Unit 9: Network Security
Key Unit Competence
explain network security and apply basic security measures.
9.1 Introduction to Network security
network security consists of policies implemented to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
It includes all technologies designed to protect the usability and integrity of computer network and information.
Implementing network security can save a business from malicious hacking and virus attacks that could cause a great data loss.
network security and privacy are major issues in data communications.to deal with internal and external security threats, networks need to be safeguarded with antivirus and firewall solutions. Good computer networks must meet performance levels expected. Good networks should also be reliable, consistent, and meet recovery procedures and security criteria to maintain smooth flow of data in an organization.
Activity 9.1
Research on the internet or library books and answer the following questions.
1. explain the meaning of the term network security.
2. Distinguish between the terms security and threat.
3. Identify security threats that are common with computer networks today.
4. suggest solutions that can be used to safeguard a computer network.
5. What are computer viruses? What risks are involved when a computer virus attacks your system?
6. How do you get to know that your computer is having a virus?
7. explain what you can do to protect computer system from viruses.
Practical
8. scan your computer with installed antivirus. If viruses are found, delete them. turn on your internet connection and allow the antivirus to auto update itself (or if it requests for permission to do so allow it). scan any available external disk e.g. flash drive before use.
9.2 Definitions of terms
- Security:this is a state of feeling safe and protected. something that provides a sense of protection against attack, harm or loss is security.
·Computer security means techniques developed to safeguard information stored on computer network.
- Threat: this is a possible danger that might exploit a vulnerability to breach/break security and therefore can cause damage, pain and loss. Vulnerability is a weakness in a system which allows an attacker to reduce system’s information assurance.
- Authentication: this is a process used to identify individuals based on username and password. this process establishes whether;
·someone or something is in fact who or what is declared to be.
·Authentication ensures that the individual is who he or she claims to be but nothing about access rights of an individual.
·Authentication proves that somebody or something is genuine or valid. Authentication is a security measure and uses data encryption to identify the user and verify that the message was not tampered with.
- Authorization: this is permission to perform action.
- Encryption: this is the process of encoding messages between two or more parties information such that hackers cannot read the message/information except the authorized parties. Restricted/sensitive information include:
- Identity information such as social security numbers, identification card numbers, driving license numbers, etc.
- Financial account information i.e. saving and credit card numbers, etc.
- student record information e.g. learner’s grades, financial aid information, etc.
- Medical record information e.g. diagnoses, treatment information, etc.
Note: If your computer is lost or stolen and you have encryption activated, people who try to access information on the computer won’t be able to read it.
Note: Encoding is a method designed to protect the integrity of data as it crosses networks and systems i.e. to keep original message upon arriving at destination.
Importance of encryption
1. encryption protects data in transit i.e. via computer networks like internet, e-commerce, mobile phones, wireless microphones, blue tooth devices and Automated teller machines.
2. It is used today to protect information on computers and storage devices such as flash drives belonging to civilians.
3. It is used by governments and in the military to facilitate secret communication.
Decryption: this is the process of decoding messages information such that authorized parties can read them.sensitive information stored on computer must be encrypted (using encryption key) so that it cannot be understood if it is accessed without using a (decryption key) to decrypt the information.
Additional information for Picture 9.1. above
elements of communicating data on a network include:
(i) Sender:this is a computer where message has been created by the user.
(ii) Encryption:this is the process of converting/encoding the message. the message is encrypted into cypher text form that cannot easily be understood.
(iii) the information is transmitted into cypher text to the receiver
(iv) Decryption:this is the process of decoding or reconverting cypher text to original message so that it is easily understood by the receiver.
(v) Receiver:this is a computer where the reader accesses the message.
Firewall: A firewall is a security software designed for preventing/blocking unauthorized access to data and system software on a computer network.
Note: A firewall is a piece of software or hardware. Firewall acts as a protection line between your network and the external threats from internet or other networks.
the firewall keeps track of every file that enters or leaves the local network so as to detect the sources of viruses and other problems that might enter the network.
