COMPUTER NETWORKING

Computer networking refers to interconnected computing devices that can exchange data and share
resources with each other. These networked devices use a system of rules, called communications protocols,
to transmit information over physical or wireless technologies.

How does a computer network work?

Nodes and links are the basic building blocks in computer networking. A network node may be data
communication equipment (DCE) such as a modem, hub or, switch, or data terminal equipment (DTE) such as
two or more computers and printers. A link refers to the transmission media connecting two nodes. Links may
be physical, like cable wires or optical fibers, or free space used by wireless networks.

In a working computer network, nodes follow a set of rules or protocols that define how to send and receive
electronic data via the links. The computer network architecture defines the design of these physical and
logical components. It provides the specifications for the network’s physical components, functional
organization, protocols, and procedures.

What do computer networks do?

Computer networks were first created in the late 1950s for use in the military and defense. They were initially
used to transmit data over telephone lines and had limited commercial and scientific applications. With the
advent of internet technologies, a computer network has become indispensable for enterprises.

Modern-day network solutions deliver more than connectivity. They are critical for the digital transformation
and success of businesses today. Underlying network capabilities have become more programmable,
automated, and secure.

Modern computer networks can:

Operate virtually

The underlying physical network infrastructure can be logically partitioned to create multiple "overlay"
networks. In an overlay computer network, the nodes are virtually linked, and data can be transmitted between
them through multiple physical paths. For example, many enterprise networks are overlaid on the internet.

Integrate on a large scale

Modern networking services connect physically distributed computer networks. These services can optimize
network functions through automation and monitoring to create one large-scale, high-performance network.
Network services can be scaled up or down based on demand.

Respond quickly to changing conditions

Many computer networks are software-defined. Traffic can be routed and controlled centrally using a digital
interface. These computer networks support virtual traffic management.

Provide data security

All networking solutions come with in-built security features like encryption and access control. Third-party
solutions like antivirus software, firewalls, and antimalware can be integrated to make the network more
secure.

What are the types of computer network architecture?

Computer network design falls under two broad categories:

1. Client-server architecture

In this type of computer network, nodes may be servers or clients. Server nodes provide resources like
memory, processing power, or data to client nodes. Server nodes may also manage client node behavior.
Clients may communicate with each other, but they do not share resources. For example, some computer
devices in enterprise networks store data and configuration settings. These devices are the servers in the
network. Clients may access this data by making a request to the server machine.

2. Peer-to-peer architecture

In Peer-to-Peer (P2P) architecture, connected computers have equal powers and privileges. There is no central
server for coordination. Each device in the computer network can act as either client or server. Each peer may
share some of its resources, like memory and processing power, with the entire computer network. For
example, some companies use P2P architecture to host memory-consuming applications, such as 3-D graphic
rendering, across multiple digital devices.

What is network topology?

The arrangement of nodes and links is called network topology. They can be configured in different ways to
get different outcomes. Some types of network topologies are:

Bus topology

Each node is linked to one other node only. Data transmission over the network connections occurs in one
direction.

Ring topology

Each node is linked to two other nodes, forming a ring. Data can flow bi-directionally. However,single node
failure can bring down the entire network.

Star topology

A central server node is linked to multiple client network devices. This topology performs better as data
doesn’t have to go through each node. It is also more reliable.

Mesh topology

Every node is connected to many other nodes. In a full mesh topology, every node is connected to every other
node in the network.

What are the types of enterprise computer networks?

Depending on the organization's size and requirements, there are three common types of enterprise private
networks:

Local area network (LAN)

A LAN is an interconnected system limited in size and geography. It typically connects computers and
devices within a single office or building. It is used by small companies or as a test network for small-scale
prototyping.

Wide area networks (WAN)

An enterprise network spanning buildings, cities, and even countries, is called a wide area network (WAN).
While local area networks are used to transmit data at higher speeds within close proximity, WANs are set up
for long-distance communication that is secure and dependable.

SD-WAN or software-defined WAN is virtual WAN architecture controlled by software technologies. An

SD-WAN offers more flexible and dependable connectivity services that can be controlled at the application
level without sacrificing security and quality of service.

