
























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An overview of network security, covering common vulnerabilities, attacks, and defense mechanisms. It discusses cryptographic protection mechanisms, computer security, and network security measures. Key topics include information security, cybersecurity, physical security, and risk management. The document also addresses various types of threats and attacks, such as malware, phishing, and denial-of-service attacks, along with strategies for prevention and mitigation. It emphasizes the importance of understanding network security to protect data and ensure reliable access in the face of evolving cyber threats. This resource is valuable for students and professionals seeking to understand the fundamentals of network security and its critical role in safeguarding digital assets. The document also highlights the importance of security awareness training for users and the implementation of security measures like firewalls and intrusion detection systems.
Typology: Study notes
1 / 32
This page cannot be seen from the preview
Don't miss anything!

























CIT 4311: Network Security and Monitoring Contact Hours: 45 hours Prerequisites : CIT 4308 Switching Basics and Intermediate Routing Purpose: The course provides a thorough understanding of the design, planning, implementation, operation, and troubleshooting of Network Security devices. Expected Learning Outcomes At the end of this course the student should be able to: i. Explain common network vulnerabilities and attacks, defense mechanisms against network attacks, and cryptographic protection mechanisms. ii. Outline the requirements and mechanisms for identification and authentication. iii. Identify the possible threats to each mechanism and ways to protect against these threats. iv. Understand the approach and goals of monitoring and define a methodology for analysis. v. Detect when systems, networks, and applications are at an increased likelihood for compromise. Course Content Network Security: Security Threats and Vulnerabilities, Secure Network Design, Device Configurations and Management, Security Monitoring and Maintenance, Attack Detection and Response. Firewall Security. Router Security: Base Security Configuration, Standard and Extended ACL Traffic Filtering, TCP Intercept Configuration, Router Security Monitoring, NetFlow Traffic Monitoring. LAN Switch Security: Switch Port Security, Port-Based Traffic Control, VLAN Security, ARP and Spoofing Protection, 802.1X Authentication, STP Security, Switch Port Mirroring. Network Monitoring and Intrusion Detection: Simple Network Management Protocol (SNMP), Network Mapping, Log Monitoring, Packet Sniffing, Intrusion Detection and Prevention. Automation and Continuous Security Monitoring: Industry Best Practices, Vulnerability Scanning, Monitoring Patching, Applications and Service Logs, Monitoring Change to Devices and Appliances, Configuring Centralized Windows Event Log Collection, Monitoring Critical Windows Events, Scripting and Automation. Network Risk and Vulnerability Management.
Instructional Materials /Equipment A computer laboratory, object oriented programming language like Java, enterprise solution frameworks like J2EE, .NET; lecture notes, illustration charts, journals, overhead presentation equipment. Core Journals i. Network Security. ISSN: 1353-4858. ii. International Journal of Computer Science and Network Security. ISSN: 1738-7906. iii. Journal of Computer Virology and Hacking Techniques. ISSN: 2263-8733. Recommended Text Books i. Stallings, W. (2016). Cryptography and Network Security: Principles and Practice (7th ed.). Boston, MA: Pearson Education. ISBN: 0134444280. ii. Whitman, M. E., Mattord, H. J., Mackey, D., & Green, A. (2013). Guide to Network Security. Boston, MA: Cengage Learning. ISBN: 1133279074. iii. Sanders, C., Randall, L., & Smith, J. (2013). Applied Network Security Monitoring: Collection, Detection, and Analysis (1st ed.). Waltham, MA: Elsevier Science Ltd. ISBN:
Recommended Journals i. International Journal of Network Security. ISSN: 1816-353X. ii. International Journal of Communication Networks and Information Security. ISSN:
iii. Security and Privacy. ISSN: 2475-6725.
a) Data confidentiality : Assures that private or confidential information is not made available or disclosed to unauthorized individuals. b) Privacy: Assures that individuals control what information related to them may be collected and stored by whom and to whom that information may be disclosed.
