Network Security Fundamentals: Threats, Attacks, and Defense Mechanisms, Study notes of Information and Communications Technology (ICT)

An overview of network security, covering common vulnerabilities, attacks, and defense mechanisms. It discusses cryptographic protection mechanisms, computer security, and network security measures. Key topics include information security, cybersecurity, physical security, and risk management. The document also addresses various types of threats and attacks, such as malware, phishing, and denial-of-service attacks, along with strategies for prevention and mitigation. It emphasizes the importance of understanding network security to protect data and ensure reliable access in the face of evolving cyber threats. This resource is valuable for students and professionals seeking to understand the fundamentals of network security and its critical role in safeguarding digital assets. The document also highlights the importance of security awareness training for users and the implementation of security measures like firewalls and intrusion detection systems.

Typology: Study notes

2023/2024

Available from 10/11/2025

bryan-kamara
bryan-kamara 🇺🇸

14 documents

1 / 32

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CIT 4311: Network Security and Monitoring
CIT 4311: Network Security and Monitoring Contact Hours: 45 hours
Prerequisites: CIT 4308 Switching Basics and Intermediate Routing
Purpose: The course provides a thorough understanding of the design, planning, implementation,
operation, and troubleshooting of Network Security devices.
Expected Learning Outcomes
At the end of this course the student should be able to:
i. Explain common network vulnerabilities and attacks, defense mechanisms against
network attacks, and cryptographic protection mechanisms.
ii. Outline the requirements and mechanisms for identification and authentication. iii.
Identify the possible threats to each mechanism and ways to protect against these threats.
iv. Understand the approach and goals of monitoring and define a methodology for
analysis.
v. Detect when systems, networks, and applications are at an increased likelihood for
compromise.
Course Content
Network Security: Security Threats and Vulnerabilities, Secure Network Design, Device
Configurations and Management, Security Monitoring and Maintenance, Attack Detection and
Response. Firewall Security. Router Security: Base Security Configuration, Standard and
Extended ACL Traffic Filtering, TCP Intercept Configuration, Router Security Monitoring,
NetFlow Traffic Monitoring. LAN Switch Security: Switch Port Security, Port-Based Traffic
Control, VLAN Security, ARP and Spoofing Protection, 802.1X Authentication, STP Security,
Switch Port Mirroring. Network Monitoring and Intrusion Detection: Simple Network
Management Protocol (SNMP), Network Mapping, Log Monitoring, Packet Sniffing, Intrusion
Detection and Prevention. Automation and Continuous Security Monitoring: Industry Best
Practices, Vulnerability Scanning, Monitoring Patching, Applications and Service Logs,
Monitoring Change to Devices and Appliances, Configuring Centralized Windows Event Log
Collection, Monitoring Critical Windows Events, Scripting and Automation. Network Risk and
Vulnerability Management.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20

Partial preview of the text

Download Network Security Fundamentals: Threats, Attacks, and Defense Mechanisms and more Study notes Information and Communications Technology (ICT) in PDF only on Docsity!

CIT 4311: Network Security and Monitoring Contact Hours: 45 hours Prerequisites : CIT 4308 Switching Basics and Intermediate Routing Purpose: The course provides a thorough understanding of the design, planning, implementation, operation, and troubleshooting of Network Security devices. Expected Learning Outcomes At the end of this course the student should be able to: i. Explain common network vulnerabilities and attacks, defense mechanisms against network attacks, and cryptographic protection mechanisms. ii. Outline the requirements and mechanisms for identification and authentication. iii. Identify the possible threats to each mechanism and ways to protect against these threats. iv. Understand the approach and goals of monitoring and define a methodology for analysis. v. Detect when systems, networks, and applications are at an increased likelihood for compromise. Course Content Network Security: Security Threats and Vulnerabilities, Secure Network Design, Device Configurations and Management, Security Monitoring and Maintenance, Attack Detection and Response. Firewall Security. Router Security: Base Security Configuration, Standard and Extended ACL Traffic Filtering, TCP Intercept Configuration, Router Security Monitoring, NetFlow Traffic Monitoring. LAN Switch Security: Switch Port Security, Port-Based Traffic Control, VLAN Security, ARP and Spoofing Protection, 802.1X Authentication, STP Security, Switch Port Mirroring. Network Monitoring and Intrusion Detection: Simple Network Management Protocol (SNMP), Network Mapping, Log Monitoring, Packet Sniffing, Intrusion Detection and Prevention. Automation and Continuous Security Monitoring: Industry Best Practices, Vulnerability Scanning, Monitoring Patching, Applications and Service Logs, Monitoring Change to Devices and Appliances, Configuring Centralized Windows Event Log Collection, Monitoring Critical Windows Events, Scripting and Automation. Network Risk and Vulnerability Management.