Service provider networks

Service provider networks allow customers to lease network capacity and functionality from the provider.
Network service providers may consist of telecommunications companies, data carriers, wireless
communications providers, Internet service providers, and cable television operators offering high-speed
Internet access.

Cloud networks

Conceptually, a cloud network can be seen as a WAN with its infrastructure delivered by a cloud-based
service. Some or all of an organization’s network capabilities and resources are hosted in a public or private
cloud platform and made available on demand. These network resources can include virtual routers, firewalls,
bandwidth, and network management software,with other tools and functions available as required.

Businesses today use cloud networks to accelerate time-to-market, increase scale, and manage costs
effectively. The cloud network model has become the standard approach for building and delivering
applications for modern enterprises.

NETWORK (CYBER) THREATS AND ATTACKS

Network Attacks and Network Security Threats

Your enterprise network is large and complex, and probably relies on numerous connected endpoints. While
this is good for your business operations, and makes your workflow easier to maintain, it also presents a
challenge for security. The trouble is that the flexibility of movement within your network means that if a
malicious actor gains access to your network, they are free to move around and cause damage, often without
your knowledge. These network security threats leave your organization highly exposed to a data breach.
Read on to learn what constitutes a network attack and what you can do to contain threats to your network
security with a next-generation antivirus.

This is part of an extensive series of guides about cybersecurity.

What Is a Network Attack?

A network attack is an attempt to gain unauthorized access to an organization’s network, with the objective of
stealing data or perform other malicious activity. There are two main types of network attacks:

 Passive: Attackers gain access to a network and can monitor or steal sensitive information, but
without making any change to the data, leaving it intact.
 Active: Attackers not only gain unauthorized access but also modify data, either deleting, encrypting
or otherwise harming it.

We distinguish network attacks from several other types of attacks:

 Endpoint attacks—gaining unauthorized access to user devices, servers or other endpoints, typically
compromising them by infecting them with malware.
 Malware attacks—infecting IT resources with malware, allowing attackers to compromise systems,
steal data and do damage. These also include ransomware attacks.
 Vulnerabilities, exploits and attacks—exploiting vulnerabilities in software used in the organization,
to gain unauthorized access, compromise or sabotage systems.
 Advanced persistent threats—these are complex multilayered threats, which include network attacks
but also other attack types.

In a network attack, attackers are focused on penetrating the corporate network perimeter and gaining access
to internal systems. Very often, once inside attackers will combine other types of attacks, for example
compromising an endpoint, spreading malware or exploiting a vulnerability in a system within the network.

What are the Common Types of Network Attacks?

Following are common threat vectors attackers can use to penetrate your network.

1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving permission. Among the causes
of unauthorized access attacks are weak passwords, lacking protection against social engineering, previously
compromised accounts, and insider threats.

2. Distributed Denial of Service (DDoS) attacks

Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic at your
network or servers. DDoS can occur at the network level, for example by sending huge volumes of SYN/ACC
packets which can overwhelm a server, or at the application level, for example by performing complex SQL
queries that bring a database to its knees.

3. Man in the middle attacks

A man in the middle attack involves attackers intercepting traffic, either between your network and external
sites or within your network. If communication protocols are not secured or attackers find a way to
circumvent that security, they can steal data that is being transmitted, obtain user credentials and hijack their
sessions.

4. Code and SQL injection attacks

Many websites accept user inputs and fail to validate and sanitize those inputs. Attackers can then fill out a
form or make an API call, passing malicious code instead of the expected data values. The code is executed
on the server and allows attackers to compromise it.

5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand their reach. Horizontal
privilege escalation involves attackers gaining access to additional, adjacent systems, and vertical escalation
means attackers gain a higher level of privileges for the same systems.

6. Insider threats
A network is especially vulnerable to malicious insiders, who already have privileged access to organizational
systems. Insider threats can be difficult to detect and protect against, because insiders do not need to penetrate
the network in order to do harm. New technologies like User and Even Behavioral Analytics (UEBA) can
help identify suspicious or anomalous behavior by internal users, which can help identify insider attacks.

Network Protection Best Practices

Segregate Your Network

A basic part of avoiding network security threats is dividing a network into zones based on security
requirements. This can be done using subnets within the same network, or by creating Virtual Local Area
Networks (VLANs), each of which behaves like a complete separate network. Segmentation limits the
potential impact of an attack to one zone, and requires attackers to take special measures to penetrate and gain
access to other network zones.

