Professional Documents
Culture Documents
NO NAME IDNO
1. GUTEMA BEYENE ………………………………...CIR/349/11
2. ADISU TSEGAYE …………………………………CIR/308/11
3. KENO DIRIBA…………………………………………CIR/357/11
1|Page
Table of Contents
Lists of Table............................................................................................................................................I
Lists of Figure.........................................................................................................................................II
Abstract..................................................................................................................................................III
CHAPTER ONE........................................................................................................................................1
1.1. Introduction and Background of the Study..................................................................................1
1.2. Problem Statement.......................................................................................................................1
1.3. Motivation of the Study...............................................................................................................2
1.4. Objectives of the Study................................................................................................................2
1.4.1. General objective...............................................................................................................2
1.4.2. Specific objective................................................................................................................2
1.5. Research Questions......................................................................................................................2
1.6. Significance of the Study.............................................................................................................3
1.7. Scope and Limitation of the study...............................................................................................4
1.7.1. Scope of the Study..............................................................................................................4
1.7.2. Limitations of the study.....................................................................................................4
CHAPTER TWO.........................................................................................................................................4
2. LITERATURE REVIEW....................................................................................................................4
2.1 Introduction.................................................................................................................................4
2.2. An Overview of Network Security..............................................................................................4
2.3. CIA Triad.....................................................................................................................................5
2.4. Network Security attacks.............................................................................................................7
2.5. There are two types of Network attacks:......................................................................................7
2.5.1. Passive Attacks...................................................................................................................7
2.5.2. Active Attacks....................................................................................................................7
2.5.3. Other Security attacks.......................................................................................................8
2.6. Network Security solutions..........................................................................................................9
2.6.1. Network Security Awareness............................................................................................9
2.6.2. Network Security Mechanisms.........................................................................................9
2.6.3. Network Security Tools...................................................................................................10
2.7. Review of Previous Work..........................................................................................................11
2.8. Knowledge Gaps........................................................................................................................13
I|Page
CHAPTER THREE.................................................................................................................................14
3. RESEARCH METHODOLOGY...................................................................................................14
3.1. Introduction...............................................................................................................................14
3.2. Research Design........................................................................................................................14
3.2.1. Target population............................................................................................................15
3.2.2. Sample size and sampling procedures............................................................................15
3.3. Research Methodology Development........................................................................................15
3.3.1. Data collection Methods..................................................................................................16
3.3.2. Validity and reliability of the instrument.......................................................................16
3.4. Data Analysis.............................................................................................................................17
3.4.1. Quantitative data analysis...............................................................................................17
3.4.2. Qualitative data................................................................................................................18
3.5. WORK PLAN............................................................................................................................19
3.6. Project Budget...........................................................................................................................20
3.7. Conclusion.................................................................................................................................20
REFERENCES......................................................................................................................................20
II | P a g e
Lists of Table
Lists of Figur
III | P a g e
Figure 2. 1 CIA Triad................................................................................................................................6
Figure 2. 2 Conceptual Framework.......................................................................................................13
Abstract
Now is the time for WKU to seek more network services and to exchange more confidential
information within these services. First, there is a specific requirement for network access in
WKU. To enable students to go beyond space and time to acquire knowledge; The construction
IV | P a g e
of the WKU Network is the foundation of all university construction to provide a better learning
environment for greater freedom and choice of educational activities.
The WKU network has many functions such as teaching, research, management and external
communication. It can be easily compromised when using network services in the WKU
network. This article represents the current state of WKU network security, analyzes current
security threats, issues or issues on WKU network security and finally describes solutions or
strategies for WKU network security, effective and efficient Strong network system within
WKU. This item introduces a change of security issues and solutions within the WKU network.
V|Page
CHAPTER ONE
1.1.Introduction and Background of the Study
WKU network connectivity expanded rapidly, WKU network services and applications increased
rapidly, at the same time; WKU network information security is more important today. Complete
security measures have not been taken in the current network and application system, and
security vulnerabilities in the host operating system and application are still not working, there
are many problems with system administration, all of them serious security issues, so our
network security is very important. Recent network monitoring has seen the system and its host
try to invade others, there are a large number of security issues in the system, and there are many
security issues that are difficult to eliminate and eliminate.
In addition, a virus transmitted through the network can significantly affect the normal
functioning of the premises network or the WKU network.
