Network Security

In this tutorial, you will learn the basic concepts of network security. After reading this tutorial, you will learn about security threats, vulnerabilities in networks, and different types of methods to achieve network security.

Contents:

1. Network Security
2. Security Threats and Vulnerabilities
3. Physical Equipment Security
4. Network Security in the Protocol Stack
5. Layered Approach
6. Common Network Security Solutions
7. Authentication, Authorization, and Accounting
8. Security of End Device

Network Security

When the computer network concept was new, it was mostly used by researchers for research fields to send emails and by employees to share printers. Because of this, there was no major security problem. But nowadays, a lot of different types of networks are interconnected, and a lot of confidential information is stored. As time passed, the network became increasingly vulnerable, and security became a major problem.

• Generally, network security comes about to ensure that unwanted users or unauthorized users cannot read or modify messages during transmission, which are intended for other receivers.
• Security problems arise on the network due to malicious people who try to gain an advantage or try to expose a person’s confidential information.
• A script-kiddie hacker who is newly learned and doesn’t know much about cyber laws and unknown strategies, such as a student might try to spy on people’s emails just to have fun. The person who tries to breach the security and create problems for the system is called an adversary.
• Adversaries can be students, crackers, professional hackers, terrorists, stockbrokers, ex-employees of the company, etc., which can cause security problems.
• Security compromises due to security threats and vulnerabilities.

Security Threats and Vulnerabilities

Large companies usually have their own network and depend on their own computers to handle the activities of their network. But an attacker can compromise the security of the company and try to find the vulnerability in the system and gain access to the system. When an attacker gains access to the network, security threats such as information theft, identity theft, and denial of service can arise.

• Information theft: When an attacker gains access to the company’s network, he tries to steal the company’s confidential information and sells it for a very high price.
  • The information can be employee data, research papers, project codes, company income data, etc.
• Identity Theft: An attacker stole the personal information like credit card data, legal documents, etc. This is the most common theft nowadays.
• Denial of Service: An attacker accesses all the resources of the system and prevents other users from accessing those resources.

Vulnerability: This is a degree of weakness in a wired or wireless network that opens the door for attackers to access physical devices located on an organization’s local area network.

• A network security engineer or network engineer has to regularly examine the weaknesses and strengths of the TCP/IP protocol, the working of the operating system, and network equipment.
• The vulnerability occurs when the computer is configured with easy-to-guess passwords or default usernames and passwords.
• If switches, routers, and firewalls are not configured properly it can cause significant security issues. For example, during the configuration of the firewall, an unauthorized access issue may arise if the network administrator enters an unwanted IP address range in the access list.
• The policy is necessary to secure a network. But if the security policy cannot be enforced consistently then it becomes a policy vulnerability. The network administrator must create a disaster recovery policy, so if a disaster occurs, the data is backed up.

Physical Equipment Security

The network is run by physical devices. Therefore, the physical security of the equipment should be considered, and a good physical security plan should be made and implemented.

• It may be possible that servers, routers, firewalls, switches, cables, etc., may be physically damaged.
• Physical equipment may stop working due to rising temperatures, electrical problems, or poor maintenance.

The diagram below shows how we can secure our physical devices.

• As shown in the diagram, we can put all the physical devices in one room, or for the company, it is the data center. A room must have cooled so that the equipment is not prone to environmental hazards.
• Electricity should be monitored regularly. The connection of cables should be checked and checked whether the cables are physically damaged or that they are working properly.
• Also, close the door to the room where all of your network equipment is located that controls an organization’s network.
• Make a card reader machine so that only an authorized person can enter the room.
• Also installed security CCTV cameras to keep an eye on network equipment.

Network Security in the Protocol Stack

The application layer, transport layer, network layer, data link layer, and physical layer are responsible for the working of the whole network. So, let us understand the network security in each layer.

The diagram below explains the network security in the protocol stack.

• As shown in the figure, media security, link encryption, packet filtering, end-to-end security, and authentication are performed in the physical layer, data link layer, network layer, transport layer, and application layer, respectively.
• Physical layer cables are used in wired networks. So, we can add inert gas at high pressure to the sealed tubes. If an attacker tries to drill into a tube, the tube will release gas, the pressure begins to drop, and an alarm sound. This improves the security of the physical layer.
• At the data link layer, packets sent are encrypted on the sender side and decrypted on the receiver side. The link encryption method is used on the network.
• A firewall at the network layer is used to protect the network, as it filters packets, which means it allows good packets in and bad packets out.
• In the transport layer, the entire connection from the sender’s process to the receiver’s process is encrypted, which is known as end-to-end encryption.
• In the application layer, the problem of authentication and non-repudiation of the user is handled.

Layered Approach

On a network, hackers or attackers try to access the network. We have to prevent unauthorized access.

The diagram below explains the security mechanisms in an organization network.

• The organization network is shown with network security, as shown in the figure.
• The Router-1 provides a Virtual Private Network (VPN), which provides users with an encrypted tunnel for communication.
• The firewall secures the entire network by filtering out bad packets. It provides a way for internal traffic to go out and back but does not allow outside traffic in.
• Before traffic enters or leaves the network, an intrusion prevention system (IPS) detects whether there is malware or a virus. If it detects danger, it stops the traffic and does not allow it to communicate.
• Email Security Tools (ESA) are used to filter spam emails, and Web Security Tools (WSAs) prevent access to websites containing malware or spyware.
• The DMZ server (Demilitarized Zone Server) is located outside the network but is configured with special policies by the network administrator so that it can access the internal network.

Common Network Security Solutions

No matter how well the network is designed, it does have some vulnerabilities. The vulnerability may cause data loss and the network goes down. Therefore, the most effective way to prevent data loss of the network and keep it working is to regularly backup device configurations.

• A backup of the device configuration should be stored on an FTP or TFTP server so that if the device hardware fails, data can be restored from the server.
• Transport of backups from the organization’s location to the legitimate location should be daily, weekly, or monthly as per the security policy.
• The backup of data should be protected by using a strong password to prevent unauthorized access.

Another common and most effective way to secure a network is to regularly update devices to fix bugs that are already known.

• When a new malware or virus is released, the organization needs to update all tools, to resolve bugs and protect against network attacks.

Authentication, Authorization, and Accounting

AAA (Authentication, Authorization, and Accounting) is used to establish access control on network devices.

• Authentication: When the user tries to access the network, the authentication mechanism is first performed to check whether the user is authenticated to access a network or is unauthenticated.
• Authorization: A mechanism to check whether the user is authorized to use the services of the network.
• Accounting: Once authentication and authorization are done, the accounting method keeps an account of users’ actions as to what they were doing on the network.

To achieve authentication, authorization, and accounting, AAA servers are used on the network. AAA servers have a database that contains a list of authorized users, and authentication is performed when users try to access the network.

Security of End Device

End devices are connected to a network for communication. They are online on the network, along with the end device, attackers are also present on the network. Attackers may try to gain access to control of an individual network with bad intentions.

• Personal computers, mobile phones, tablets, laptops, servers, etc. are the end devices and all act as a network client.
• An important part is to secure all the end devices connected to the network. All of them should be secured with defined company policies.
• When security is configured on all end devices, employees using those end devices to interact with the network should also be aware of the security policy rules.
• The network administrator installs antivirus software on all devices and also connects them to firewalls to limit access to the Internet.