern IT environment, network threats can originate from automated mechanisms

like bots, sophisticated attacks known as advanced persistent threats (APT), malicious
insiders, and third-party vendors whose systems were compromised by attackers.

To protect against these threats, organizations use a variety of strategies, including

defensive tools like next-generation, network segmentation which can isolate sensitive
resources and prevent lateral movement, and incident response processes that enable rapid
and effective response when attacks occur.

COMMON NETWORK SECURITY THREATS

Social Engineering: Social engineering attacks rely on manipulating human emotion to

gain unauthorized network access. Attackers send messages that arouse curiosity, fear, or
other emotions, and trick the user into deploying malware or divulging their network
credentials. Common types of social engineering attacks include phishing, baiting,
tailgating, and pretexting.

Password Attacks: Any type of attack that involves someone attempting to use a
password illegitimately is considered to be a password attack. The hacker may obtain
access either by guessing, stealing or cracking a password.

Phishing: This online scamming technique attempts to obtain sensitive data like credit card
details and credentials. A phishing attack uses fraudulent email messages designed to appear
legitimate by impersonating a reputable banking institution, website, or personal contact. It
11
tricks the user into clicking on a malicious URL or replying to the email by sending financial
and credential information.

Cyberattacks: Cyberattacks are attacks by a cybercriminal targeting one or multiple

computer networks or machines. Cyber-attacks can perform malicious actions such as
disabling computers, stealing data, or using infected computers as a pivot to launch further
attacks. Attackers use various methods to execute cyberattacks, including social engineering
techniques like phishing, brute force techniques, denial of service (DoS), and injecting
malware or ransomware.

Misconfiguration Exploits: A security misconfiguration is any incorrect or insecure

configuration of security controls that put the system at risk. Poor management practices
such as inadequate documentation of configuration changes, reliance on defaults, and
technical issues affecting endpoint components can lead to misconfiguration.

Configuration errors can occur for various reasons—a modern network infrastructure is
complex and constantly changing. Organizations often overlook important security settings,
such as default configurations for network devices.

Securing endpoint configurations once is not enough—organizations and institutions must

periodically audit configurations and security controls to identify drift. Misconfigurations
often result from adding new devices to the network or modifying and patching systems.

Denial-of-Service (DoS)

DoS attacks prevent legitimate users from accessing data or services on a target website.
They occur when a malicious attacker overloads the website with junk traffic.

Distributed denial-of-service (DDoS) attacks are similar to DoS but are more difficult to
overcome. Attackers launch a DDoS attack from multiple computers distributed worldwide
in a network of infected machines.

A distributed denial of service (DDoS) attack leverages a botnet controlled by the attacker,
which may consist of thousands or millions of machines, to flood networks with fake traffic.
Sometimes, the goal of a DDoS attack is to distract IT and security teams, while attackers
are conducting a primary attack.

Large-scale DDoS attacks are impossible to withstand using on-premises security tools, and
the most effective defense is third-party DDoS mitigation solutions that operate at a cloud
scale.

Malware

Malware is malicious software that can spread across computer systems and can be used to
compromise a device or cause damage to data and systems. An especially damaging form
of malware is ransomware, which encrypts data, making it unusable to its owners.

12
Malware is commonly used by attackers to establish and deepen their hold on compromised
systems in a corporate network. Its primary distribution vectors are email, malicious links,
and compromised websites.

Malware is short for malicious software. Attackers usually use it to take control of the target
system, exfiltrate sensitive data, or install unwanted programs on the target device without
the victim’s knowledge. Malware can spread spyware, worms, and Trojan horses via pop-
up advertisements, compromised files, fraudulent websites, or phishing emails.

Ransomware

Ransomware is a form of malware that cybercriminals use to lock the target device and
demand a ransom in exchange for unlocking it. It spreads via malicious apps and phishing
emails, preventing users from launching apps or encrypting files—in some cases, it
completely disables the device.

Rogue Security Software

Malware tricks users into believing that their security measures are outdated or that a virus
has infected their computer. It prompts the user to install a security feature or update security
settings, often demanding payment for the tool or download. When users try to remove the
suspected virus, they innocently install real malware on their devices.

Insider Threats

Insider threats might be malicious insiders motivated by vengeance or financial gain,

compromised accounts, or negligent insiders who violate security policies. Insider threats
are difficult to detect with traditional security tools, and because insiders have privileged
access to sensitive systems, can be very dangerous. A key strategy for combating insider
threats is zero trust security, which ensures every user has the least privileges, and
continuously verifies and authenticates all connection requests.