1|Page
To prevent identity theft in wku
Identify the software security threat's issues that bleach wku network security and propose the
solutions.
Identify and provide solutions for various network security attacks that compromise the security
of the wku network.
Provide a variation of network security methods and network security tools for security issues in
the WKU network.
And last but not least, the review of the current state-of-the-art campus network information
security solutions.
In what way is a hardware threat likely to influence network security effectiveness in the WKU?
In what way is an external network security attack likely to influence network security
effectiveness in the WKU?
In what way is an internal network security attack likely to influence network security
effectiveness in the WKU?
What are network security tools used to promise the effectiveness of network security in the
WKU?
2|Page
What are other modern network information security solutions or propose a generic solution for
the future assessment?
This research is then considered beneficial to Ethiopian universities' ICT policy as well as
network administrative workers and makers because it will provide different solutions on Issues
that influence network security effectiveness in universities and in turn propose an approach to
assess the solutions for those network security issues. By proposing a framework for assessing
network security effectiveness, the study will be beneficial for future assessment of network
security effectiveness.
Since network security is a dynamic process, this study when completed will contribute to the
existing body of knowledge as reference materials in the area of network security and more
specifically when studying network security effectiveness issues for Ethiopian Universities. [1]
This research therefore will fill in the gap by finding out the solutions for hardware threats,
software external and internal network security attacks, and organizational influence network
security effectiveness in the WKU and further recommend a generic framework to be adopted for
assessing such systems in the other second and third-generation universities as well as first-
generation Ethiopian universities, by answering the questions about the current network security
issues and attacks such as hardware threats, software threats such as internal and external
software threats and also this research is helpful to overcome those network security issues by
proposing network security measures and network security tools those are used to enhance the
effectiveness of network security.
3|Page
.7. Scope and Limitation of the study
.7.1. Scope of the Study
The scope of this research is network security issues and their solutions in WKU so this research
is focused on based on the current network information of WKU and propose the solutions such
as the network security measures as well as network security tools to enhance the effectiveness
of network security in WKU.
CHAPTER TWO
. LITERATURE REVIEW
.1 Introduction
This chapter entails an overview of Network Security, Network Security Issues such as hardware
attacks, software attacks, Network security effectiveness, and Network security practices or
network security solutions such as; Network security mechanisms, Network security tools. In
addition, related literature and conceptual framework that this study is anchored on are discussed
here.
Network security is any doings intended to protect your network and data procedure and
integrity. It includes both hardware and software technologies. Effective network security
manages network access. Targets various threats and prevents them from entering or spreading
your network [2] [3].
The need for an effective security approach involves high technical features. However, security
must begin with common ground, often limiting access to buildings, rooms, computer
workplaces, and neglected features, making any security measures ineffective.
4|Page
One might think that network security measures on the network are to protect networks and
information from hackers, scammers, criminals, and negligent employees. It is very effective
when applied in layers. These layers build protection against all network hazards.
The idea is that each cover provides a network of detection and/or protection that monitors,
detects, alerts, and terminates threats to the network.
Network security is the process of customizing the protection of your data and resources from
any risk of unauthorized access to your computer network infrastructure. It uses software and
hardware technologies to find the best solution for network protection.
Network security is a wide term that covers many technologies, tools, and processes. Simply put,
it is a set of guidelines and arrangements planned to protect the reliability, confidentiality, and
accessibility of computer networks and data using software and hardware technologies. Every
organization, regardless of size, industry, or infrastructure, needs network security solutions to
protect it from the ever-increasing cyber threats in the wild. [4] [5].
Confidentiality
Integrity
Availability
5|Page
Figure 2. 1 CIA Triad
Confidentiality
Confidentiality is the principle and practice of confidentiality unless the owner or custodian of
the information gives permission to share it with another person. Confidentiality is sometimes
called confidentiality or privacy.
Examples of privacy threats are malware, hackers, social engineering, unsecured networks, and
so on.
Integrity
It stays the ability to confirm that the system and the data are not hacked. It keeps not only the
information but also the operating systems, applications, and hardware from unauthorized
individuals. In this context, modifications include writing, modifying, changing, deleting, and
creating. In information security, contextual fidelity refers not only to the accuracy of the
information but also to the authenticity of the source. There are two broad methods for accuracy,
defense and detection. Defensive measures are access controls that prevent unauthorized
information changes and are designed to identify detection methods that fail when unauthorized
modifications are made.