Regulate Access to the Internet via Proxy Server

Do not allow network users to access the Internet unchecked. Pass all requests through a transparent proxy,
and use it to control and monitor user behavior. Ensure that outbound connections are actually performed by a
human and not a bot or other automated mechanism. Whitelist domains to ensure corporate users can only
access websites you have explicitly approved.
Place Security Devices Correctly
Place a firewall at every junction of network zones, not just at the network edge. If you can’t deploy full-
fledged firewalls everywhere, use the built-in firewall functionality of your switches and routers. Deploy anti-
DDoS devices or cloud services at the network edge. Carefully consider where to place strategic devices like
load balancers – if they are outside the Demilitarized Zone (DMZ), they won’t be protected by your network
security apparatus.

Use Network Address Translation

Network Address Translation (NAT) lets you translate internal IP addresses into addresses accessible on
public networks. You can use it to connect multiple computers to the Internet using a single IP address. This
provides an extra layer of security, because any inbound or outgoing traffic has to go through a NAT device,
and there are fewer IP addresses which makes it difficult for attackers to understand which host they are
connecting to.

Monitor Network Traffic

Ensure you have complete visibility of incoming, outgoing and internal network traffic, with the ability to
automatically detect threats, and understand their context and impact. Combine data from different security
tools to get a clear picture of what is happening on the network, recognizing that many attacks span multiple
IT systems, user accounts and threat vectors.

Achieving this level of visibility can be difficult with traditional security tools. Cynet 360 is an integrated
security solution offering advanced network analytics, which continuously monitors network traffic,
automatically detect malicious activity, and either respond to it automatically or pass context-rich information
to security staff.

Use Deception Technology

No network protection measures are 100% successful, and attackers will eventually succeed in penetrating
your network. Recognize this and place deception technology in place, which creates decoys across your
network, tempting attackers to “attack” them, and letting you observe their plans and techniques. You can use
decoys to detect threats in all stages of the attack lifecycle: data files, credentials and network connections.

Cynet 360 is an integrated security solution with built-in deception technology, which provides both off-the-
shelf decoy files and the ability to create decoys to meet your specific security needs. , while taking into
account your environment’s security needs.

Network Attacks Detection and Protection with Cynet 360

Cynet 360 is a holistic security solution that protects against threats across the entire network. Cynet uses
intelligent technologies to help detect network security threats, correlating data from endpoints, network
analytics and behavioral analytics to present findings with near-zero false positives.

Cynet’s features include:

 Blocking suspicious behavior—Cynet monitors endpoints to identify behavioral patterns that may
indicate an exploit. This means that even if credentials are breached, the threat actor’s ability to use
them will be limited.
 Blocking malware—Cynet’s multi-layered malware protection includes sandboxing, process behavior
monitoring and ML-based static analysis, as well as fuzzy hashing and threat intelligence. This ensures
that even if malware has infected the network, Cynet will prevent it from running.
 UBA—Cynet updates a behavioral baseline based on continued, real-time analysis of user behavior on
endpoints, and provides alerts when it identifies a behavioral anomaly. This anomaly may indicate a
compromised user account or an unauthorized action by a user.
 Deception—Cynet allows you to plant decoy tokens, such as data files, passwords, network shares,
RDP and others, on assets within the protected network. Cynet’s decoys lure sophisticated attackers,
tricking them into revealing their presence.
 Uncover hidden threats—Cynet thinks like an adversary to uncover threats such as APTs, identifying
indicators of compromise and anomalous behavior across endpoints, users, files, and networks. This
provides a holistic account of the attack process and helps identify vulnerable points.

NETWORK SECURITY INFRASTRUCTURE

What is Network Infrastructure Security?
Network Infrastructure Security, typically applied to enterprise IT environments, is a process of protecting
the underlying networking infrastructure by installing preventative measures to deny unauthorized access,
modification, deletion, and theft of resources and data. These security measures can include access
control, application security, firewalls, virtual private networks (VPN), behavioral analytics, intrusion
prevention systems, and wireless security.

How does Network Infrastructure Security work?

