Professional Documents
Culture Documents
Topologies
Star Topology
▪ Most popular physical LAN topologyis a network topology in which each network
component is physically connected to a central node such as a router, hub or switch.
Bus Topology
All the devices/nodes are connected sequentially to the same backbone or
transmission line. This is a simple, low-cost topology, but its single point of failure
presents a risk.
Ring Topology
All network devices are connected sequentially to a backbone as in bus topology
except that the backbone ends at the starting node, forming a ring. Ring topology
shares many of bus topology's disadvantages so its use is limited to networks that
demand high throughput.
Mesh Topology
The topology in each node is directly connected to some or all the other nodes
present in the network. This redundancy makes the network highly fault-tolerant but
the escalated costs may limit this topology to highly critical networks.
Tree Topology
A root node is connected to two or more sub-level nodes, which themselves are
connected hierarchically to sub-level nodes. Physically, the tree topology is similar to
bus and star topologies; the network backbone may have a bus topology, while the
low-level nodes connect using star topology.
+1. If a device fails or a cable is disconnected, the rest of the network is unaffected.
+2. Simple to add more devices to the network
+3. Better performance as the devices can transmit at once and there are fewer data
collisions
-1. Expensive as every device needs a cable to connect to the central switch or
server
-2. If there is a problem with the switch or server, the whole network is affected
Ad Hoc Network
- Temp network connection - Made for specific purpose
If network set up for longer PoT = LAN
A group of wireless computers sharing data directly with each other without the use
of a wireless access point such as a router
- scalable: devices - limited setup: - flexible:
A wireless ad hoc network (WANET) is a type of local area network (LAN) that is
built spontaneously to enable two or more wireless devices to be connected to each
other without requiring typical network infrastructure equipment, such as a wireless
router or access point.
In most cases, a PC, laptop or smartphone Wi-Fi interface is used to build an ad hoc
network (Figure 1). In other situations, devices such as wireless sensors are
designed to work primarily in an ad hoc mode.
Tethering
- Sharing wireless connectivity - By linking
- wireless-connected devices to unconnected devices
•Connects a device without a network connect to one with a network connection
•Transfers data to and from the network using the device tethered
•Connects a device to an internet connection using a mobile phone
•Can use a wired tether (usually USB) or wi-fi to create a hotspot
Wi-Fi
- Facility - Allows devices to connect to Internet/communicate w/each other
- Wirelessly w/in area
ZigBee
- Wireless tech - Use low-power digital radio signals for PAN - Used to create
networks need : - low data transfer rate/energy efficiency/secure networking
- Security systems - Heating/cooling control systems.
Advantages
• Easy To set up • Easy to monitor/ control home appliances from far
Disadvantages
• Short range • One place damage = all system damaged
cellular – Global System for Mobile (GSM) communications (3G/4G)
GSM stands for global system for Mobile Communication. It is a digital cellular
technology used for transmitting mobile voice and data
Infrared
Infrared wireless networking uses infrared beams to send data transmissions
between devices. As expected, infrared light beams cannot penetrate objects;
therefore, the signal is disrupted when something blocks the light.
Advantages
Simplcity Inexpensive Limited Interception Power Efficiency
Dis
Line of sight issue Short range Obstructions Security
Ethernet
Ethernet is the traditional technology for connecting devices in a wired local area
network (LAN) or wide area network (WAN). It enables devices to communicate with
each other via a protocol, which is a set of rules or common network language.
Advantages of Ethernet
relatively low cost; backward compatibility; generally resistant to noise;
good data transfer quality; speed; reliability; and
data security, as common firewalls can be used.
Disadvantages of Ethernet
intended for smaller, shorter distance networks; limited mobility; use of
longer cables can create crosstalk; doesn't work well with real-time or
interactive applications; speeds decrease with increased traffic;
receivers don't acknowledge the reception of data packets; and troubleshooting
is hard when trying to trace which specific cable or node is causing the issue.
2.1.3 Understand the features, functions, and use of network standards and
protocols:
Basic:
Protocol - A protocol is a set of rules for how devices communicate and how data is
transmitted across the network.
MAC - It is a unique identifier for every device on the network
What is an NIC and what is it used for?
NIC stands for network interface controller and it sends and receives signals on the
network using a protocol
Wireless access point - This is the point which a wireless enabled device connects
to a network
Switch - Switches connect devices on a LAN
A network switch is a device that forwards and filters OSI layer 2 datagrams (frames)
between ports based on the destination MAC address in each frame.[16] A switch is
distinct from a hub in that it only forwards the frames to the physical ports involved in
the communication rather than all ports connected. It can be thought of as a multi-
port bridge.[17] It learns to associate physical ports to MAC addresses by examining
the source addresses of received frames. If an unknown destination is targeted, the
switch broadcasts to all ports but the source. Switches normally have numerous
ports, facilitating a star topology for devices, and cascading additional switches.