Availability
Is promises that methods, applications and data are available to customers whenever they
need them. Simply put, computer-based services are the last resort [5]. The authorized person
must not be denied access to his / her property, or have legitimate access needs. For example, a
security system can protect everyone from reading something and keep it completely
confidential. Even though this method does not happen the requirements for right access. With a
6|Page
CIA Triad base, the security program must begin with the right policies and gather input from all
senior members of the organization. [20] 17 Other S
Such attacks may end result in the revelation of personal information without the user's
knowledge. these attacks are difficult to classify because of data injury and no transformation.
Therefore, there are various encryption techniques to prevent these kinds of attacks rather than
inventing techniques to detect them. [5]
7|Page
.5.3. Other Security attacks
Various attacks have been listed by [1] in their paper which includes e-mail containing virus,
network virus, web-based virus, attack on the server, service rejection attacks, and network user
attacks. The main problem with IT infrastructure is the vulnerability of computer networks and
similar problems are mainly caused by the implementation and design of information systems,
including security processes and monitoring. Another kind of security threat named insider
attack which is being mentioned by [1] [2] is capable of causing irreparable damage to the
activities and reputation of the organization.
Some of these attacks are listed below [2] [1]
A. Hijack
This is a kind of an attack in which the hacker intercepts or takes over a session between the user
and another system and finally disconnects the latter from the communication. The user remains
under the impression that the system is still connected and may send sensitive and confidential
information to the hacker by accident [2].
Viruses are programs that are written in order to alter the working of the victim's computer
without its permission and authorization [15]. A virus can enter an organization's system in three
ways. Firstly, E-mail containing viruses, which can infect the system's email and spread
throughout the organization. Second, network viruses can invade the system through unprotected
ports and can damage the entire network. Thirdly, web-based viruses that infect the system visit
their website and damage other internal network systems [5].
C. Close in attacks/Social Engineering
Known as bugs in the human hardware [2], these attacks involve physical interaction with the
network, systems, and components for getting unauthorized access to the information. The
perpetrators are communicating with the victims via email, messages, social media, or phone and
trick the latter to reveal personal information regarding the security of the system The attackers
try to exploit the emotional response of the victim who falls for their trust revealing to them their
username, passwords, and email address this kind of attacks also take around 9 to 10 days for
getting resolved [2].
D. Phishing attacks
These kinds of attackers pretend to be trustworthy persons with an intention to capture sensitive
information through fraud email and messages [3]. They often try to trick users into creating a
8|Page
fake website, such as SBI Bank or PayPal, register their personal data, including their username
and password, by clicking the link. [2] It takes 9 to 10 days for such attacks to resolve.
It is a network monitoring tool or software application that monitors any malicious activity and
policy abortions and notifies the administrator of any immediate intervention. They are a set of
programs, which help to identify interference and prevent system damage.
The Anomaly Intrusion Detection system includes the creation of independent networks and
forecasting patterns, misuse or signature-based identification of state transfer tables, pattern
9|Page
matching, genetic algorithms, blurred logic, immune systems, and the BJP method decision tree
[17] It includes. These systems can be host-based ID. The system matches the traffic with the
attack pattern and if the match is detected it gives the alarm to the administrator. However, the
attacker may be clever enough to change the signature of the malicious traffic, which the IDS fail
to detect [5] [1].
B. Antivirus Systems
is a program or collection designed to protect, detect, detect and remove software viruses and
other malicious software such as worms, Trojans, adware, and others. The antivirus system
should be kept updated with the latest updates so that it would be easy for it to scan the latest
virus signatures. Sometimes an antivirus system is not able to detect the infected file if it is
encrypted or zipped. [2]
C. Firewalls
A firewall can be defined as a device, which may be a computer or router acting between the
internet and the organization network. The firewall only transmits those packets to the
enterprise's internal network, enabling secure data packets configured by the firewall
administrator and filtering other packets.
network
transport, and
application layers.
proxy firewall work on the application layer
The firewall checks the traffic according to the specific rules it has been configured for but there
may be chances when the attacker can portray the harmful data to have perimeters that the
firewall finds safe to be transmitted through it. [1]
10 | P a g e
security checking.
