NETWORK SECURITY (LAN)

What is network Security?

It is a system of safe guards for protecting information being transmitted against un-authorized
access that can result in damage or loss.

Due to rapid growth of information technology (IT)and information communication technology

(ICT), networking and internet services, as well as numerous occurrence of international terrorism,
there is need to improve and protect computers, network users and network data.

Network or internet security is safeguarding the following:

i-Confidentiality/ interception
Confidentiality means that sensitive data or information belonging to an individual, organization or
government should not be accessed by or disclosed to unauthorized people. Such data include
employee’s details, classified military information, and business financial records. This data must
be kept private. Allow only authorized users access to data. Use encryption to guard against
interception.
ii-Integrity
Integrity means that data is not modified/changed without the owner’s authority. Data integrity is
violated when a person accidentally or with malicious intentions modifies very important files such
as payroll, customers bank account file, e.g. There must be a guarantee that data has not been
tampered with.
Encryption can guard against this.
iii-Authentication
It is prove of identity of the proper user. User must have a valid account and must be the authentic
user.
Use of passwords, encrypted digital certificate, digital signature and biorecognition (biometrics)
may be used to authenticate a user.
iv-Interruption
Is where all the data or part of the data is interrupted during transmission (transportation).hence
data is unavailable, is lost or is destroyed.
v-Non-repudiation
Once data has been sent, no user should deny he/she sent the data. No user should deny that they
received the data either.
Encrypted digital data signature can be used to enforce non-repudiation. Signature is appended to
the message and it proves that message could only have been created and sent by that sender.
vi-Anti replay
It stops users sending data pretending they are someone else.
e.g. user 1 sends data to user 2. a third person (user 3) pretends he is user 1 and attempts to gain
confidential data from user 2
Time stamping communication solves this
A time stamp is a sequence of characters, embedded to a message, denoting date and time at which
an event related to that message occurs. E.g. Sat,Jul23,10.45EAT,2015=event 1
vii-Availability
Availability of information is accessible to those authorized to view or modify it.
NATURE OF NETWORK ATTACKS
Attacks to a network can be either:
-Malicious
-Accidental.

Attacks may be either:

-Internal – made by organizations own employees due to grievances or to perpetrate fraud e.t.c.
-External – made by people from outside the organization
Internal attacks can be:
-Targeted / structured – premeditated and planned beforehand. E.g. employee plans and executes
an attack to modify client data or transaction data then steal or divert funds.
Such attack is specifically and deliberately planned.
-Opportunistic – made when / if a chance occurs. E.g. employee notices the salary file available on
the network, and then tries to guess the password to the salary database so as to access and read or
modify the salary values.
This attack is not pre-planned but done because an opportunity arises

SECURITY THREATS AND CONTROL MEASURES

Security threats to networks, private or confidential data include:
-unauthorized access. -malicious programs. -alteration. –sabotage. -network failure. -malicious
destruction of data, hardware, software, and network resources.
The goal of data security control measures is to provide security and ensure integrity and safety of
network hardware, software, and data..

Network failure
Some of the causes include:
Hardware failure due to improper use, unstable power supply, network breakdown,
natural disaster, and program failure
For critical systems, most companies have put in place fault tolerant systems. A fault tolerant
system has redundant or duplicate storage, peripherals devices and software that provide a fail-over
capability to back up components in the event of network system failure.

Threats From Malicious Programs

Malware
A Malware is a collective term to describe malicious software threats and social engineering,
designed to harm or compromise a network.

Social engineering is getting users to reveal confidential information by causing them to make a
mistake or by tricking them.
Ways social engineering is done:
i) Attacker phones a department and claims he has to adjust something on the user’s system. The
user consequently reveals the password
ii) Attacker observes someone entering a password or PIN number then note it down.
It is called ‘shoulder surfing’.
iii) Attacker intimidates target by pretending to be someone senior in rank. Attacker may also
coax the target by engaging them in a friendly chat
 iv) Attacker may comb through an organizations refuse to try and find useful documents, codes
e.t.c.
It is called ‘dumpster diving’.

Social engineering may be defeated by:

-training users to recognize situations and respond appropriately.
-ensure documents are destroyed (shred or pulp) before disposal.
-use multi-factor access control, not one method only. This puts more than one barrier between
attacker and system.

