Network Security and Cybersecurity

1. Information Security Triad

The information security triad refers to three pillars of a secure network: confidentiality, integrity, and availability. This is also sometimes referred to as CIA, although it must not be confused with the governmental bureau with the same acronym.

• Confidentiality: When protecting information, we want to be able to restrict access to those who are allowed to see it; everyone else should be disallowed from learning anything about its contents. This is the essence of confidentiality. For example, federal law requires that universities restrict access to private student information. The university must be sure that only those who are authorized have access to view the grade records.
  
  
• Integrity: Integrity is the assurance that the information being accessed has not been altered and truly represents what is intended. Just as a person with integrity means what he or she says and can be trusted to consistently represent the truth, information integrity means information truly represents its intended meaning. Information can lose its integrity through malicious intent, such as when someone who is not authorized makes a change to intentionally misrepresent something. An example of this would be when a hacker is hired to go into the university’s system and change a grade. Integrity can also be lost unintentionally, such as when a computer power surge corrupts a file, or someone authorized to make a change accidentally deletes a file or enters incorrect information.
  
  
• Availability: Information availability is the third part of the CIA triad. Availability means that information can be accessed and modified by anyone authorized to do so in an appropriate timeframe. Depending on the type of information, appropriate timeframe can mean different things. For example, a stock trader needs information to be available immediately, while a salesperson may be happy to get that day's sales numbers in a report the next morning. Companies such as Amazon.com will require their servers to be available twenty-four hours a day, seven days a week. Other companies may not suffer if their web servers are down for a few minutes once in a while.

2. Access Control

Access control describes the technology and techniques that can be used to control who has access to a computer system. Access control can be implemented in a number of ways, such as physical security (locking the door to a computer lab) or user authentication. User authentication refers to the ways in which a person’s identity is verified by a computer system. The most common form of user authentication is through the use of a user ID and password login system.

• User ID and Password: User IDs and passwords are the most popular method of access control. A user ID and password combination is required to log in to systems with this type of access control. Windows, websites, and many other systems relying on computers utilize this method. A user chooses a user ID and password, and this information is encrypted and stored on the computer. Access remains local to the computer in which the user ID and password information are stored. The main security risk is that someone or something (i.e malware) could break the encryption code on the file where the passwords are stored, and then could gain access to the system. Strong password policies, such as requiring complex passwords and regular changes, are recommended to mitigate these risks.
  
  
• Smart Cards: Another way to provide access control is through the use of smart cards. A smart card is a plastic card that contains a microchip that a card reader can scan to verify a person's identity. Smart cards are often used as student ID cards and employee badges, thereby giving access to restricted areas or hardware to people with the proper credentials. Smart cards can also be used to restrict access to computers. Smart cards are typically used as a way to replace the user ID and password combination. Modern implementations often pair smart cards with PINs or biometric authentication for added security. The main security risk here is an unauthorized person obtaining access to the card.
  
  
• Biometric Readers: A biometric reader identifies users by scanning for one or more physical traits. Some examples of biometric devices are for fingerprint recognition, facial recognition, voice recognition, and retina scanning. Many law enforcement and government agencies utilize this form of access control, as this is one of the most secure access control methods, due to the uniqueness of the metrics required to obtain access. For example, for over 100 years, police departments have used fingerprint scanners and no two prints have ever been found to be identical. Biometric authentication is increasingly used in smartphones, laptops, and secure facilities.
  
  
• 2-Factor Authentication: For more advanced security, additional authentication may be required along with user IDs and passwords. A user may log in with the traditional information, but then may be required to authenticate with a special one-time code provided through text, email, or an authentication app. These types of additional authentications build in another layer of security when a password may have been compromised. If the user is not able to provide the special code, they are not permitted access to the account and cannot steal valuable information.
  
  
• Multi-Factor Authentication (MFA): MFA requires two or more independent credentials for more robust security. This approach combines something the user knows (password), something the user has (smart card), and something the user is (biometric verification). MFA enhances security by making it significantly more difficult for unauthorized users to gain access.

terms to know

Access Control

The technology and techniques that can be used to control who has access to a computer system.