Instructional Materials /Equipment A computer laboratory, object oriented programming language like Java, enterprise solution frameworks like J2EE, .NET; lecture notes, illustration charts, journals, overhead presentation equipment. Core Journals i. Network Security. ISSN: 1353-4858. ii. International Journal of Computer Science and Network Security. ISSN: 1738-7906. iii. Journal of Computer Virology and Hacking Techniques. ISSN: 2263-8733. Recommended Text Books i. Stallings, W. (2016). Cryptography and Network Security: Principles and Practice (7th ed.). Boston, MA: Pearson Education. ISBN: 0134444280. ii. Whitman, M. E., Mattord, H. J., Mackey, D., & Green, A. (2013). Guide to Network Security. Boston, MA: Cengage Learning. ISBN: 1133279074. iii. Sanders, C., Randall, L., & Smith, J. (2013). Applied Network Security Monitoring: Collection, Detection, and Analysis (1st ed.). Waltham, MA: Elsevier Science Ltd. ISBN:

Recommended Journals i. International Journal of Network Security. ISSN: 1816-353X. ii. International Journal of Communication Networks and Information Security. ISSN:

iii. Security and Privacy. ISSN: 2475-6725.

a) Data confidentiality : Assures that private or confidential information is not made available or disclosed to unauthorized individuals. b) Privacy: Assures that individuals control what information related to them may be collected and stored by whom and to whom that information may be disclosed.

  1. Integrity: This term covers two related concepts: a) Data integrity: Assures that information and programs are changed only in a specified and authorized manner. b) System integrity : Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
  2. Availability: Assures that systems work promptly and service is not denied to authorize users. In this modern era, organizations greatly rely on computer networks to share information throughout the organization in an efficient and productive manner. Organizational computer networks are now becoming large and ubiquitous. Assuming that each staff member has a dedicated workstation, a large-scale company would have few thousand workstations and many servers on the network. It is likely that these workstations may not be centrally managed, nor would they have perimeter protection. They may have a variety of operating systems, hardware, software, and protocols, with different level of cyber awareness among users. Now imagine, these thousands of workstations on company network are directly connected to the Internet. This sort of unsecured network becomes a target for an attack which holds valuable information and displays vulnerabilities. The meaning of computer security The meaning of the term computer security has evolved in recent years. Before the problem of data security became widely publicized in the media, most people’s idea of computer security focused on the physical machine. Traditionally, computer facilities have been physically protected for three reasons:
  • To prevent theft of or damage to the hardware
  • To prevent theft of or damage to the information
  • To prevent disruption of service

Computer security is security applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet. The field covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and are of growing importance in line with the increasing reliance on computer systems of most societies worldwide. It includes physical security to prevent theft of equipment, and information security to protect the data on that equipment. It is sometimes referred to as "cyber security" or "IT security", though these terms generally do not refer to physical security (locks and such). IS SECURITY? In general, security is defined as “the quality or state of being secure—to be free from danger.”