Third-Party Vendors

Most organizations make use of third-party vendors and commonly give these vendors
access to critical systems. Several global security incidents were due to the compromise of
high-profile suppliers, which were used by some of the world’s leading organizations.

It is critical for organizations to establish a third-party risk management program. As part

of this program, they should gain visibility over their suppliers’ security practices, and limit
supplier privileges to the minimum possible.

Advanced Persistent Threats (APT)

APTs are organized attackers, sometimes operated by groups of hackers, who launch
sophisticated, highly evasive attacks against an organization.

13
APTs typically use multi-stage attacks with several attack vectors (such as social
engineering, malware, and vulnerability exploitation) to penetrate a network, get around
security defenses, and avoid detection. They might dwell in the network for months or years,
slowly gaining access to valuable assets and stealing sensitive data.

Zero trust, next-generation firewalls (NGFW), and advanced threat detection solutions like
XDR, can all help mitigate the APT threat.

SOLUTIONS TO NETWORK SECURITY THREATS

There is no one approach to address all the critical threats we presented above. However,
the following network security practices can help prevent many of these threats, and help
detect and mitigate them if an attack occurs.

● Antivirus Software: Antivirus software can be installed on all network devices to

scan them for malicious programs. It should be updated regularly to fix any issues or
vulnerabilities.
● Encryption: Encryption is the process of scrambling data to the point of
unintelligibility and providing only authorized parties the key (usually a decryption
key or password) to decode it. This way, even if data is intercepted or seen by an
unauthorized user, they are unable to read it.
● Firewalls: Firewalls are a software program, hardware device or combination of both
that blocks unsolicited traffic from entering a network. They can be configured to only
block suspicious or unauthorized traffic, while still allowing access to legitimate
requests.
● Multi-Factor Authentication: Multi-factor authentication is simple: users must
provide two separate methods of identification to log into an account (for instance,
typing in a password and then typing in a numeric code that was sent to another
device). Users should present unique credentials from two out of three categories —
something you know, something you have and something you are — for multi-factor
authentication to be fully effective.
● Network Segmentation: Network segmentation involves breaking down a larger
network into various subnetworks or segments. If any of the subnetworks are
infiltrated or compromised, the others are left untouched because they exist
independently of each other.

Use a Next-Generation Firewall (NGFW)

Traditional firewalls inspect the state of network traffic, blocking or allowing traffic
according to rules and filters defined by the administrator. NGFWs provide all the
functionalities of a regular firewall and more, enabling Deep Packet Inspection (DPI) and
blocking application-based threats.

For a firewall to qualify as a next-generation firewall (according to the Gartner definition),

it must provide:
14
 ● Stateful inspection and other standard firewall functionalities
● Threat intelligence from various sources
● Application control and visibility to identify and block applications that present a
risk
● An intrusion prevention system
● Adaptable capabilities to handle evolving cyber threats
● Upgrade paths for future threat intelligence feeds

Implement Network Segmentation and Segregation Strategies

Managing security for a large unsegmented network can be a complex task. Such tasks
might include defining firewall rules and successfully handling traffic flow.

You can make management easier by segmenting your network into small chunks and
creating different trust zones. This approach can also ensure networks are isolated if a
security incident occurs, limiting the impact and risk of a network intrusion.

An unsegmented network presents attackers with a greater attack surface. Attackers can
then move laterally through the network and access business-critical information. A breach
like this can bypass detection in a large-scale network. Enforcing network segregation and
segmentation gives your organization control over how traffic travels within your
environment.

Conduct Third-Party Vendor Assessment

In some cases, you may have to work with third-party contractors. When you give third-
party vendors access to your organization’s network, it affects the security of your
organization. In essence, your network is only as secure as your vendors.

Ensure you evaluate the security posture of any third-party vendors according to the level
of access they need. Select vendors with strong security practices and appropriate
compliance certifications, and be sure to revoke access as soon as a contractor is no longer
working on your systems.

Establish an Incident Management Plan

An incident management plan guides you through the entire process of cyber incident
management, from the time of the incident through to returning to normal operations. It
defines roles and responsibilities, establishes procedures and communication channels, and
establishes an organizational structure for rapid response to incidents.