Smart Card

Plastic card that contains a microchip that a card reader can scan to verify a person's identity.

Biometric Reader

Identifies users by scanning for one or more physical traits.

3. Wireless Network Security

Wireless networks are a great security risk, due to the fact that there is no physical security. The only way access to a wireless network can be obtained is through connecting to the router or switch. Additionally, anyone within close proximity to a wireless router can access the network if proper security measures haven’t been taken. To limit access to a wireless network, administrators can set up encryption on the router, so that users must type an encryption key to connect to the network. In addition to encryption, it's crucial to regularly update the router’s firmware and use strong, unique passwords. The following are types of wireless encryption.

• Wired Equivalent Privacy (WEP): Controls wireless router using 64-bit or 128-bit key; considered obsolete due to vulnerabilities.
• Wi-Fi Protected Access (WPA): Improves upon WEP; introduces stronger encryption and key management.
• Wi-Fi Protected Access 2 (WPA2): New version of WPA, uses Advanced Encryption Standard (AES) for improved security.
• Wi-Fi Protected Access 3 (WPA3): Latest version; enhances security with stronger encryption and protection against brute-force attacks.

terms to know

Wired Equivalent Privacy (WEP)

Commonly used method of network encryption; controlled by entering in a 128 bit or 256 bit key.

Wi-Fi Protected Access (WPA)

Method of wireless encryption that offers capabilities for a large wireless network.

4. Common Network Attacks (Malware)

All operating systems and applications have vulnerabilities that can be exploited. When criminals use a vulnerability to attack a system, the attack is called an exploit. To protect against exploits, Windows, Mac OS, and Linux have ways to update their operating systems when people become aware of ways in which to attack. The term used to describe malicious software used to launch attacks on a computer system is malware. Listed below are the common types of malware.

• Virus: A virus is a computer code that inserts itself into an executable file. When the infected executable file is run, the virus’s code executes along with the application’s code. Viruses are programmed to hide inside of a host file so that it is not obvious to the operating system or user that a virus is there. Once executed, a virus’s code can cause pop-up windows to continually appear, files to be corrupted, files to be deleted, and a host of other system issues. Virus’s code can also be copied into RAM and from there it can attach itself to other executable files. A virus can be detected and removed by utilizing anti-virus software.
  
  
• Trojan Horse: A Trojan horse is an application that appears to do something useful while secretly causing damage to your computer system. Although a Trojan horse can be detected and removed with anti-virus software, it is not a virus because Trojan horses do not hide inside of executable files. Typically, this form of malware seeks to install software designed to compromise privacy. For example, a common Trojan horse is a keystroke logger. A keystroke logger records keystrokes in a file and sends the file to the author of the program. The creator of the logger can then open the file and access user IDs and passwords.
  
  
• Worms: A worm is an application that carries harmful programs, such as a Trojan horse or virus. Worms can be either active or passive. An active worm can transport itself, while a passive worm relies on a user to move it from one location to another. This is often accomplished by fooling users into opening email attachments and/or forwarding emails containing the worm to other users. Anti-virus software can be used to detect and destroy worms.
  
  
• Adware: Adware is software that displays advertisements on a user’s computer without the user's permission or prompting. People who write adware make money based on how many times an advertisement is clicked. Many types of adware come in the form of an add-on toolbar for your web browser. Adware can be difficult to remove once installed on your computer. Anti-virus software can be of some help; however, in most cases, you will need to research to find the solution for removing adware.
  
  
• Spyware: Spyware is software that makes recordings of your computer’s usage without your knowledge or consent. Spyware creators are paid for collecting information about people for marketing purposes. Keystroke loggers are an example of spyware. Most spyware is very difficult to remove once installed on your computer. Anti-virus software will remove some spyware but in most cases, special anti-spyware software has to be used. Anti-spyware software is software that defends against spyware and adware.

terms to know

Exploit

An attack that uses a vulnerability to harm a system.