9.3 Importance of computer security
Computer security is the protection of computer systems from threat that can damage software, hardware, and information and from disruption and misdirection of the services they provide.
the major importance of computer security is:
- protect the computer
- protect data
- protect user’s identification
this is mainly because data present in the computer can be misused by unauthorized intrusions.
Purpose of computer security is to:
- keep your information on computer protected
- maintain your computer’s overall health
- help prevent viruses and malware
- help programs run more smoothly.
9.4 Security threats
A security threat is anything that has the potential to cause serious harm to a computer system. threats can lead to attacks on computer systems and networks.
9.4.1 Origins of threats
Deliberate: I.e. aiming at information asset, for instance spying and illegal processing of data. Deliberate threat is planned intentionally.
Accidental: e.g. equipment failure or software failure. this occurs unexpectedly.
Negligence:I.e. known but neglected factors that can compromise network safety. negligence comes from paying less attention on a serious issue at hand.
Environmental:I.e. natural event and loss of power supply. this is generated by nature or condition of service.
9.4.2 Threats can be classified into two main categories
Intended threats:Include people within the organization. this is the most dangerous threat.
External threat:Include people outside the organization such as thieves, hackers.
The following are the threats in general that commonly affect systems:
- Physical damage such as fire, water, and pollution.
- natural disasters such as volcanic eruptions, climatic changes.
- Loss of essential services such as electrical power, air conditioning and telecommunication.
- Compromise of information e.g. hacking, theft of media.
- technical failures; equipment, software or capacity saturation.
- Compromise of functions i.e. error in use, abuse of rights and denial of actions.
9.4.3 Computer networks attacks
- Computer Viruses: Viruses are malicious programs that can corrupt your data on hard disk, delete most important operating system files, slow your computer operations and can make the system to crash. Viruses can also allow hackers to run programs on your computer or allow access to your files.
- Spyware: A big threat to online computers. Spyware is a software code installed on a computer without user’s knowledge to monitor or supervise user activities.
Spyware can do the following:·Gather personal information and can transmit it without your knowledge.
·Change computer settings.
·Corrupt windows Registry files.
·slow down internet connection speeds and the machine itself.
·steal your privacy.·take up memory and space on your computer.
·Can make a computer to malfunction or totally crash.
- Trojan horse (or Trojan): this is malware (malicious software) that is disguised as legitimate software. In computing, a trojan is any malicious computer program which misrepresents itself as useful, routine, or interesting in order to persuade a victim to install it on computer. trojans do not replicate themselves and appear harmless but in fact malicious.
- Social Engineering:this is a method used by hackers to gain access to computer systems by exploiting human behavior.In computer networking and security; social engineering is a collection of methods used to trick internal computer users to carry out specific actions or revealing confidential information thus breaking normal security procedures.
- Identity Theft: this occurs when personal information is obtained by unauthorized individuals who then use the information to commit a crime such as fraud or theft.everyone is at risk of identity theft. therefore, be careful managers of personal information, identification, and passphrases to help minimize your risk.
Risk involved with identity theft include: victims have to spend time and money cleaning up their personal and financial records. they may be refused loans, housing or cars, or even get arrested for crimes they didn’t commit.- Sabotage by employees:sabotage is malicious damage done usually by annoyed employees. An employee can intentionally enter data incorrectly, destroy hardware or delete sensitive data, changing known passwords and disappearing with customer information. the major solution is to regularly monitor employees’ activities and limit their access to certain sensitive systems or resources.
- Denial of Services Attack (D o SA): this is a method used by hackers to send too many requests to a specific server thereby using all available resources. this leads the server to become unavailable for internet users or crash down.