Malicious programs are those programs that affect the smooth running of a network system or
carry out illegal activities such as secretly collecting information from a user. Some of the common
types of malicious programs include;
a) Virus
b) Trojan Horse
c) spyware (adware)
It is a program that monitors internet activity and sends the information to someone else. For
example, capturing a credit card number by recording key strokes entered into web form. The
presence of spyware is often indicated by numerous pop-up windows.
d) Backdoor and Rootkit
A backdoor application is one that is installed without the knowledge of the user/owner of
the computer.
Backdoor is installed using Trojan horse.
Examples: netbus, subseven, hack a tack, prosaic.
Backdoor allows attacker to access computer, upload files, install software on it and download
files.
Backdoors conceal their presence in the computer by having names similar to genuine computer
processes. But they can eventually be detected.
A rootkit is a class of backdoor that is hard to detect. Rootkit changes core system files so as
scanning tools do not detect its presence. Rootkit can also clean system logs so as to conceal its
actions.
e) Foot printing
Is a process of gathering information about the organization, its computer network configuration
and security systems with an intention to breach the security.
Footprinting can be done in two ways:
-Port scanning – identify which port is open, therefore which applications are running on that port.
-Eavesdropping – (A.K.A. sniffing) is capturing and reading data packets as they travel over the
network. It is tapping into communication channels to get information.
Hackers mainly use eavesdropping to access private or confidential information from
internet users or from poorly secured networks. If data packets are not encrypted, an attacker can
get all the information.
f) Spoofing (A.K.A. masquerade)
Is where attacker imitates a resource the victim (user) thinks is genuine.
Spoofing can be done in two ways:
-Phishing
Is a technique for tricking a user to reveal confidential information by requesting it as an official
looking site. (Perhaps pretending to come from a bank or a service provider.)
 An attacker sets up a website to imitate a victim’s secure web site. Attacker then contacts
the clients of the victim (such as a bank) asking for confidential details. When details of clients are
provided, they are captured in the spoof site.
An attacker may also send an email. The email will normally contain a link to a fake online
site where the user is prompted to input confidential data such as online bank account numbers and
passwords.
-Pop up
Is where when a client visits a genuine banking web site, a pop up window appears, trying to trick
him to enter his personal details.

Physical threats
o Theft
One of the widespread computer related crimes, especially in developing countries, is
physical theft of the computer hardware and software. Now and again, we hear cases of the people
breaking into the offices and stealing computers, hard disks and other valuable computer
accessories. In most cases such theft may be done by untrustworthy employees of the firm (an
‘inside job’) or outsiders. The reason behind such an act may be commercial, destruction to
sensitive information or sabotage.

Control measures against theft in a network

-Employ security agents to keep watch
-Reinforce weak access points like the windows, doors and roofing with metallic grills and strong
padlocks
-Motivate workers so that they feel that they are part of belonging in order to make them proud
and trusted custodians of the company resources.
-Insure the hardware resources with reputable insurance firm.

o With a network, a computer /device can be accessed as above (locally), or remotely. Remote
(and local) access to server (host), other computers and other network devices like router should
be guarded closely.
Control measures against local and remote access
-place servers, workstations and network equipment at the central buildings of the organization.
-position them from high traffic areas and any area accessible easily by the general public.
-monitor and control entrance to the building containing the above, through, e.g. security guards.
-put all computers and equipment under strong security padlocks. Lock doors and the computers
themselves.
-periodically inspect computers and all computer equipment.
-disable unused ports to prevent connecting of rogue devices.
-control who accesses the place where computers are by use of smart cards containing data on
who should access the places and by use of bio-recognition (biometrics)
-employ surveillance ways such as alarm systems and log in and log out of the computers by
users.
o Fraud
With a dynamic growth of internet and mobile computing, more sophisticated cyber crimes like
fraud are on the rise. Fraud is stealing by false pretence. Fraudsters can be either employees in a
company, non-existing company that purports to offer internet services such as selling of vehicles
and many other goods on internet. Other forms of fraud may also involve computerized production
and use of counterfeit documents

o Sabotage
Sabotage refers to illegal destruction of data and information with the aim of disrupting service
delivery, or causing great loss to an organization. Sabotage is usually carried out by disgruntled
employees or by competitors with the intention of causing harm to an organization.

o Threats to Privacy and Confidentiality

Privacy means that data or information belonging to an individual should not be accessed by or
disclose to other people. It is an individual’s right to determine for themselves what should be
communicated to others.

