Open in app

Sign in

Write

Sign in

Understanding Network Security

Anjaneya Tripathi
7 min readJul 6, 2020
Source

Why do we need Network Security?

Network security is the practice of preventing and protecting against unauthorized access to a network. This security measure takes into consideration the manner in which devices (nodes) in a network interact with one another. Network security goes hand in hand with endpoint security, wherein individual devices are the prime focus. It ensures that the network is free from unauthorized access to modify, misuse, destroy and/or malfunction the infrastructure and data. As a result, a suitable network security provides a safe environment and a secure infrastructure for users, devices, programs and data to run.

The 3 Phases of Network Security

  1. Protection: configuring all the devices in the network to run correctly, stay up to date etc.
  2. Detection: identifying a change in the configuration or traffic in the network
  3. Reaction: after identification, returning to the same configurations as soon as possible

Threats to Network Security

There are various sources that are a potential threat to any network. Some of them are listed below:

  1. Malware: usually enters the system through an attachment or download and exploits the vulnerabilities of the OS, making changes that aren’t supposed to happen and corrupting files and processes.
  2. Phishing: it is type of attack in which the user clicks on a link that redirects him to a dummy site, this site looks legitimate and steals valuable information from the user.
  3. Man-in-the-Middle Attack: occurs in a network that doesn’t have encryption. A person gains access to the data being transferred between user and the ISP. Thus, a person enters between two endpoints, and hence the name, man-in-the-middle.
  4. Denial of Service (DoS) Attack: In this attack, a user uses multiple systems to send requests to the system resulting in large traffic in the network. Usually large companies are targeted for such attacks.
  5. Drive-by Downloads: a drive-by download occurs when a user clicks on a link which then exploits the browser or security flaws in the operating system.

Let us discuss some of the threats in detail.

Malware

Malware, short for “malicious software”, is a software designed to invade a system and cause damage to the user without permission. Once it’s in the network, it can damage, destroy or modify data or the network infrastructure as a whole.

Source

A few types of malware are discussed below:

  1. Virus: The primary aim of a virus is to corrupt data, reformat the hard disk or even shut a system down. As a result, there is loss of information, theft of data, damage to the network structure, and unnecessary pop-ups (such as advertisements). So how does this virus spread? Well, it attaches to any program or executable file when the infected file is run. When there is any human interaction, transferring of files etc., the virus begins to spread in the network. Unless the infected files are removed, the virus will remain in the network.
  2. Worm: This is probably one of the most common types of malware out in the open. It uses operating system vulnerabilities and attacks them at those locations. It’s a program that runs on its own that replicates itself onto other computers without any user assistance. Because of their fast execution and spread, worms often carry a code with them that causes deletion of files and corrupts the system.
  3. Trojan Horse: As the name suggests, this malware usually enters as what appears to be a harmless file. Once the file is downloaded in the system, the cybercriminal has access to your system too! He can now install anything he wants, malware, software etc., modify files in the system steal information such as financial data, passwords, web addresses etc. A Trojan malware by default cannot spread, but if combined with a worm, its potential to cause havoc is mindboggling.
  4. Spyware: This happens when a malware is downloaded on the system without the users notice. This then keeps track of your browsing history, logins, keystrokes, financial data etc.
  5. Ransomware: this attack deals with the malware holding your data and not letting you access it. Only once a payment is made, the information is released by the software for the user to use.
Source

Man-in-the-middle Attack:

As discussed earlier, violators position themselves between a user and an application. The person either eavesdrops on the communication between the two parties or impersonates either of them, making it look like everything is normal. So, what is the purpose of such an attack? Well, it is to steal what may be valuable information such as bank account details, login credentials and what not.

There are two phases to this attack: Interception and Decryption

  1. Interception: in the first step, the attacker intercepts the network between the user and the application. So how is this done? One of the most common methods is to create free malicious Wi-Fi hotspots that aren’t password protected. The moment the victim joins the hotspot, he gains complete control to the online data that is being exchanged. HTTPS Spoofing is a way in which interception takes place. It sends a fake IP header to the user and mimics the application the user is supposed to interact with, thus, whenever the user accesses the URL of the application, he is unknowingly redirected to the attacker’s site.
  2. Decryption: post interception, the traffic has to be decrypted without the user’s knowledge. This is done by sending a fake certificate to the user to gain the trust of the browser. Once approved, the perpetrator has all access to the data being sent to the application.

Denial of Service (DOS) Attack:

This attack shuts the network down rendering the services unavailable to the users. The target is bombarded with traffic that results in the network to crash, as a result, the intended purpose of the site never happens since the legitimate users can’t access the server. As you can see, this attack doesn’t necessarily result in data loss or theft of any sort, but causes inconveniences with regard to time. Common targets are online shopping sites, large companies and financial institutions.

Source

There are 2 general categories of DOS attacks, flooding attacks or attacks that crash the network. Flooding attacks slow the network down with too many requests. Eventually, it’ll not be able to handle any requests. Buffer overflow attacks, one of the most common types, sends more requests than the network can handle making it slow and sluggish. ICMP (internet control message protocol) flood, or ping of death, takes down the network by overwhelming it with echoing pings that amplify rapidly. SYN flood is a type of DOS attack where the handshake is never completed between the server, as a result, the port cannot be freed. All the ports are eventually filled and can no longer handle further requests.

Distributed denial of service or DDOS is another type of DOS attack. Here, multiple systems synchronize with each other and send coordinated requests to a single network. So, instead of being flooded by requests from one node, the network is attacked from multiple sources. What are the advantages of DDOS over DOS? Firstly, the attack can be more damaging since multiple systems are at play. Finding the attacker is hard since the requests are coming from multiple locations. Thus, it makes it difficult to shut the requests down and identify the perpetrator.

How can you make your network more secure?

By now you are probably spooked by the sheer number of ways in which a network could go down, but there’s hope. Following some of these methods may save your network!

  1. Antivirus Software: this tops the list because this software is designed to protect against the latest virus’ out there. They regularly scan for malicious files in your system and eradicate them before harm is done. Always ensure that you are running the latest antivirus software.
  2. Encryption: this is the process of converting the data into a secret code that isn’t readable by humans and has no potential value. The encryption keys, necessary to decrypt the text is only provided to trusted parties. Thus, in case the data is intercepted, unless the person can crack the encryption key, the data holds no value.
  3. Firewalls: a hardware device or software program that prevents uninvited people from entering the network. It blocks unauthorized users from gaining access to the server while still allowing legitimate ones to work unhindered.
  4. Multi-factor authentication: this has become very common in the recent days, Google, for example, uses it every time you log in by sending a number to your mobile too. Thus, the sign in process captures who you are as well as what you possess (the devices at hand).
  5. Network Segmentation: probably one of the smartest things to do, by breaking down your large network into a collection of smaller sub networks, you can isolate the attack to a region and prevent it from taking down the whole system in one go.
Source

Additionally, avoid using public hotspots that aren’t password protected, especially for financial transactions or work that involves passwords etc.

Conclusion

Network security is an indispensable part of any network and keeping it updated is of prime importance. Though no security measure is safe enough, taking appropriate precautions can thwart a majority of attacks! Do you have any other security measures in mind?

Hope you guys enjoyed this article! Check out these amazing sites (Comptia, ProSource, Imperva, PaloAltoNetwork) for further reading!

Network Security
Computer Science
Security
Technology

--

--

Anjaneya Tripathi

Written by Anjaneya Tripathi

160 Followers

Live. Learn. Laugh. CS Undergrad at NIT Trichy

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams