Cyber Security Threats and Defense

Security Threats to network are an emergent problem for the individual as well as organizations in the whole world, and the security threats become worse and multiply day by day. Computer networks are necessary for everyday activities and both Individuals and organizations depend on their computers and networks.

Intrusion to these computers by an illegal person can result in a network breakdown and loss of data and work. Attacks on a network can be disturbing, resulting in a loss of time and money due to damage or theft of significant information.

The Intruders can enter the network through software vulnerabilities, guessing someone’s username and password, and hardware attacks. An intruder is an individual, commonly called a hacker or software, that enters a computer without authorization. When an intruder (hacker) successfully gains access to the network, four types of security threats may happen:-

Loss of Data and manipulation

When a hacker successfully enters someone’s computer, he destroys or alters data records. Examples include sending a virus reforming a computer’s hard drive and breaking into a records system to change information.

Information Theft

In this case, an intruder accessed the computer and obtained confidential information. The intruder used this information for different purposes and also sold it.

Identity Theft

The individual usually obtains the personal document on their personal computer.  The intruder stole this personal information. Using this information, an intruder can get legal documents, make an unauthorized purchase, and apply for credit.

Disruption of service

If the intruder can’t get in, he tries to ensure that no one else can. This is the Dos (denial-of-service attack). This kind of security threat does not try to get information directly. Depending on which service crashes under the load, its effect can expose other previously protected resources.

Physical Security Threats

Physical security is another crucial aspect of network security. The elements of physical security must be dealt with in the organizational policy. Physical security threats have four classes:

• Hardware security threats– this is a security threat related to hardware. It damages network devices, servers, and workstations.
• Electrical threats—This threat concerns the input voltage. The voltage may be insufficient, spike, unconditioned, or loss of power.
• Maintenance threats—This threat concerns poor handling of electrical components, poor cabling and labeling, and a lack of spare parts.
• Environmental threats—Environmental threats are also significant. Temperatures that are too hot or cold and humidity that are too wet or dry are ecological threats.

To Limit the physical damage to equipment, make a security plan as follows:-

• Lockup equipment
• Prevent unauthorized access
• Maintain electronic logs of entry and exits
• Use security cameras

The figure below illustrates a general floor plan for a secure computer room for a network.

Defense Against Threats

In defending against network attacks, there are four sets of tools that will help you keep your network secure against unauthorized access, monitoring, and network attacks: management, firewall, encryption, and endpoint security.

Management

Management is the primary defense against network attacks. The following actions should be implemented in configuration management against network attacks.

Backup, Upgrade, Update, and Patch

The machines in the network should be running up-to-date because the latest update can provide more effective defence against network attacks. Whenever new malware is released, the operating systems need the latest update with the latest antivirus software. The best way to keep up-to-date against network attacks is to download security updates and patches from the operating system vendor.

The management needs to create a central patch server for critical security patches. All other systems must have access from time to time. Any required security patches not installed on a host are automatically downloaded from the server and installed automatically for user intrusion.

Backup is essential when defending against network attacks. Each computer should have the latest copy of the backup.  All configuration files in your Operating Systems or Applications should have enough security.

Authentication, Authorization, and Accounting

Authentication, authorization, and accounting (AAA) network security services provide primary access control on a network device. AAA authenticates and controls access to a network; it also controls the users’ what they can do while they are logged in.

Passwords

The password is very important to protect network devices against attacks. It is important to use strong passwords rather than the default password or an easy password. For passwords, implementation follows the below steps.

• Use a complex password, including uppercase letters, lowercase letters, numbers, symbols, and spaces, only if allowed.
• Use a minimum of 8 characters password, preferably 10 or more characters.
• Do not use common dictionary words for the password.
• Avoid passwords based on repetition, number sequences, letter sequences, usernames, relative or pet names, and misspell words.
• Do not use biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable information.
• Change passwords often.
• Do not write passwords down and leave them in precise places.
• Following are examples of passwords

Weak Password

• Amrick
• Michel
• Yasir
• Nokia
• Khan1975
• 1234567

Strong Password

• P@12>fo<ur^1978
• No ^^&34@fsc^hub

On Cisco routers and switches, leading spaces are ignored for passwords, but spaces after the first character are part of the passwords. The passphrase is a password that uses the space bar to create a phrase of many words. The passphrase is also a strong password.

Firewalls

A firewall is the most efficient security tool for protecting users from network attacks. The firewalls exist in between two or more networks, controlling traffic and preventing unauthorized access between them. End systems also use a personal firewall. The following are different techniques that use a firewall for filtering:

• URL filtering prevents or allows access to websites using Keywords or URLs. Packet filtering uses a MAC address or IP address to prevent or allow access.
• Application filtering – Prevents or allows access by specific application types.
• State full packet inspection (SPI) – Incoming packets must be valid responses from internal hosts. Voluntary packets are blocked unless permitted particularly. SPI also recognizes and filters specific types of attacks.

Encryption

The administrator can use encryption as a defense against network attacks. It can give protection against eavesdropping as well as sniffer attacks. Internet Protocol Security (IPSec), Private Key Infrastructure (PKI),  and Virtual Private Networks (VPN) can also secure a network against attacks.

Endpoint Security

Individual computer (host) system or device that acts as a network client, common endpoints are laptops, desktops, servers, smartphones, and tablets. Securing and preventing these devices from a network attack is the most challenging task for a network administrator.

Securing endpoints must have well-documented policies, and the employees must be aware of these rules. The employees must be trained for proper using the network. The policies also include the use of antivirus software and host intrusion prevention.