Network Infrastructure Security requires a holistic approach to ongoing processes and practices to ensure that
the underlying infrastructure remains protected. The Cybersecurity and Infrastructure Security Agency
(CISA) recommends considering several approaches when addressing what methods to implement.

 Segment and segregate networks and functions - Particular attention should be paid to the
overall infrastructure layout. Proper segmentation and segregation is an effective security
mechanisms to limit potential intruder exploits from propagating into other parts of the internal
network. Using hardware such as routers can separate networks creating boundaries that filter
broadcast traffic. These micro-segments can then further restrict traffic or even be shut down
when attacks are detected. Virtual separation is similar in design as physically separating a
network with routers but without the required hardware.
  Limit unnecessary lateral communications - Not to be overlooked is the peer-to-peer
communications within a network. Unfiltered communication between peers could allow
intruders to move about freely from computer to computer. This affords attackers the opportunity
to establish persistence in the target network by embedding backdoors or installing applications.
 Harden network devices - Hardening network devices is a primary way to enhance network
infrastructure security. It is advised to adhere to industry standards and best practices regarding
network encryption, available services, securing access, strong passwords, protecting routers,
restricting physical access, backing up configurations, and periodically testing security settings.
 Secure access to infrastructure devices - Administrative privileges are granted to allow certain
trusted users access to resources. To ensure the authenticity of the users by implementing multi-
factor authentication (MFA), managing privileged access, and managing administrative
credentials. 
 Perform out-of-band (OoB) network management - OoB management implements dedicated
communications paths to manage network devices remotely. This strengthens network security by
separating user traffic from management traffic.
 Validate integrity of hardware and software - Gray market products threaten IT infrastructure
by allowing a vector for an attack into a network. Illegitimate products can be pre-loaded with
malicious software waiting to be introduced into an unsuspecting network. Organizations should
regularly perform integrity checks on their devices and software.
Why is Network Infrastructure Security important?

The greatest threat to network infrastructure security is from hackers and malicious applications that attack
and attempt to gain control over the routing infrastructure. Network infrastructure components include all the
devices needed for network communications, including routers, firewalls, switches, servers, load-balancers,
intrusion detection systems (IDS), domain name systems (DNS), and storage systems. Each of these systems
presents an entry point to hackers who want to place malicious software on target networks.

 Gateway Risk: Hackers who gain access to a gateway router can monitor, modify, and deny
traffic in and out of the network.
 Infiltration Risk: Gaining more control from the internal routing and switching devices, a hacker
can monitor, modify, and deny traffic between key hosts inside the network and exploit the trusted
relationships between internal hosts to move laterally to other hosts.
Although there is any number of damaging attacks that hackers can inflict on a network, securing and
defending the routing infrastructure should be of primary importance in preventing deep system infiltration.
What are the benefits of Network Infrastructure Security?

Network infrastructure security, when implemented well, provides several key benefits to a business’s
network.

 Improved resource sharing saves on costs: Due to protection, resources on the network can be
utilized by multiple users without threat, ultimately reducing the cost of operations.
  Shared site licenses: Security ensures that site licenses would be cheaper than licensing every
machine.
 File sharing improves productivity: Users can securely share files across the internal network.
 Internal communications are secure: Internal email and chat systems will be protected from
prying eyes.
 Compartmentalization and secure files: User files and data are now protected from each other,
compared with using machines that multiple users share.
 Data protection: Data backup to local servers is simple and secure, protecting vital intellectual
property.
What are the different types of Network Infrastructure Security?

A variety of approaches to network infrastructure security exist, it is best to adhere to multiple approaches to
broaden network defense.

 Access Control: The prevention of unauthorized users and devices from accessing the network.
 Application Security: Security measures are placed on hardware and software to lock down
potential vulnerabilities.
 Firewalls: Gatekeeping devices that can allow or prevent specific traffic from entering or leaving
the network.
 Virtual Private Networks (VPN): VPNs encrypt connections between endpoints creating a
secure “tunnel” of communications over the internet.
 Behavioral Analytics: These tools automatically detect network activity that deviates from usual
activities.
 Wireless Security: Wireless networks are less secure than hardwired networks, and with the
proliferation of new mobile devices and apps, there are ever-increasing vectors for network
infiltration.