Computer security is security applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet. The field covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and are of growing importance in line with the increasing reliance on computer systems of most societies worldwide. It includes physical security to prevent theft of equipment, and information security to protect the data on that equipment. It is sometimes referred to as "cyber security" or "IT security", though these terms generally do not refer to physical security (locks and such). IS SECURITY? In general, security is defined as “the quality or state of being secure—to be free from danger.”
The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that information is protected, and is thus reasoning about information security. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, etc. Overview of Information Security
Information security involves protecting sensitive data, systems, and networks from potential threats and vulnerabilities. These threats can compromise data and systems, leading to significant damage or loss. The need for information security arises due to the growing volume of data, the increasing reliance on digital platforms, and the constant emergence of new cyber threats. Key components of information security include:
Information security ensures the confidentiality, integrity, and availability of data both in transit and at rest. It involves safeguarding sensitive information from unauthorized access and alteration. Key aspects of information security include:
Network security , which addresses the protection of an organization’s data networking devices, connections, and contents, and the ability to use that network to accomplish the organization’s data communication functions. Some important terms used in computer security are: ■ Attack In the context of computer/network security, an attack is an attempt to access resources on a computer or a network without authorization, or to bypass security measures that are in place. ■ Audit To track security-related events, such as logging onto the system or network, accessing objects, or exercising user/group rights or privileges. ■ Availability of data Reliable and timely access to data. ■ Breach Successfully defeating security measures to gain access to data or resources without authorization, or to make data or resources available to unauthorized persons, or to delete or alter computer files. ■ Brute force attack Attempt to “crack” passwords by sequentially trying all possible combinations of characters until the right combination works to allow access. syngress.com ■ Buffer A holding area for data. ■ Buffer overflow A way to crash a system by putting more data into a buffer than the buffer is able to hold. ■ CIA triad Confidentiality, Integrity, and Availability of data. Ensuring the confidentiality, integrity, and availability of data and services are primary security objectives that are often related to each other. See also availability of data , confidentiality of data , and integrity of data. ■ Confidentiality of data Ensuring that the contents of messages will be kept secret. ■ Countermeasures Steps taken to prevent or respond to an attack or malicious code. ■ Cracker A hacker who specializes in “cracking” or discovering system passwords to gain access to computer systems without authorization. ■ Crash Sudden failure of a computer system, rendering it unusable. ■ Defense-in-depth the practice of implementing multiple layers of security. Effective defense-in- depth strategies do not limit themselves to focusing on technology, but also focus on operations and people. For example, a firewall can protect against unauthorized intrusion, but training and the implementation of well-considered security policies help to ensure that the firewall is properly configured.
■ TCSEC Trusted Computer System Evaluation Criteria. A means of evaluating the level of security of a system. ■ Technical vulnerability A flaw or bug in the hardware or software components of a system that leaves it vulnerable to security breach. ■ Threat A potential danger to data or systems. A threat agent can be a virus; a hacker; a natural phenomenon, such as a tornado; a disgruntled employee; a competitor, and other menaces. ■ Trojan horse A computer program that appears to perform a desirable function but contains hidden code that is intended to allow unauthorized collection, modification or destruction of data. ■ Virus A program that is introduced onto a system or network for the purpose of performing an unauthorized action (which can vary from popping up a harmless message to destroying all data on the hard disk). ■ Worm A program that replicates itself, spreading from one machine to another across a network. Vulnerability Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems. Backdoors A backdoor in a computer system, is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. It may also fake information about disk and memory usage.
Denial-of-service attack Unlike other exploits, denials of service attacks are not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. These types of attack are, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only the behavior of small pieces of code. Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers", used as part of a botnet with, for example; a worm, Trojan horse, or backdoor exploit to control them) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. Direct-access attacks An unauthorized user gaining physical access to a computer (or part thereof) can perform many functions, install different types of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as key drives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the hard drive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system. Direct-access attacks are the only type of threat to Standalone computers (never connect to internet), in most cases. Eavesdropping Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Spoofing Spoofing of user identity describes a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
data during storage and transmission. Multi-factor authentication (MFA) to verify users. Rolebased access controls to ensure that only authorized personnel can access certain data. b) Integrity Integrity refers to the accuracy and consistency of data throughout its lifecycle. It ensures that data is not tampered with or altered by unauthorized individuals or processes. Integrity is often maintained by: