1.4 – Network security

🎇1.4.2 Identifying and preventing vulnerabilities

This section covers:

Common prevention methods:
- Penetration testing
- Anti-malware software
- Firewalls
- User access levels
- Passwords
- Encryption
- Physical security

🏠 Click here to go back to the main page.

🔗1.4.1 Threats to computer systems and networks (Previous page)

The previous page looked at some of the techniques that can be used to attack a user or a network.

This page looks at ways that the network can be protected.

Common Prevention Methods

Penetration Testing

Penetration testing is a tool used to test that networks are secure. Tests are performed under a controlled environment by a qualified person, who deliberately tries to break into a system or simulate a genuine cyber attack. It checks for current vulnerabilities and explores potential ones in order to expose weaknesses in the system so they cannot be maliciously exploited.

The person carrying out the simulated attack may use software and hardware tools to help them in their duties. Hardware can be used to create large volumes of simulated traffic, and specialist software can be created to simulate viruses and other malware.

Anti-malware software

The most common form of anti-malware software is given the generic title of "anti-virus software", although in practice anti-virus packaged can be very powerful and will do much more than just prevent viruses.

The anti-virus package will load when the computer is turned on and will constantly check for symptoms of an attack. If a virus or other piece of malware is detected, it will be prevented from operating and the file will be "quarantined" so that it cant cause any harm. Many viruses actively try to shut down the anti malware software and may not even cause an issue until they detect that the anti malware software is not operating.

Anti-malware packages have three main functions:

To detect malware that has been installed.
To prevent malware from being installed.
To remove malware from the system.

Firewalls

A firewall can be a piece of software that performs a ‘block’ between a potential attacker and the computer system. The firewall software can be held on a server, or a standalone computer that will carry all traffic that is going to and coming from the systems internet connection.

All traffic on the network is sent in packets, and the packets each contain information in their header

The firewall software can monitor application and network usage and has the ability to block access from certain computer users and disable traffic that may be perceived as a threat. A firewall is not always 100% effective – an attacker could exploit a vulnerability which bypasses the firewall.

Many anti-malware packages have this feature built in.

Although rare, a firewall may be a dedicated piece of hardware that has the sole job of checking every single packet and will block any inappropriate traffic.

User access levels

Also known as system access rights, user access levels come under the system access control topic. They allow a system administrator to set up a hierarchy of users who have different permissions when they access different parts of the system.

Lower level users would have access to limited information and settings, whereas higher level users can access the most sensitive data on the system.

A good example is how a school network operates:

Students will be able to read and write to their own user area. They will also be able to read documents (but not write) that are stored in a shared area.
Staff will be able to read (but not write) work stored in the students folders. They will be able to create, edit and delete any files stored in the student shared area.

Passwords

A password is typically a string of characters used to gain access to a service or system. It is also possible to use a biometric password, where a fingerprint reader, iris scanner or even facial recognition software is used to validate that the user is actually genuine. Special hardware "dongles" can also be used which should be inserted into the computer before anyone can access the computer.

When text based passwords are used, a password policy may be enforced by the computer system which will force a user to have a "strong" password." Password length may be checked and any short passwords will be rejected. The longer the number of characters, the more difficult it is to actually guess the password. The password policy may also force users to change their passwords regularly and may prevent them from using a password again.

Encryption

Encryption is where data is translated into code so that only authorised users, or users with the key can decrypt and read. Users must have the key in order to decrypt the coded file.

A good example, although far too simple to be effective on a computer network, is the Caeser Cipher. This was invented by Julius Caesar and designed to keep his messages secret. It works by encrypting messages through movement of each letter a certain number of places to the left or right in the alphabet. The key tells us how many places that the letters have been moved.

Let’s say we received the message ABZOVMQBA with and the key was 3:

...you can see that the decrypted message is the word DECRYPTED.

Physical Security

Physical security refers to the most basic level of security which is probably what most people refer to when they talk about "security"

Lock the computer room when it is not in use.
Make sure that the keys are kept safe and not given to anyone who should not have them.
Use additional security such as fingerprint scanners and swipe cards at vulnerable positions on the network such as server rooms.
Restrict parts of the computers which may be easy to attack - such as USB ports and floppy disk drives.
Install surveillance cameras at key points.
Use computers that can have the case locked, or uses a special form of bolt that needs special tools.
Make sure that backup tapes and discs are kept in a secure, locked place.