The incident response process is initiated when a security breach is identified via network
security monitoring. The incident response team escalates the incident to the right teams
and efficiently resolves the incident. After resolving the situation, the next step is to restore
and recover systems to their correct functioning. A business continuity/disaster recovery
(BC/DR) plan can help ensure the availability of your network and related systems even in
case of a disaster or severe cyber-attack.

15
One security strategy won’t be enough to fully and effectively protect a network. A
combination of different techniques will ensure that your network is as secure as possible
and will help to meet the unique needs of your organization.

Common Network Security Vulnerabilities

In order to effectively implement and maintain secure networks, it’s important to understand
the common vulnerabilities, threats, and issues facing IT professionals today. While some
can be fixed fairly easily, others require more involved solutions.

Virtually all computer networks have vulnerabilities that leave them open to outside attacks;
further, devices and networks are still vulnerable even if no one is actively threatening or
targeting them. A vulnerability is a condition of the network or its hardware, not the result
of external action.

These are some of the most common network vulnerabilities:

● Improperly installed hardware or software

● Operating systems or firmware that have not been updated
● Misused hardware or software
● Poor or a complete lack of physical security
● Insecure passwords
● Design flaws in a device’s operating system or in the network

While a vulnerability does not guarantee that an attacker or hacker will target your network,
it does make it much easier and possible for them to gain access to it.

Physical Security Considerations

You must also consider the physical security of the various devices, servers, and systems
that are used to power and maintain your network. If a network is physically vulnerable, it
doesn’t matter how strong or extensive its security is, because if someone can gain physical
access to any of these items, the entire network could then be compromised.

Important physical safety considerations include the following:

● Storing network servers and devices in a secure location

● Denying open access to this location to members of your organization
● Using video surveillance to deter and detect anyone who attempts to access this
location

Taking precautions to maintain the physical safety of your network will ensure that it’s able
to run as smoothly and safely as possible.

Network Protection Tips

Regardless of your organization’s needs, there are a few general network protection tips and
best practices that you should be sure to follow. Below is a very basic overview of some of

16
the most important, but perhaps underestimated, steps IT professionals should take to ensure
network security.

Grant Access Sparingly

Always be aware of who has access to your network or servers. After all, not everyone in
your organization needs to be able to physically or electronically access everything on your
network. Don’t give blanket access to every employee in your organization; only give out
what information is necessary to help reduce the chance of unauthorized access, purposeful
or unintentional tampering, or security breaches.

Follow Password Best Practices

It’s a basic principle, but following password best practices is a simple and highly effective
way to maintain network security. Many people create passwords that aren’t strong, reuse
previous passwords and don’t use unique passwords for each of their accounts. Encourage
all employees to follow password best practices, especially for their work accounts, as it
can help keep everyone’s data safe.

Secure Servers and Devices

Physically protect your servers and your devices. Keep them in a safe location, and do not
grant general access to this room or area. Be sure the room is locked when it’s not in use
and keep an eye on the area when it is unsecured or in use.

Test Your Security

You should never assume that your network is completely secure. Continually test
and troubleshoot your network to see what is substandard or to identify any vulnerabilities.
Be sure to make fixes and updates as needed.

In addition, if you do not already have a data recovery plan in place, now is the time to
create one. Even the best-secured networks are compromised and infiltrated, and though no
one wants or necessarily expects that to happen, being prepared for the worst will make
solving the problem significantly easier.

Computer networking is constantly evolving, and what was once considered a network
security best practice may soon be a thing of the past. IT professionals need continual
education and training to keep up on the latest security issues and threats, so they can more
effectively implement promising network security solutions.

Network Troubleshooting Applications

In addition to command-line tools, there are also a number of standalone applications that
can be used to determine the status of a network and to troubleshoot issues. Some of these
applications may be included in the system that you are working with, while others may
need to be installed separately.
17
● Packet Sniffer: Provides a comprehensive view of a given network. You can use this
application to analyze traffic on the network, figure out which ports are open and
identify network vulnerabilities.
● Port Scanner: Looks for open ports on the target device and gathers information,
including whether the port is open or closed, what services are running on a given port
and information about the operating system on that machine. This application can be
used to figure out which ports are in use and identify points in a network that could
be vulnerable to outside attacks.
● Protocol Analyzer: Integrates diagnostic and reporting capabilities to provide a
comprehensive view of an organization's network. You can use analyzers to
troubleshoot network problems and detect intrusions into your network.
● Wi-Fi Analyzer: Detects devices and points of interference in a Wi-Fi signal. This
tool can help you to troubleshoot issues in network connectivity over a wireless
network.
● Bandwidth Speed Tester: Tests the bandwidth and latency of a user’s internet
connection. This application is typically accessed through a third-party website and
can be used to confirm user reports about slow connections or download speeds.