Nessus is the best network vulnerability scanner available.
Wireless Shark or Ethereum is an analyst for UNIX and Windows Open Source Network
Protocol.
a lightweight network intervention detection and advanced security system that goes
beyond traffic analysis and packaging.
Logging on IP networks.
is a simple utility that reads and writes information on TCP or UDP network connection?
Kismet is a powerful wireless sniffer.
11 | P a g e
3. Network threats, attacks and security measures: a review: International Journal of
Advanced Research in Computer Science: Ruzaina Khan Mohammad Hasan September-
October (2017)
This literature review is also discussing the network security Issues such as network attacks,
threats, and security measures. In addition, this research paper largely supports or parallel goes
with our research to do so this research literature review work.
The study also concluded that globally expanding information networks are vulnerable to
accidents and attacks from malicious sources, making challenging challenges in business and
creating gaps in research for scholars. Researching and developing countermeasures is a dire
need for organizations to protect their sensitive data from being infected by unauthorized
sources. Network security has now become an integral part of an organization's confidentiality as
it prevents unauthorized users from accessing the network systems, ensures safe transferring of
sensitive data, and provides a robust system of warning against alarm and fixing issues in case of
a security breach. This study provides a description of various kinds of threats and attacks on
network systems and the common counter-measures to mitigate the situation. Further studies can
be conducted on organizations mapping the degree of damage they receive because of becoming
victims of such attacks. Case studies on network organizations can also be conducted to
understand the grey areas of networking security and aspects, which need to be addressed.
12 | P a g e
Conceptual Framework
Network security
Mechanisms
mechansms
• Fire walls
•
Anti-viruses •
• Intrusion detection •
Systems •
systems
network security
policy NS Security
• Availability of policy Effectiveness
• Clarity of policy • Preventive
• Communication • Deterrent
13 | P a g e
The knowledge gap refers to the diversity of information and tools available to the poor and the
creation, acquisition, and promotion of innovation in developing countries.
Knowledge gaps need to be explored in order to accurately plan workplace planning. Knowledge
breaks can often overlay the needs of the region.
Municipalities sometimes lack contact with participants who want to participate in the process
and do not know how to communicate them and how to proceed.
CHAPTER THREE
. RESEARCH METHODOLOGY
.1. Introduction
This chapter presents a method of data collection. Includes research plan, target population,
model design, data gathering, data investigation, and moral issues. The study reviews security
issues and solutions in WKU NETWORK and provides a comprehensive approach to evaluating
network security effectiveness in universities.
14 | P a g e
This design allows us to obtain the required information, and the purpose of this study is to
suggest an appropriate evaluation method for evaluating, understanding and understanding the
security issues and solutions within the WKU network and for evaluating future assessments,
Network security effectiveness.
.
When looking for the causes and effects of a numerical approach, a quality approach requires
definitions and understandings. In this study, we used a mixed method, to assess the
effectiveness of network security, assess conditions, and how they can affect the effectiveness of
the target organization. This includes using factual information and interpreting the information
and insights of the interviewed staff.
.2.1. Target population
A population is defined as a set of individual factors or a set of common observational
characteristics that the researcher seeks to summarize.
In this study, we aim to evaluate security issues and solutions within the WKU network. The
university is enclosing of Colleges and Departments, and Faculties. Wolkite University has
received IT in most of its activities. The researcher targeted users of the Wolkite University data
center and network security staff at the WKU Data Center, Also beneficiaries from all colleges
and departments of Wolkite University.
.2.2. Sample size and sampling procedures
The sample design is a distinct plan to obtain samples from the particular population. It refers to
the technique or technique used by the researcher in selecting materials for the sample.
This study uses an objective model. In this type of sample, the researcher purposely selects the
sample material; the choice of items remains dominant. Included in this study are all Wolkite
University Information Center and Network Security staff working at WKU Data Center and
users from all Wolkite University colleges and administration departments.
15 | P a g e
Windows 10 operating system.
Microsoft Office Terms 2016 ፡ Closing - To record the corresponding offer related to the
proposal.
.3.1. Data collection Methods
The study used primary data gathered from surveys, explanations, previous studies and analyzes.
Used for data collection, survey, literature review, and analysis for the seven research questions.
Survey queries floated to respondents.
The existing study is suitable using the following tools.