  • Safeguarding the computer & the related equipment’s from the risk of damage or fraud.
  • Protection of data & information against accidental or deliberate threats which might cause unauthorized modification, disclosure, or destruction. A computer system can only be claimed to be secure if precautions are taken to safeguard it against damage or threats such as accidents, errors & omissions. Information Security is the practice of protecting digital and physical information from unauthorized access, use, disclosure, disruption, modification, or destruction. It encompasses a range of measures and strategies designed to safeguard data from various threats, ensuring its confidentiality, integrity, and availability. As technology continues to advance, information security has become an increasingly critical field. Information security includes the broad areas of information security management, computer and data security, and network security. The security measures to be undertaken by the organization should be able to protect: i) Computer hardware against damage. ii) Data, information & programs against accidental alteration or deletion. iii) Data & information against hazards. iv) The computer against unauthorized use.

The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that information is protected, and is thus reasoning about information security. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, etc. Overview of Information Security

Information security involves protecting sensitive data, systems, and networks from potential threats and vulnerabilities. These threats can compromise data and systems, leading to significant damage or loss. The need for information security arises due to the growing volume of data, the increasing reliance on digital platforms, and the constant emergence of new cyber threats. Key components of information security include:

  • Confidentiality : Ensuring that data is only accessible to authorized individuals.
  • Integrity : Ensuring that data remains accurate and unaltered.
  • Availability : Ensuring that data and services are available when needed. Importance of Information Security Protecting Sensitive Information : Personal, financial, and business data must be protected from unauthorized access to prevent misuse. Ensuring Trust : Strong information security practices help build trust between users, businesses, and service providers. Minimizing Risks : Information security practices help reduce the risks associated with cyberattacks, data breaches, and other malicious activities. Regulatory Compliance : Many industries are subject to regulations that require data protection and privacy measures, such as GDPR for businesses operating in the European Union or HIPAA for healthcare in the United States. Information security can be categorized into several types, each focusing on different aspects of data protection and system security. The main categories are as follows:

Information security ensures the confidentiality, integrity, and availability of data both in transit and at rest. It involves safeguarding sensitive information from unauthorized access and alteration. Key aspects of information security include:

  • Encryption : Transforming data into unreadable format to prevent unauthorized access.
  • Access Controls : Implementing policies that restrict access to sensitive data based on user roles and permissions.
  • Data Backup : Regularly backing up important data to prevent data loss in case of a cyberattack or system failure. d) Cybersecurity Cybersecurity is the protection of digital systems, networks, and data from cyberattacks. It specifically focuses on defending against attacks that originate from the internet or other external sources. Key aspects of cybersecurity include:
  • Securing online transactions and communication through encryption and secure protocols.
  • Protecting websites and web applications from vulnerabilities (e.g., cross-site scripting, SQL injection).
  • Implementing antivirus software to protect against malware. Security is often achieved by means of several strategies usually undertaken simultaneously or used in combination with one another. Specialized areas of security include: Physical security , which encompasses strategies to protect people, physical assets, and the workplace from various threats including fire, unauthorized access, or natural disasters Personal security , which overlaps with physical security in the protection of the people within the organization Operations security , which focuses on securing the organization’s ability to carry out its operational activities without interruption or compromise Communications security , which encompasses the protection of an organization’s communications media, technology, and content, and its ability to use these tools to achieve the organization’s objectives