Multi-layer switches are capable of routing based on layer 3 addressing or additional
logical levels. The term switch is often used loosely to include devices such as
routers and bridges, as well as devices that may distribute traffic based on load or
based on application content (e.g., a Web URL identifier).
Router - A router is responsible for transmitting data between networks
A router is an internetworking device that forwards packets between networks by
processing the routing information included in the packet or datagram (Internet
protocol information from layer 3). The routing information is often processed in
conjunction with the routing table (or forwarding table). A router uses its routing table
to determine where to forward packets. A destination in a routing table can include a
"null" interface, also known as the "black hole" interface because data can go into it,
however, no further processing is done for said data, i.e. the packets are dropped.
IP addresses - IP addresses are assigned manually (static) or automatically
(dynamic) to devices when sending data over a TCP/IP network
Error Rate
- Error # - Meet during data transmission
- Over communications/network connections
# errors
----------------
Total # bits sent
Packet Loss
- One/more data packets - Traveling across network
- Fail reach destination
the number of data packets that were successfully sent out from one point in a
network, but were dropped during data transmission and never reached their
destination.
Availability
- Overall "uptime" of system
Availability %
Uptime
-----------
Total Time
Total Time
Downtime + Uptime
Jitters
- Variance in time delay - Between data packets - Over network
jitter is a variation in delay. Otherwise known as a disruption that occurs while data
packets travel across the network.
If you’ve ever been talking to someone on a video call or other unified
communication system, and suddenly their voice speeds up significantly, then slows
down to catch up, or keeps fluctuating between the two - you have a jitter problem.
*Disruption in normal sequence of sending data packets*
Switch
• Used in larger networks • "Semi-intelligent" devices
- Learn which devices are on which connection
Example
62.102.245.31
Internet Protocal Version 4 (IPV4)
- 32 bit numeric - four # 0 – 255 - Separated by dotted decimal
- Most common
192.0.2.126
The Internet Protocol version 6 (IPv6) is more advanced and has better features
compared to IPv4. It has the capability to provide an infinite number of addresses. It
is replacing IPv4 to accommodate the growing number of networks worldwide and
help solve the IP address exhaustion problem.
Internet Protocal Version 6 (IPV6)
- eight 16-bit hexadecimal # - Separated by colon
- Built-in authentication/privacy support
FE80:CD00:0000:0CDE:1257:0000:211E:729C
Static IP Address
- Manually configured - Doesn't change
Dynamic IP Address
- Automatically assigned by DHCP - Changes w/connection to network
Difference between IPv4 and IPv6:
IPv6 is based on an alphanumeric addressing method, while IPv4 is only numeric.
IPv6 binary bits are separated by a colon, while IPv4 binary bits are separated by a
period.
IP security is required by IPv6, while it is optional in IPv4.
IPv6 uses an IP security (IPSec) protocol, while IPv4 relies on applications.
Networks can be automatically configured with IPv6, while IPv4 networks have to be
configured either manually or through Dynamic Host Configuration Protocol (DHCP).
Dynamic Host Configuration Protocol (DHCP)
- Give quick/automatic/central management - For IP address distribution
- W/in networks
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that
automatically provides an Internet Protocol (IP) host with its IP address and other
related configuration information such as the subnet mask and default gateway.
Integrity
• Maintaining/assuring accuracy/consistency of data
• Make sure data reliable/not changed
Availability
• Make sure data/network resources/services continuously available to legit users
when need
Threats:
Malware
Malware is malicious software such as spyware, ransomware, viruses and worms.
Malware is activated when a user clicks on a malicious link or attachment, which
leads to installing dangerous software. Cisco reports that malware, once activated,
can:
Block access to key network components (ransomware)
Install additional harmful software
Covertly obtain information by transmitting data from the hard drive (spyware)
Disrupt individual parts, making the system inoperable
Spyware is software that allows attackers to obtain information about your computer
activities by transmitting data covertly from your hard drive.
Ransomware is designed to encrypt files on a device, rendering any files (and the
systems that rely on them) unusable. Usually, malicious actors demand a cash
ransom in exchange for decryption.
Trojans are malware or code that acts as a legitimate application or file to trick you
into loading and executing the malware on your device. A trojan’s goal is to damage
or steal your organization’s data or inflict some other harm on your network.
A computer virus is a malicious piece of computer code designed to spread from
device to device. These self-copying threats are usually intended to damage a
machine or steal data.