Hardware Tools
Command-line tools and applications are software tools for troubleshooting, but some
network problems have hardware causes and solutions.

Here are some hardware tools that can help you diagnose and solve network issues:

● Wire Crimpers: A wire crimper (sometimes called a cable crimper) is a tool that
attaches media connectors to the ends of cables. You can use it to make or modify
network cables.
● Cable Testers: A cable tester (sometimes called a line tester) is a tool that verifies if
a signal is transmitted by a given cable. You can use one to find out whether the cables
in your network are functioning properly when diagnosing connectivity issues.
● Punch-Down Tool: A punch-down tool is used in a wiring closet to connect cable
wires directly to a patch panel or punch-down block. This tool makes it easier to
connect wires than it would be to do it by hand.
● TDR: A time-domain reflectometer (TDR) is a measuring tool that transmits an
electrical pulse on a cable and measures the reflected signal. In a functioning cable,
the signal does not reflect and is absorbed in the other end. An optical time-domain
reflectometer (OTDR) is a similar tool but used for measuring fiber optic cables,
which are becoming more common in modern networks.
● Light Meter: Light meters, also known as optical power meters, are devices used to
measure the power in an optical signal.
● Tone Generator: A tone generator is a device that sends an electrical signal through
one pair of UTP wires. On the other end, a tone locator or tone probe is a device that
emits an audible tone when it detects a signal in a pair of wires. You can use these
tools to verify that signals are passing through the wires in your network. They are
often used to confirm phone connectivity.
● Loopback Adapter: A loopback adapter is a virtual or physical tool that can be used
for troubleshooting network transmission issues. It can be used by utilizing a special
connector that redirects the electrical signal back to the transmitting system.
18
● Multimeter: A multimeter (sometimes called a volt/ohm meter) is an electronic
measuring instrument that takes electrical measurements such as voltage, current and
resistance. There are hand-held multimeters for fieldwork as well as bench-top models
for in-house troubleshooting.
● Spectrum Analyzer: A spectrum analyzer is an instrument that displays the variation
of a signal strength against the frequency.

19
 UNIT 3: DATA SECURITY POLICIES/ADMINISTRATION.

What is a security policy?

A security policy (also called an information security policy or IT security policy) is a

document that spells out the rules, expectations, and overall approach that an organization
uses to maintain the confidentiality, integrity, and availability of its data. Security
policies exist at many different levels, from high-level constructs that describe an
enterprise’s general security goals and principles to documents addressing specific issues,
such as remote access or Wi-Fi use.

A security policy is frequently used in conjunction with other types of documentation such
as standard operating procedures. These documents work together to help the company
achieve its security goals. The policy defines the overall strategy and security stance, with
the other documents helping build a structure around that practice. You can think of a
security policy as answering the “what” and “why,” while procedures, standards, and
guidelines answer the “how.”

Four reasons a security policy is important

Security policies may seem like just another layer of bureaucracy, but in truth, they are a
vitally important component in any information security program. Some of the benefits of
a well-designed and implemented security policy include:

1. Guides the implementation of technical controls: A security policy doesn’t

provide specific low-level technical guidance, but it does spell out the intentions and
expectations of senior management in regard to security. It’s then up to the security
or IT teams to translate these intentions into specific technical actions.

For example, a policy might state that only authorized users should be granted access
to proprietary company information. The specific authentication systems and access
control rules used to implement this policy can change over time, but the general
intent remains the same. Without a place to start, the security or IT teams can only
guess senior management’s desires. This can lead to inconsistent application of
security controls across different groups and business entities.

2. Sets clear expectations: Without a security policy, each employee or user will be
left to his or her own judgment in deciding what’s appropriate and what’s not. This
can lead to disaster when different employees apply different standards.

Is it appropriate to use a company device for personal use? Can a manager share
passwords with their direct reports for the sake of convenience? What about
installing unapproved software? Without clear policies, different employees might
answer these questions in different ways. A security policy should also clearly spell
out how compliance is monitored and enforced.