Network security , which addresses the protection of an organization’s data networking devices, connections, and contents, and the ability to use that network to accomplish the organization’s data communication functions. Some important terms used in computer security are:Attack In the context of computer/network security, an attack is an attempt to access resources on a computer or a network without authorization, or to bypass security measures that are in place. ■ Audit To track security-related events, such as logging onto the system or network, accessing objects, or exercising user/group rights or privileges. ■ Availability of data Reliable and timely access to data. ■ Breach Successfully defeating security measures to gain access to data or resources without authorization, or to make data or resources available to unauthorized persons, or to delete or alter computer files. ■ Brute force attack Attempt to “crack” passwords by sequentially trying all possible combinations of characters until the right combination works to allow access. syngress.comBuffer A holding area for data. ■ Buffer overflow A way to crash a system by putting more data into a buffer than the buffer is able to hold. ■ CIA triad Confidentiality, Integrity, and Availability of data. Ensuring the confidentiality, integrity, and availability of data and services are primary security objectives that are often related to each other. See also availability of data , confidentiality of data , and integrity of data. ■ Confidentiality of data Ensuring that the contents of messages will be kept secret. ■ Countermeasures Steps taken to prevent or respond to an attack or malicious code. ■ Cracker A hacker who specializes in “cracking” or discovering system passwords to gain access to computer systems without authorization. ■ Crash Sudden failure of a computer system, rendering it unusable. ■ Defense-in-depth the practice of implementing multiple layers of security. Effective defense-in- depth strategies do not limit themselves to focusing on technology, but also focus on operations and people. For example, a firewall can protect against unauthorized intrusion, but training and the implementation of well-considered security policies help to ensure that the firewall is properly configured.

TCSEC Trusted Computer System Evaluation Criteria. A means of evaluating the level of security of a system. ■ Technical vulnerability A flaw or bug in the hardware or software components of a system that leaves it vulnerable to security breach. ■ Threat A potential danger to data or systems. A threat agent can be a virus; a hacker; a natural phenomenon, such as a tornado; a disgruntled employee; a competitor, and other menaces. ■ Trojan horse A computer program that appears to perform a desirable function but contains hidden code that is intended to allow unauthorized collection, modification or destruction of data. ■ Virus A program that is introduced onto a system or network for the purpose of performing an unauthorized action (which can vary from popping up a harmless message to destroying all data on the hard disk). ■ Worm A program that replicates itself, spreading from one machine to another across a network. Vulnerability Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems. Backdoors A backdoor in a computer system, is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. It may also fake information about disk and memory usage.

Denial-of-service attack Unlike other exploits, denials of service attacks are not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. These types of attack are, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only the behavior of small pieces of code. Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers", used as part of a botnet with, for example; a worm, Trojan horse, or backdoor exploit to control them) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. Direct-access attacks An unauthorized user gaining physical access to a computer (or part thereof) can perform many functions, install different types of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as key drives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the hard drive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system. Direct-access attacks are the only type of threat to Standalone computers (never connect to internet), in most cases. Eavesdropping Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Spoofing Spoofing of user identity describes a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