Unauthorized access by intruders or hackers.Activity 9.21. explain the difference between a spyware and a spam. Identify risks involved when your computer is infected with spyware.2. explain the term ‘social engineering’ in regard to computer security threats.3. explain the term ‘identify theft’. Identify the risks involved with identity theft.4. Describe the concept of firewall as a security solution to network threats.5. explain the difference between encryption and decryption.6. Identify the kind of information that should be encrypted in your school.Practical7. start your computer and open a folder where you frequently save your files.Do the following tasks:(i) Make two of your files as Read-only files (this will prevent other users from modifying contents).(ii) Hide two of your files such that other users do not see them even when they open that folder.(iii) encrypt any two of your important files.(iv) Un hide the hidden file(s).To make a file a Read-OnlyStep 1: open the folder where you often save your files such as My Documents folder.Step 2: Right-click on a file (s) and in the shortcut menu select Properties (see picture 9.2)Step 3:In the File Properties dialog box that displays, check Read-Only Attribute. (see picture 9.3)Step 4:Click on Apply and close the dialog box.To hide a fileStep 1: open a folder where your files are stored such as My Documents folder.Step 2: Right-click on a file (s) and in the shortcut menu select Properties (see picture 9.2)Step 3:In the File Properties dialog box that displays, check Hidden Attribute. (see picture 9.3)Step 4:Click on Apply and close the dialog box.To encrypt a file or folderStep 1: open a folder where your files are stored such as My Documents folder.Step 2: Right-click on the file (s) and in the shortcut menu select Properties (see picture 9.2)Step 3:In the File Properties dialog box that displays, click Advanced Attribute. (see picture 9.3)Step 4:In the Advanced Attributes dialog box that displays, check box for “Encrypt contents to secure data” and then click OK.Step 4:Click on Apply and close the dialog box.To un hide hidden file(s)Step 1: open Control Panel window and display the contents as small or large iconsStep 2:Click on File Explorer Options (see picture 9.5 above).Step 3:In the File Explorer Options dialog box that displays, click on View tab. see picture 9.6.Step 4: select “Show hidden file, folders and drives”9.5 Security procedures9.5.1 Protect physical equipment- to protect physical equipment against fire and burglary, put in place fire extinguishers against fire, use metallic doors and windows with strong padlocks against theft. security cameras and burglar alarms and security guards are used to detect theft.
- Use UPS (Uninterruptible Power supply) to protect system failure and data loss due to the power failure. A UPS is a power backup device. UPS keeps power for about 15 minutes after power loss.
- Use power surge protector to protect your computer against voltage spikes that can harm your system.
9.5.2 Protect dataProtection of data is aimed at safe guarding data against loss, damage and theft. the procedures include;a) Data backupsYou risk losing your data that could have taken you a lot of time to gather if you do not back it up. Your files could disappear due to virus, crash, accidental keystroke, theft or disaster. to backup is to create a second copy of your important data/files somewhere other than your computer’s hard drive.To be sure and secure, that your data is protected, do the following:·Create a duplicate copy of your critical data.·Backup critical and essential files on a daily basis.·Backup and non-critical files on a weekly or monthly basis. You can back up your data to a CD or DVD, to an online backup service (for a small monthly fee), flash drive or to a server. ·store your backup media (CD/DVD, external hard disk and backup server) in a safe, secure place away from your computer, in case of fire or theft.·Periodically, test the capability to restore from the backup media. An unreadable backup is not worth keeping. to ensure that your backup files are reliable, simply upload the files to your computer.b) Regularly update antivirus software.c) scan your computer data and programs regularly.d) Update your operating system regularly with the latest security patches and service packs.e) Have a strong password and change it frequently.f) Install and configure a firewall.g) Don’t download information from the insecure websites.h) Don’t open email attachments from unknown sources.i) scan every external disk memory attached to your computer to protect from malware.j) scan all shareware and freeware before installing them on your computer.Activity 9.31. Describe security risks to computers in your school computer laboratory. suggest solutions that can be used to protect school computers and information stored therein.2. Discuss the concept of ‘backup’ in regard to security procedures on computer.3. explain security procedures that can be used to protect physical equipment of computers.Practical