Malware

Malicious software used to launch attacks on a computer system.

Virus

Computer code that inserts itself into an executable file.

Anti-Virus Software

Software that defends against malware (viruses, worms, and Trojan horses).

Trojan Horse

An application that appears to do something useful while secretly causing damage to your computer system.

Worm

An application that carries harmful programs such as a Trojan horse or virus.

Keystroke Logger

Records keystrokes in a file and sends the file to the author of the program.

Anti-Spyware Software

Software that defends against spyware and adware.

5. Malware Defense

Recall that there are quite a few types of malware all designed to cause your computer system harm, spy on your activities, or to obtain data without your knowledge. There are two types of software that are designed to protect your system against malware attacks: anti-virus software and anti-spyware software.

• Anti-Virus Software: Anti-virus software is software designed to defend against malware. The software works by opening a file, scanning the code, and looking for signatures of known malware. Anti-virus software also scans executable files to locate viral content. Modern anti-virus solutions also use heuristic analysis and behavior-based detection methods to identify new or unknown threats. Typically, anti-virus software maintains a large database of known viruses regularly updates this database to protect against the latest threats.
  
  
• Anti-Spyware Software: Anti-spyware software is software designed to defend against spyware and malware. These packages look for known spyware and/or adware, so that they can remove them. Anti-spyware software often includes real-time protection features to prevent installation of spyware and adware before they can cause harm.

6. Cybersecurity

Cybersecurity is similar to network security but is focused on protecting organizational and user data from unauthorized users and mitigating potential attacks across all devices regardless of being on a specific computer network or not. Cybersecurity teams deal with the softwares and attacks mentioned above, identify potential threats and points of vulnerability in systems, and build in security measures to identify, mitigate, and resolve these types of attacks.

There is an influx of newer forms of attacks to target organizations and their users in attempts to steal information.

• Phishing/Smishing: Phishing is a digital practice of sending an email or text (SMS, hence Smishing) to trick users into revealing sensitive information such as passwords, social security numbers, and security questions. These digital communications can involve hackers pretending to be someone they aren’t, organizations or its members, to gain trust and this sensitive information. Communications may suggest a reward or consequence for not urgently following up.
  
  
• Whale and Spear Phishing: A type of phishing, these attacks involve scammers targeting and impersonating executive leaders to steal sensitive information.

6a. Trends in Cybersecurity

As more of the world joins the digital space, more data is at risk of being stolen by attackers. Cybersecurity and other specialists have and continue to develop and produce technologies and tools to protect their data and improve user knowledge of potential attacks. Some of these tools and measures include:

• Blockchain: Blockchain is an advanced form of a database technology and is commonly associated with cryptocurrency. In this type of data keeping, a large group of data is stored in a block and added to a digital chain and timestamped. The chain works across computers and networks, and every time a new block of data is added, it is added to the end of the chain. It’s nearly impossible to alter data on blockchain without extensive money and resources, making it a growing trend for research and cybersecurity measures.
  
  
• Artificial Intelligence Monitoring: Artificial intelligence (AI) is being used to monitor global trends and vulnerabilities. AI gives cybersecurity insight for prioritization of security measures and preventative solutions.
  
  
• Zero Trust Architecture: Zero Trust is a security model that assumes threats could be both outside and inside the network. It operates on the principle of "never trust, always verify," meaning every request for access, whether inside or outside the network, is verified before granting access. This approach limits unauthorized access and enhances protection against data breaches.
  
  
• Extended Detection and Response (XDR): XDR is an advanced security solution that integrates multiple security products into a unified platform. It enhances detection, investigation, and response capabilities by correlating data across various security layers, providing a more comprehensive view of threats.
  
  
• User Training and Education: As more organizations have users across time zones, locations, devices, and networks, training and education has been a critical component for onboarding and yearly training requirements. Informed users help reduce the risk of cybercrimes.