  1. Enhances Security – Detects unusual traffic patterns and unauthorized access, helping prevent cyberattacks.
  2. Optimizes Performance – Ensures efficient use of bandwidth and resources, reducing network congestion.
  3. Aids in Troubleshooting – Quickly identifies the root cause of network problems, reducing downtime and support costs.
  4. Improves Compliance – Helps businesses meet industry regulations by monitoring and logging network activities.
  5. Cost Savings – Prevents costly outages and inefficiencies by proactively addressing network issues. Challenges of Network Monitoring
  6. Scalability Issues – As networks grow in size and complexity, monitoring tools must handle increased traffic, more devices, and distributed environments.
  7. Real-Time Data Processing – Networks generate vast amounts of data, making it challenging to analyze and respond to issues instantly.
  8. Security Threats – Advanced cyber threats like DDoS attacks, ransomware, and insider threats can be difficult to detect without sophisticated monitoring tools.
  9. False Positives & Alert Fatigue – Too many alerts, including false positives, can overwhelm IT teams and lead to ignored critical alerts.
  10. Encrypted Traffic Monitoring – As encryption becomes widespread, it can be harder to inspect data packets for security threats.
  11. Multi-Vendor Environments – Organizations using devices and software from different vendors may face compatibility issues in monitoring tools.
  12. Cloud & Hybrid Network Complexity – Monitoring cloud, on-premises, and hybrid networks requires specialized tools that can provide visibility across different environments.
  13. Resource & Cost Constraints – High-end network monitoring solutions can be expensive, and small businesses may struggle with the cost of implementation and maintenance.
  1. Compliance & Privacy Issues – Monitoring tools must balance network visibility with regulatory requirements such as GDPR and HIPAA to avoid legal issues.
  2. User Behavior & Shadow IT – Employees using unauthorized applications and devices (Shadow IT) can create security risks that are difficult to track. Benefits of Network Monitoring
  3. Improved Network Performance – Helps identify bottlenecks and optimize bandwidth usage to ensure smooth operations.
  4. Reduced Downtime – Proactively detects and resolves issues before they cause outages, ensuring business continuity.
  5. Enhanced Security – Identifies suspicious activities, unauthorized access, and potential cyber threats to protect the network.
  6. Faster Troubleshooting – Provides real-time insights into network health, making it easier to diagnose and fix problems.
  7. Cost Savings – Prevents expensive downtime and optimizes resource allocation, reducing IT expenses.
  8. Better Compliance Management – Helps organizations meet regulatory requirements by maintaining logs and ensuring data integrity.
  9. Increased Productivity – Ensures employees and applications have consistent network access, preventing workflow disruptions.
  10. Scalability & Growth Support – Allows businesses to scale their networks efficiently by monitoring infrastructure needs.
  11. Greater Visibility & Control – Offers a centralized view of all network components, enabling better management of IT assets.
  12. Early Detection of Hardware Failures – Monitors device health and predicts failures before they impact operations. Benefits of Network Security Network Security has several benefits, some of which are mentioned below:
  1. Authentication: identifying an individual or computer to ensure that the party attempting to access a given area is a member of the appropriate group or is listed on an access list.
  2. Non-repudiation: ensuring that people cannot deny their electronic actions.
  3. Integrity: verifying that information received is the information that was put there by the originator.
  4. Access control : verifying that the resources are under the exclusive control of the authorized parties and ensuring that the person attempting to access has the authority to do so.
  5. Availability: ensuring that data and server resources are up and running when needed by knowing that downtime was not caused by a security-related incident. Security Principles
  • The CIA Triad (Confidentiality, Integrity, and Availability) forms the foundation of information security principles. These principles ensure that information is secure and reliable for authorized users. However, other important security principles are also crucial in maintaining the security and trustworthiness of systems and data. a) Confidentiality - Confidentiality ensures that sensitive information is only accessible to authorized individuals or systems. This principle aims to prevent unauthorized users from accessing or disclosing information. Techniques to ensure confidentiality include: Encryption of

data during storage and transmission. Multi-factor authentication (MFA) to verify users. Rolebased access controls to ensure that only authorized personnel can access certain data. b) Integrity Integrity refers to the accuracy and consistency of data throughout its lifecycle. It ensures that data is not tampered with or altered by unauthorized individuals or processes. Integrity is often maintained by:

  • Using hash functions to verify the integrity of data.
  • Implementing version control systems to track changes to documents or code.
  • Using digital signatures to verify the source of the data. c) Availability Availability ensures that information and systems are accessible and functional when needed. This principle is essential for maintaining business continuity and preventing downtime. Measures to ensure availability include:
  • Redundant systems and data backups to minimize downtime in case of failure.
  • Distributed denial-of-service (DDoS) protection to mitigate attacks that aim to overwhelm systems.
  • Regular maintenance and updates to prevent vulnerabilities. d) Non-repudiation Non-repudiation ensures that the sender of a message cannot deny having sent the message, and the recipient cannot deny having received it. This principle is vital in digital communication and transactions. It can be achieved through:
  • Digital signatures that provide evidence of the sender's identity.
  • Transaction logs that document the details of communication or actions. e) Authentication Authentication verifies the identity of users or systems attempting to access resources. Common methods include:
  • Username and password.
  • Biometric verification (e.g., fingerprints, face recognition).