Network Security

1 of 11
 Key terms
Malware: malicious software
Spyware: malicious software
that records what a user is
doing on a computer system

2 of 11
 Malware

Malware: Any software that is designed to cause damage. In

relation to networks, The main problems are viruses and
spyware.

3 of 11
Computer viruses

A virus is a computer program which copies itself on a

machine (without the user’s knowledge) and spreads to
other machines.
At the very least, viruses take up
memory, but most viruses will also
damage the computers they infect.

Many viruses are spread via e-mail

but some viruses can also be easily
transferred between computers in
networks, so security is essential.

Creating viruses is illegal under the Computer Misuse Act,

but individuals still make them for a variety of reasons.

4 of 11
 Different types of viruses

 Parasitic viruses attach themselves to files on a computer system and are

triggered by certain events such as date and time.

 Macro virus: It will attach themselves to macros that are part of the macro
enabled document.

 Email viruses: It arrive as attachment to email and are triggered by the user
opening the attachment.

5 of 11
 Computer worms
Computer worms
Computer worms are self-replicating programs which are
specifically designed to target networks. It uses the network
to send copies of itself to other devices on the network, and as
it is not a virus, it does not need to attach itself to a program.
Worms and viruses can
cause millions of pounds
worth of damage, mainly due to
the time and labour it takes to
remove them but also because
files on infected computers may
be lost or damaged.

6 of 11
 Trojan horses

Trojan horses: Trojan horses are malicious

program that disguise themselves as normal
software, but if they are run they will actually cause
damage. It is found on website when a user tries to
download some illegal music or films and they end
up downloading a Trojan instead.

7 of 11
 Hacking

Unauthorized access/hacking: Unauthorized access takes

place when a person or device gains access to a computer
network without permission. Hackers can guess username
and password to gain access to a network when user set up
weak passwords
Hackers can read data
Hackers can change data
Hackers destroy data

8 of 11
 Spyware

Spyware is software that secretly collects information

without the user being aware. Spyware can log user
activity including identifying credit card information or
username and passwords. Spyware can collect data
and then transmit it to another server so that the
hacker can access that information.

Key logger
If a key logger is used, then every keystroke made
by a user is recorded and this could include
confidential data

9 of 11
 Denial service attack:

 A denial service (DOS) attack is designed to send more request to a

server than it can deal with. These are easy to launch difficult to track.

 They are carried out to cause disruption to an organizations network

or website.

 Website attacks are measured in requests per second(RPS).

 Network attacks are measured in gigabits per second(Gbps)

 DoS attacks are not designed to gain access to data, but purely to
cause disruption. Distributed denial of service attacks use multiple
connections

10 of 11
Malware system[anti-virus and anti-spyware]

Anti-virus software as it deals with other threats, such

as adware and spyware, as well as viruses. together,
these threats are known as malware.

Anti-malware software has two main functions.

1.anti-virus monitor that is continually monitoring the
system for malware. If the anti-virus monitor detects any
usual behavior or tell-tale signs of malware, then it will
prevent that malware from being executed so that it cannot
cause damage to the files or programs.

2. is to check for malware that may already be on a

system. If any malware is found, then the user will
usually be given the option to disinfect the malware, put
it into quarantine or ignore it.

11 of 11
Ignoring it is very dangerous because It means
the malware will be excited and may have
unexpected results.
disinfecting the malware is the safest option
as it completely removes the malware from the
system, but it does mean that data or program
that included the malware will be deleted. The
compromise is to put the malware into
quarantine. This is a safe area where the
malware cannot be executed, but the data or
program remains isolated until it can be
checked thoroughly.

12 of 11
 Physical security

Physical security methods are about protecting the

computer equipment. This can include standard methods that
are used to secure other equipment and buildings or
specialist physical devices that are designed to protect
computer equipment.

Security guards can be used to verify every person who

enters a building or specific rooms to ensure that they
are authorized to gain entry. Physical locks can be used
on server room doors to prevent unauthorized access to
those rooms. These can be key locks, swipe card locks or
numerical code locks. This type of security should also be
applied to backup tapes, which should be stored in a safe
that is kept off site.

13 of 11
Main servers should also be protected against
electrical surges. This can be done using
extension leads that offer surge protection, but
most servers will be protected by un interrupting
power supply [UPS] units which are basically
battery packs that will provide power in the
event of a power cut, but will also ensure that
the power supply is uniform

Server rooms should be located in areas that are

protected from fires and floods. This should
include additional fire protection, such as
server room with fire proof doors, carbon dioxide
fire extinguisher and putting backup tapes in
fire pool safes. Server rooms should not be
located on the ground floor, which can be
susceptible to floods, and they should be away
from any water pipes that could potentially burst
14 of 11
 Data protection act principles
a data protection act can be used to protect people about
whom data is stored. They are known as data subjects, it
is not in place to protect general information.

In the united kingdom, the data protection act of 1998

includes the following principles which state that info
about data subjects must be:
Used fairly and lawfully
Used for limited, specifically stated purposes
Used in a way that is adequate, relevant and not
excessive
Accurate
Kept for no longer than is absolutely necessary
Handled according to people data protection rights
Kept safe and secure
Not transferred outside the European economic area
without adequate protection

15 of 11
 The need for a data protection act

data protection law is required in order to protect

data subjects and information that is held about
them. People have a right to know what information is
being stored and that it is stored accurately.

To process data fairly, subjects must be informed if

the information is collected about them and they must
give their permission for this to be done. It is also
expected that subjects should be made aware of the
purpose for which information stored about them is
used.
Organizations that use this data [data users] must
ensure that they only use the data for the purpose
and that they inform the relevant governing body of
why that data is being stored

16 of 11
data subjects expect that enough information will be stored about
them by data users in order to carry out necessary data
processing. For example, if salary payments are being made to
employees, then the employees would expect their employer to keep
records of any tax that has been deducted and any tax allowances
that should be applied. Data subjects also expect that only
necessary and relevant data will be stored about them, as they
have a right to privacy. Fro example: person applying for a
travel pass for public transport would not expect the transport
authority to be strong , information about their mental health

Data subjects have the right to expect that their data will be
accurate and up to date. It is the data users responsibility to
ensure that data is entered accurately in the first place, but
the data subject must also have a right to request that any
inaccurate data is corrected. The data subject must also take
responsibility for informing data users of any changes to
personal information, such as change of address, of which data
users should be made aware. Data users can make use validation
and verification techniques to reduce errors during data entry.

17 of 11
Data users should only store data for as long
as it is necessary. This means that they
should remove data when it is not needed any
more. Data subjects have a right to expect
that their data will be kept secure. It is
therefore the responsibility of data users to
put security measures in place, as described
earlier in the chapter. If data is lost,
damaged or accessed unlawfully, then the data
user could be prosecuted for not providing
adequate security.

18 of 11
19 of 11
20 of 11