3. Helps meet regulatory and compliance requirements: Documented security

policies are a requirement of legislation like HIPAA and Sarbanes-Oxley, as well as
regulations and standards like PCI-DSS, ISO 27001, and SOC2. Even when not
20
 explicitly required, a security policy is often a practical necessity in crafting a
strategy to meet increasingly stringent security and data privacy requirements.

4. Improves organizational efficiency and helps meet business objectives: A good

security policy can enhance an organization’s efficiency. Its policies get everyone on
the same page, avoid duplication of effort, and provide consistency in monitoring
and enforcing compliance. Security policies should also provide clear guidance for
when policy exceptions are granted, and by whom.

To achieve these benefits, in addition to being implemented and followed, the policy
will also need to be aligned with the business goals and culture of the organization.

Three types of security policies

Security policies can vary in scope, applicability, and complexity, according to the needs of
different organizations. While there’s no universal model for security policies, the National
Institutes of Standards and Technology (NIST) spells out three distinct types in Special
Publication (SP) 800-12:

1. Program policy: Program policies are strategic, high-level blueprints that guide an
organization’s information security program. They spell out the purpose and scope
of the program, as well as defining roles and responsibilities and compliance
mechanisms. Also known as master or organizational policies, these documents are
crafted with high levels of input from senior management and are typically
technology agnostic. They are the least frequently updated type of policy, as they
should be written at a high enough level to remain relevant even through technical
and organizational changes.

2. Issue-specific policy: Issue-specific policies build upon the generic security policy
and provide more concrete guidance on certain issues relevant to an organization’s
workforce. Common examples could include a network security policy, bring-your-
own-device (BYOD) policy, social media policy, or remote work policy. These may
address specific technology areas but are usually more generic. A remote access
policy might state that offsite access is only possible through a company-approved
and supported VPN, but that policy probably won’t name a specific VPN client. This
way, the company can change vendors without major updates.

3. System-specific policy: A system-specific policy is the most granular type of IT

security policy, focusing on a particular type of system, such as a firewall or web
server, or even an individual computer. In contrast to the issue-specific policies,
system-specific policies may be most relevant to the technical personnel that
maintains them. NIST states that system-specific policies should consist of both a
security objective and operational rules. IT and security teams are heavily involved
in the creation, implementation, and enforcement of system-specific policies but the
key decisions and rules are still made by senior management.
21
Seven Elements of an Effective Security Policy

Security policies are an essential component of an information security program and need
to be properly crafted, implemented, and enforced. An effective security policy should
contain the following elements:

1. Clear purpose and objectives: This is especially important for program policies.
Remember that many employees have little knowledge of security threats, and may
view any type of security control as a burden. A clear mission statement or purpose
spelled out at the top level of a security policy should help the entire organization
understand the importance of information security.
2. Scope and applicability: Every security policy, regardless of type, should include a
scope or statement of applicability that clearly states to whom the policy applies.
This can be based on the geographic region, business unit, job role, or any other
organizational concept so long as it's properly defined.
3. Commitment from senior management: Security policies are meant to
communicate intent from senior management, ideally at the C-suite or board level.
Without buy-in from this level of leadership, any security program is likely to fail.
To succeed, your policies need to be communicated to employees, updated regularly,
and enforced consistently. A lack of management support makes all of this difficult
if not impossible.
4. Realistic and enforceable policies: While it might be tempting to base your security
policy on a model of perfection, you must remember that your employees live in the
real world. An overly burdensome policy isn’t likely to be widely adopted. Likewise,
a policy with no mechanism for enforcement could easily be ignored by a significant
number of employees.
5. Clear definitions of important terms: Remember that the audience for a security
policy is often non-technical. Concise and jargon-free language is important, and any
technical terms in the document should be clearly defined.
6. Tailored to the organization’s risk appetite: Risk can never be completely
eliminated, but it’s up to each organization’s management to decide what level of
risk is acceptable. A security policy must take this risk appetite into account, as it
will affect the types of topics covered.
7. Up-to-date information: Security policy updates are crucial to maintaining
effectiveness. While the program or master policy may not need to change
frequently, it should still be reviewed on a regular basis. Issue-specific policies will
need to be updated more often as technology, workforce trends, and other factors
change. You may find new policies are also needed over time: BYOD and remote
access policies are great examples of policies that have become ubiquitous only over
the last decade or so.

22