Cyber Security Threats and Defense

Threats to network security are an emergent problem for the individual as well as organizations in the whole world, and the threats become worse and multiply day by day. Computer networks are necessary for everyday activities and both Individuals and organizations depend on their computers and networks.

Intrusion to these computers by an illegal person can result in network breakdown and loss of data and works. Attacks on a network can be disturbing, which result in a loss of time and money due to damage or theft of significant information.

The Intruders can enter into the network through software vulnerabilities, through guess someone’s username and password and hardware attacks. An intruder is an individual commonly called hacker or software that enters a computer without authorization. When intruder (hacker) successfully gains access to the network, four types of threats may happen:-

Loss of Data and manipulation

When hacker successfully enters to someone computer, he destroys or alters data records. Examples sending a virus that reformats a computer’s hard drive and breaking into a records system to change information.

Information Theft

In this case when intruder gain access to the computer which obtains confidential information. The intruder used this Information for different purposes and he also sold this information.

Identity Theft

The individual usually obtains the personal document on their personal computer.  The intruder stole this personal information. Using this information, an intruder can get legal documents, make an unauthorized purchase and apply for credit.

Disruption of service

If the intruder can’t get in, then he tries to ensure that no one else can, either. This is the Dos (denial-of-service attack). This kind of threat does not try to get information directly, depending on which service crashes under the load, their effect can expose other resources that were previously protected.

Physical Security Threats

The physical security is another important aspect of network security. The aspects of physical security must be dealt with in the organizational policy. The physical security has four classes of physical threats are:

  • Hardware threats– hardware threat is physical damage network devices, servers, and workstations.
  • Electrical threats– This threat is about the input voltage, the voltage may be insufficient, voltage spikes, unconditioned power, and complete power loss
  • Maintenance threats– This threat is about poor handling of electrical components, poor cabling and labelling and lack of spare parts.
  • Environmental threats– Environment threat also important, the temperature too hot or too cold and humidity too wet or too dry are the environmental threats.

To Limit the physical damage to equipment, make a security plan is as follow:-

  • Lockup equipment
  • Prevent unauthorized access
  • Maintain electronic logs of entry and exits
  • Use security cameras

The figure below illustrates a general floor plan for a secure computer room for a network.

Cyber Security Threats and Defense 2

Defense Against Threats

In defending against network attack, there are four sets of tools that will help you to keep your network secure against unauthorized access, monitoring, and network attacks which is management, firewall, encryption, and endpoint security.

Management

The management is the main set of defence against network attacks. The following actions should be implemented as part of configuration management against network attacks.

Backup, Upgrade, Update, and Patch

The machines in the network should be running up-to-date because the latest update can give more effective defence against network attacks. Whenever new malware is released, the operating systems need the current update with the latest versions of antivirus software. The best way to keep up-to-date against network attacks is to download security updates and patch from the operating system vendor.

The management needs to create a central patch server for critical security patches. All other systems must have access from time to time. Any required security patches that are not installed to a host are automatically downloaded from the server and installed automatically user intrusion.

Backup is very important when defending against network attacks. Each computer should have the latest copy of the backup.  All your configuration files in your Operating Systems or Applications should have enough security.

Authentication, Authorization, and Accounting

Authentication, authorization, and accounting (AAA) network security services provide primary access control on a network device. AAA authenticate and control access to a network, its control the users what they can do while they are login.

Passwords

The password is very important to protect network devices against attacks, it is important to use strong passwords rather than using the default password or to easy password. For password, implementation follows the below steps.

  • Use complex password Including uppercase letters, lowercase letters, numbers, symbols, and spaces, only if allowed.
  • Use a minimum of 8 characters password, preferably 10 or more characters.
  • Do not use common dictionary words for the password.
  • Avoid passwords based on repetition, number sequences, letter sequences, usernames, relative or pet names, misspell words.
  • Do not use biographical information, such as birthdate, ID numbers, ancestor names, or other easily identifiable pieces of information.
  • Change passwords often.
  • Do not write passwords down and leave them in clear places.
  • Following are the examples of passwords

Weak Password

  • Pakistan
  • Yasir
  • Nokia
  • Khan1975
  • 1234567

Strong Password

  • P@12>fo<ur^1978
  • No ^^&34@fsc^hub

On Cisco routers and switches ignore leading spaces for passwords, but spaces after the first character are the part of the passwords. The passphrase is a password which uses the space bar and creates a phrase of many words. The passphrase is also a strong password.

Firewalls

A firewall is the most efficient security tools for protecting users from network attacks. The firewalls exist in between two or more networks controlling traffic and prevent unauthorized access between them. End systems also use a personal firewall. Following are different techniques which use a firewall for filtering:

  • URL filtering – prevents or allows access to websites using Keywords or URLs. Packet filtering – Uses MAC address or IP address to prevent or allows access.
  • Application filtering – Prevents or allows access by specific application types.
  • State full packet inspection (SPI) – Incoming packets must be valid responses from internal hosts. Voluntary packets are blocked unless permitted particularly. SPI also recognize and filter specific types of attacks.

Encryption

The administrator can use encryption against a defence the network attacks. It can give protection against eavesdropping as well as sniffer attacks. Internet Protocol Security (IPSec), Private Key Infrastructure (PKI),  and Virtual Private Networks (VPN) can also secure a network against attacks.

Endpoint Security

Individual computer (host) system or device that acts as a network client, common endpoints are laptops, desktops, servers, smartphones, and tablets. Securing and preventing these devices from a network attack is the most challenging task for a network administrator. For securing endpoint must have well-documented policies, and the employees must be aware of these rules. The employees must be trained for proper using the network. The policies also include the use of antivirus software and host intrusion prevention.