Worms are malware that spreads copies of themselves from computer to computer
without human interaction and do not need to attach themselves to a software
program to cause damage.
Phishing and Spear Phishing
Phishing is a type of social engineering that attempts to trick users into giving up
sensitive data such as usernames and passwords, bank account information, Social
Security numbers, and credit card data.
Spear phishing is a more sophisticated form of phishing attack, where cybercriminals
target only privileged users such as system administrators and C-suite executives.
The attackers might use details from a person’s social media accounts to seem even
more legitimate to the target.
Spotting:
The message uses subdomains, misspelled URLs (typosquatting) or otherwise
suspicious URLs.
The recipient uses a Gmail or other public email address rather than a corporate
email address.
The message is written to invoke fear or a sense of urgency.
The message includes a request to verify personal information, such as financial
details or a password.
The message is poorly written and has spelling and grammatical errors.
Prevent
Antivirus software;
Both desktop and network firewalls;
Antispyware software;
Antiphishing toolbar (installed in web browsers);
Gateway email filter;
Web security gateway;
A spam filter; and
Pharming
With this type of online fraud, a cybercriminal installs malicious code on a computer
or server that automatically directs the user to a fake website, where the user may
be tricked into providing personal information.
Prevent
Keep computers updated. Keeping a computer's operating system (OS) and other
software updated is important for protecting against pharming because the latest
software patches fix the vulnerabilities that hackers use to attack computers.
Clear browser cache
Download antivirus and antimalware software
Use a virtual private network (VPN).
Use bookmarks. Bookmarking frequently accessed sites and not clicking on links in
emails or on social networking sites will reduce the chance of pharming.
Unauthorized access
Unauthorized access is when a person gains entry to a computer network, system,
application software, data, or other resources without permission.
Prevent
use a (strong) password (1)
use a password manager (1)
keep their password securely/secret (1)
use two-factor authentication (1)
log off after visiting (when using public computer) (1)
For Community:
encrypt the data/files (1) and use secure sockets layer (SSL) /encrypt the link to the
(users) browser / so that hackers can’t decode the data (1)
install/use a (web application) firewall (1) to protect the data/files/application
server /prevent external/internet attacks (1)
use a Turing test/method of detecting bots (1) to recognise/reject
non-human/automated input (1)
two-factor authentication/biometrics could be used (1) to ensure that only authorised
users can access the data/files (1)
prevent SQL injection (1) by formatting/checking input fields / checking for
unexpected/malicious input (1)
Insider Attack
An insider attack is a malicious attack perpetrated on a network or computer system
by a person with authorized system access.
Insiders that perform attacks have a distinct advantage over external attackers
because they have authorized system access and also may be familiar with network
architecture and system policies/procedures. In addition, there may be less security
against insider attacks because many organizations focus on protection from
external attacks.
Distributed Denial of Service (DDoS)
A DDoS attack aims to take down a company’s website by overwhelming its servers
with requests. It’s analogous to calling a company’s phone number constantly, so
that legitimate callers only get a busy signal and never get through.
DDoS, multiple source.
In this attack, requests come from hundreds or thousands of IP addresses that have
probably also been compromised and tricked into continuously requesting a
company’s website.
A DDoS attack can overload your servers, slowing them down significantly or
temporarily taking them offline. These shutdowns prevent customers from accessing
your website and completing orders.
Prevent
Monitoring your traffic to look for abnormalities, including unexplained traffic spikes
and visits from suspect IP address and geolocations. All of these could be signs of
attackers performing “dry runs” to test your defenses before committing to a full-
fledged attack. Recognizing these for what they are can help you prepare for the
onslaught to follow.
Keep an eye on social media (particularly Twitter) and public waste bins (e.g.,
Pastebin.com) for threats, conversations and boasts that may hint on an incoming
attack.
Consider using third-party DDoS testing (i.e., pen testing) to simulate an attack
against your IT infrastructure so you can be prepared when the moment of truth
arrives. When you undertake this, test against a wide variety of attacks, not just
those with which you are familiar with.
Create a response plan and a rapid response team, meaning a designated group of
people whose job is to minimize the impact of an assault. When you plan, put in
place procedures for your customer support and communication teams, not just for
your IT professionals.
Ransomware
Ransomware is a subset of malware in which the data on a victim's computer is
locked -- typically by encryption -- and payment is demanded before the ransomed
data is decrypted and access is returned to the victim. The motive for ransomware
attacks is usually monetary, and unlike other types of attacks, the victim is usually
notified that an exploit has occurred and is given instructions for how to recover from
the attack. Payment is often demanded in a virtual currency, such as bitcoin, so that
the cybercriminal's identity is not known.