Numbers4. Create a backup of all your important files existing on the computer to a Flash disk or a DVD. (simply save the files on the disk and keep this disk in a safe place for future use).Note: In case school computers are serviced, all the files and programs may be deleted, so backing your files can help store your files safely for longer periods without getting lost.5. a) start your computer and then use Administrator Account to create a User Account with a strong password (8 characters and above).b) exchange computers with a friend. Give your password to that friend to allow him use your account for 10 minutes. Return back to your computer and log on by typing your password. Change your password to become even stronger (12 characters and above).Note: Each time you are prompted to give someone your password, make sure when you return to the computer you change it immediately.6. Collect all rubbish and papers (as heap) from your class and place them in a particular location outside the computer lab. Light fire on the rubbish and papers. Quickly pick the Fire extinguishers to extinguish that fire and avoid its spread.Note: Ensure you learn properly how to use a fire extinguisher so that in case of fire outbreak on Network devices, you can contain it.7. Disconnect your UPS from the computer. Connect your computer directly to power source such as Power socket. start your computer and begin working by typing a brief background about your school. one learner shall switch the main power source without your consent. When you switch back your computer, determine how much data you have lost without using a UPS.8. Download nero burning software and attempt to install it using your limited account.Note: If you don’t have administration password, you cannot install programs.9.6 Basic security precautionssecurity precautions are guidelines you need to follow in order to use a system when you are protected on a network. You need these guidelines on both wireless and wired network.9.6.1 Wireless networksA wireless computer network can be protected from the internal and external security threats by implementing the following techniques:- Control access rights. Unauthorized access must be stopped immediately.
- Don’t expose your SSID server password for your wireless network or login password to wired network.
- encrypt your Wi-Fi network.
- Use encryption method i.e. converting data into unreadable format during transmission using an encryption algorithm and encryption key.
- Disconnect your PC from the network when you are not using it.
- enable firewall and the antivirus software on each computer.
9.6.2 Wired networksthe following techniques are necessary to protect wired networks:- Control direct physical access to network devices and avoid unauthorized access.
- Use strong passwords that must be regularly changed.
- Disconnect your PC from the network when it is not in use.
- Use hardware firewall for access to external network and internet.
- secure loose cables.
End of Unit 9 Assessment1. Describe the kind of data security that can be implemented on a wireless computer network.2. explain how you can protect computer information in relation to data backups.3. explain the meaning of the following terms:a) Denial of service Attackb) trojan horsec) Hacking4. Describe solutions designed for the following network attacks:a) spam b) sabotage by annoyed employeesc) spyware d) Denial of service5. Your teacher has instructed you to clean your computer laboratory, describe the precaution you should undertake to;a) protect computers and network devicesb) protect other users (fellow learners)Practical Numbers6. a) Backup all your important files on your computer to a flash drive.b) Delete all files on the computer that you have backed. Perform the process to restore these important files on the computer.Follow the procedure belowa) Steps to set up your backup on the computerStep 1:Click Start button, select Settings.Step 2:Click Update & Security (see picture 9.7 below)Step 3:In the Update & Security screen that appears, select Backup tab on the left and then click Add a drive on the right. (see picture 9.8 below). In the screen that displays, select an external drive or network location for your backups.Note: Determine which files to backup and how often to backups happen click More Optionsb) Steps for Restoring your filesStep 1: type Restore files in the search box on the taskbar, and then select Restore your files with File History.Step 2:Look for the file (or folder) you need, then use the arrows to see all its versions.Note: You must connect the Restore source or backup device.Step 3:When you find the version you want, select Restore to save it in its original location. to save it in a different place, press and hold (or right-click) Restore, select Restore to, and then choose a new location.7. a) start your computer and update your antivirus.b) Carryout a complete scan (to scan all drives and devices attached to your computer).8. Download Windows Updates and install them on your computer.