Questionnaire: Prepare some questions related to our study and distribute them to the selected
student. Therefore, this study collects the essential information from the sample with the aid of
the questionnaire. The questions are related to network security issues and solutions at Wolkite
University.
Interview - Gather the necessary information verbally with the sample team or staff to achieve
the goals of the current study. By asking the respondent and the respondent the necessary
questions outside of us or the researcher's influence. For important information for research
problem.
Observation: Today we look at the network security issues encountered at the Wolkite
University Network, as well as in various network service infrastructures.
.3.2. Validity and reliability of the instrument
The accuracy and reliability of data collection tools are being challenged by the accuracy and
reliability of the system. Volume measurements must encounter the accuracy, reliability, and
applicability tests of this research.
.3.2.1. Validity of the instrument
Accuracy is a measure of fairness and accuracy. According to the results of the research, the
accuracy and usefulness of the references is high. Data collection techniques should not only be
related to research questions but also provide accurate information.
To verify the accuracy of the questionnaire, we provided information and recommendations to
staff, technical staff at the University of Wolkite University ICT Center. Sample is intended to
increase standard accuracy for users who connect daily to the network systems created at
Wolkite University.
Evaluating relevant publications and consulting with ICT experts has helped select the right
applicants and then prepare the right questions.
.3.2.2. Reliability of the instruments
Reliability is a constant test of the use of the same device. A research tool is a measure of the
degree to which it produces consistent results or information after repeated attempts.
16 | P a g e
In this study, we took standard measures to ensure that the interviewees were free from external
influences such as interviewer fatigue, interview fatigue, interviewer bias, and so on. We also
expected the reliability of the tools used to define consistency. The study used a test method for
reliability, and the questionnaire was first presented to the five (5) respondents by ICT staff at
the main campus for the same sample and resubmitted fourteen days later. The results of the two
tests are related to a correlation of 0.78, indicating a strong positive correlation between the two
results and a high degree of instrumentation.
.3.2.3. Ethical considerations
Participants are informed of the purpose of the study before the information is sought from them,
based on voluntary and informed consent. With the permission of Wolkite University, we have
access to WKU's Head of Information Systems at WKU. Loyalty, trustworthiness and
confidentiality were highly protected during the study.
The first step is to change raw data into something meaningful and readable, consider data
preparation. It includes four steps:
The purpose of the verification of information is to gather as much information as possible and to
ensure that there is no bias. It is a four-step process.
17 | P a g e
To ensure that there are no such errors, the researcher must perform basic data analysis, verify
the accuracy of the results and correct the raw data, and classify facts of information that may
invalidate the results.
Data coding is the highest significant facts in data preparation. Responses from the survey
include grouping and classifying values.
Next is the numerical data analysis method, which is organized to analyze the data. The two most
common used Quantitative data analysis methods are descriptive statistics and inflation
statistics.
Descriptive statistics
Descriptive statistics is the major stage in the analysis. Helps researchers summarize data and
find patterns. Some common descriptive statistics
18 | P a g e
.4.2.Qualitative data
Quality information analysis is done in a slightly different way than numerical information
because quality information is primarily words, observations, images, and symbols. It is
impartial nearly difficult to get perfect meaning from such evidence. Therefore, it is mostly used
for research purposes. Although there is a clear difference between the data preparation and the
data analysis level in quantitative research, quality research analysis usually begins with the
provision of information.
Data analysis and data preparation are useful in alike and include the following steps.
Familiarity with the information: Since most quality information is only verbal, the researcher
needs to read the information over and over again to get acquainted with it and seek basic
observations or patterns. This includes copying the data.
By revising research objectives: here, the researcher evaluates research objectives and
identifies questions that can be answered with the information gathered.
Dividing diagrams and networks: After the information is recorded, the researcher can
identify topics, search for the most common answers to questions, identify information or
patterns that can answer research questions, and search for additional browsing sites.
19 | P a g e
Analyze the requirements 1 week
.7. Conclusion
As more WKUs build their own campus networks and the application of campus networks
expands, network security networks will inevitably run smoothly and improve their performance.
How to make WKU networks more efficient is an important issue. The article introduces and
analyzes many situations and possibilities that threaten the security of WKU networks and
provides advice on how to build WKU networks from management and techniques.
REFERENCES
20 | P a g e