Prevent
Back up computing devices regularly.
Update software, including antivirus software.
Have end users avoid clicking on links in emails or opening email attachments from
strangers.
Avoid paying ransoms.
Avoid giving out personal information.
Do not use unknown USB sticks.
Only use known download sources.
Personalize antispam settings.
Monitor the network for suspicious activity.
Use a segmented network.
Adjust security software to scan compressed and archived files.
Disable the web after spotting a suspicious process on a computer.
Exam Type
Describe what is meant by personal data.
Award one mark for each point to a maximum of two marks for a linked description:
• information/data that relates to an individual/person (1)
• unique to person/would allow them to be identified (1)
• by several separate items of information being combined (1)
2.3.2 Understand how to secure a network using both hardware and software:
Firewall:
• Define
- Hardware/software - Positioned at network perimeter
- Act as gatekeep for incoming/outgoing traffic
A firewall is software or firmware that prevents unauthorized access to a network. It
inspects incoming and outgoing traffic using a set of rules to identify and block
threats.
• Purpose
- Keep uninvited guests - From browsing network
• Mechanisms use
Packet Filtering
- Intercepts network traffic - Evaluates against your rules
Circuit-Level Gateway
- Blocks incoming traffic - To any host but self
- Internally clients need run software to connect w/CLG
Proxy Server
- Boost network performance - Hide internal addresses
Application Gateway
- Another proxy server - Determines if connection allowed/not
Security Settings
• Password based authentication
- Non-trivial - Updated frequently
• Disable file/media sharing
- If not needed
Anti-Malware
Malware
Define
- Any software designed w/malicious intent
Types
• Virus - Infects files
• Spyware - Collects personal info
• Worm - Replicate self across network
• Trojan horse - Looks/operates like legit prog
• Browser hijacker - Modifies web browser
• Rootkit - Gains admin rights for malicious intent
• Malvertising - Use legit online ad to spread malicious software
Anti-Malware
Define
- Prog prevent/detect/remove malware
Antimalware is a type of software program created to protect information technology
(IT) systems and individual computers from malicious software, or malware.
Antimalware programs scan a computer system to prevent, detect and remove
malware.
Types
• Firewall
• Parental controls - Restrict what content accessed
• Anti-spam
• Phishing email protection
• Browser security
User Controls/Access Rights
User Control
- Stop specified applications from starting - Block access to blacklisted
websites - Stop access to OS components
User Access
- Permissions granted to user/app - Read/write/erase files in computer
Authentication Types
• Passwords
• Biometrics
• Two Factor
- Method
- User granted access only after successfully presenting two/more evidence to
authentication mechanism - Knowledge (only user knows)
- Possession (only user has)
Encryption Techniques
Define
- Process converting info into code - Prevent unauthorized access.
Encryption method - Uses keys
.•. Plaintext = Ciphertext (vise versa)
• Symmetric (secret key) - Same key for both encryption/decryption.
• Asymmetric (public key) - Different key for encryption/decryption
Physical Controls
Definition
- Controls protect physical environment
Types
• Locks
• Fire management
• Gates/guards
Exam Type:
Explain one way in which an operating system could manage security in the
school's network.
Award one mark for each point to a maximum of two marks for a linked explanation
such as:
OS runs/uses/has anti-malware (1) which prevents students loading malware/virus
(onto a PC) (1)
OS controls logins/user accounts (1) only allowing students to use their own account
(1)
OS controls file access (1) only allowing students to access approved files (1)
OS controls file access (1) allows different rights to students and teachers (1)
OS has built in firewall (1) preventing unauthorised access from outside the
network/from the internet (1)
Explain one security risk, other than malware, to customer data stored online.
phishing/fraudulent emails/human fallibility/social engineering (1) allowing an
attacker to bypass security measures (1)
insider threat/disgruntled employee/accidental damage (1) damaging the data (1)
external attack/hacking (1) stealing/corrupting/encrypting the data / exploiting
vulnerability in firewall/OS/software (1)
Explain what measures could be taken to reduce the threat of hackers from the
internet.
Firewall, on router or a separate hardware.
• Check for open ports, with port scanner
• Close all ports except those needed for e.g. email, browser
• Keep firewall patched / up to date
Server / data stores.
• Encrypt data
• Set access levels, user rights, passwords on files
• Enforce strong passwords / two factor authentication
• Set up anti-malware, keep it updated
• Ensure OS, and other software is patched up to date
Other.
• Switch off internet access out of hours
• Train staff on security, e.g. avoiding phishing, mailworms, etc.
• Hire white hat/ethical hackers to probe the system for weak points
• Ensure router/modem password is changed from default to something more robust