Confidentiality on the other hand means that sensitive data or information belonging to an
organization or government should not be accessed by or disclose to unauthorized people. Private
and confidential data must be protected ageist unauthorized access or disclosure.

Computer network crimes

The following are some of the examples of computerized related crimes that compromise data
privacy or confidentiality.
- Surveillance (monitoring)
Surveillance refers to monitoring use of computer systems and networks using background
programs such as spy ware and cookies. The information gathered may be used for one reason or
the other. E.g. fraud and sabotage.
- Industrial Espionage
Industrial espionage involves spying on a competitor to get information that can be used to cripple
the competitor.
- Accidental access
A sometimes threat to data and information comes from peoples unknowingly giving out
information to strangers is or unauthorized persons.
- Alteration
Alteration is the illegal modification of private or confidential data and information with the aim of
misinforming users. Alteration is usually done by the people who wish to conceal truth or sabotage
certain operations. Alteration compromises the integrity of data and information making it
unreliable.
- Hacking and Cracking
- Eavesdropping

Control/Avoidance and Detection

1. Use antivirus

2. Identification of Access
There are 3 ways a computer system can verify that you have legitimate right of access:-
- What you have – cards, keys, signatures, badges
- What you know – pins, passwords and digital signatures
- Who you are – physical traits
 What you have – people keep a lock on their personal computer. A computer room may
also be guarded by security officers who need to see an authorized signature or badge with your
photograph, before letting you in.
What you know – a password is a special word, code or symbol that is required to access a
computer system. A new technology is digital signature which is a string of characters and No’s
that user signs to an electronic document being sent by his computer. The receiving computer
performs alphanumeric calculation to verify its validity.
Who you are – this involves physical traits. Biometrics tries to use physical traits in
security devices. Biometric is the science of measuring individual body characteristics e.g. finger
prints, voice, the blood vessels in the back of the eye ball and the lips.

3. Simulation
Computer simulation involves trying to predict what will happen in a real life situation from a
model of that situation e.g. an engineer when designing a bridge, would like to know the effect of
various loading conditions on the bridge without actually having to build the bridge yet.
Simulation of network attacks helps to pinpoint areas of threat to networks and possible remedies.

4. Zoning
A zone is an area of a network where security configuration is the same for all hosts within it.
Network traffic within zones is strictly controlled and monitored using a firewall.

5. Encryption
Is concealing information by coding it such that someone can view it but cannot understand it.
Encryption serves as a guarantee of both privacy and a means of authentication.

6. Internet content filters

Is software used on children to enforce parental control ,or used by companies to enforce
corporate control on workers, in terms of internet content that they view.

7. Intrusion detection systems

Is software tool for protecting against capturing of network traffic.

8. Have backup

9. Train employees on security

10. Construct a comprehensive security policy, distribute it and adhere to it

Denial of service attack

It causes a service to fail or be unavailable to the legitimate users of the internet.
Ways its done:
-overloading an internet host, server, or line
-physically cut communication lines

Protection of computer, user and software in a network

a) Measures that protect the network computer
i) Burglar proofing:
ii) Fire fighting and control equipments
iii) Stable power supply:
v) Dump and dust control
vi) Well insulated electrical and power sockets:
vii) Avoid foods and drinks:
vii) Discharge electrostatic discharges:

b) Measures that protect the network user

-All cable should be well insulated
-Cables should be laid away from the user paths to avoid tripping on them.
-Provide standard furniture.
-Provide antiglare screens (light filters) and adjustable screens to avoid eye strain and fatigue.
-The room should be well ventilated to avoid dizziness caused by lack of enough oxygen.
-Do not overcrowd the computer room. This may cause suffocation

c) Measures that protect network software

-Proper installation of network software
-Proper shutting down of computers
-Proper closing down of the network related application programs

Disaster Recovery Plans

Disaster recovery plans involve establishing offsite storage of the organization’s databases so that
in case of disaster or fire accidents, the company would have a back up copies to reconstruct the
original files lost.