NETWORK ACCESS

An access network is a user network that connects subscribers to a particular service provider
and, through the carrier network, to other networks such as the Internet.

Some types of access networks:

 Ethernet is the most commonly installed wired LAN (local area network) technology.
Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires.
 Wireless LANs allow mobile users to connect through a wireless (radio) connection.
 Fibre optic networks such as fiber to the home (FTTH) use optical fiber from a
central point directly to individual buildings such as residences, apartment buildings
and businesses.
 ADSL (Asymmetric Digital Subscriber Line) is a technology for
transmitting digital information at a high bandwidth on existing phone lines to homes
and businesses.

PYSICAL LAYER CONNECTIONS

-Before network communications can occur, a physical connection to a local network must
be established.

-A physical connection can be a wired connection using a cable or a wireless connection using
radio waves.
NETWORK INTERFACE CARD
-Network Interface Cards (NICs) connect a device to a network.

-Used for a wired connection.

.Wireless Local Area Network (WLAN) NICs are used for wireless connections.
Purpose of the Physical Layer
•Provides the means to transport the bits that make up a data link layer frame across the network
media.
•Accepts a complete frame from the data link layer and encodes it as a series of signals that are
transmitted onto the local media.
•Encoded bits that comprise a frame are received by either an end device or an intermediate
device.
NETWORK MEDIA
●COPPER CABLING
CHARACTERISTICS OF COPPER MEDIA
-Transmitted on copper cables as electrical pulses.

Attenuation - the longer the signal travels, the more it deteriorates.

-All copper media must follow strict distance limitations.

-Electromagnetic interference (EMI) or radio frequency interference (RFI) - distorts and corrupts
the data signals being carried by copper media.
-To counter copper cables wrapped in shielding.
-Crosstalk - disturbance caused by the electric or magnetic fields of a signal on one wire to the
signal in an adjacent wire.
-To cancel crosstalk opposing circuit wire pairs twisted together
●UTP CABLING
PROPERTIES OF UTP CABLING
-Consists of four pairs of color-coded copper wires that have been twisted together and then
encased in a flexible plastic sheath.

-Small size can be advantageous during installation.

-UTP cable does not use shielding to counter the effects of EMI and RFI.
•Cancellation: When two wires in an electrical circuit are placed close together, their magnetic
fields are the exact opposite of each other and cancel out any outside EMI and RFI signals.
•Varies the number of twists per wire pair to further enhance the cancellation effect of a paired
circuit
FIBER OPTIC CABLING
PROPERTIES OF FIBER OPTIC CABLING.

-Transmits data over longer distances and at higher bandwidths.

-Transmit signals with less attenuation and is completely immune to EMI and RFI.

-Used to interconnect network devices.

-Flexible, but extremely thin, transparent strand of very pure glass, not much bigger than a
human hair.

-Bits are encoded

-Fibre-optic cabling is now being used in four types of industry:

▪︎Enterprise Networks
▪︎Fibre-to-the-Home (FTTH)
▪︎Long-Haul Networks
▪︎Submarine Cable Networks
WIRELESS MEDIA
PROPERTIES OF WIRELESS MEDIA
-Wireless media carry electromagnetic signals that represent the binary digits of data
communications using radio or microwave frequencies.

Wireless areas of concern:

Coverage area: Construction materials used in buildings and structures, and the local terrain,
will limit the coverage.
Interference: Disrupted by such common devices as fluorescent lights, microwave ovens, and
other wireless communications.
Security: Devices and users, not authorized for access to the network, can gain access to the
transmission.
Shared medium: Only one device can send or receive at a time and the wireless medium is
shared amongst all wireless

Types of Wireless Media

Wi-Fi: Standard IEEE 802.11
Uses Carrier/Sense Multiple Access/Collision Avoidance (CSMA/CA).
Wireless NIC must wait till channel is clear.
Bluetooth: Standard IEEE 802.15
Wireless Personal Area Network (WPAN)
Uses a device pairing process for distances 1 to 100 meters
WiMAX: Standard IEEE 802.16
Worldwide Interoperability for Microwave Access
Wireless broadband access

WIRELESS LAN
Wireless LAN requires the following network devices:
•Wireless Access Point (AP): Concentrates the wireless signals from users and connects to the
existing copper-based network infrastructure, such as Ethernet.
•Wireless NIC adapters: Provide wireless communication capability to each network host.
Home and small business wireless routers integrate the functions of a router, switch, and access
point into one device6
What is network access control (NAC)
Network access control, also called network admission control, is a method to bolster the
security, visibility and access management of a proprietary network.

It restricts the availability of network resources to endpoint devices and users that comply with a
defined security policy.
The NAC can also provide endpoint security protection such as antivirus software, firewall,
and vulnerability assessment with security enforcement policies .

What is the importance of network access control?

-NAC allows organizations to monitor the devices and users -- authorized and unauthorized --
trying to access the network.

-NAC is one aspect of network security. It provides visibility into the devices and users trying to
access the enterprise network.

What are the types of network access control?

There are two types of NAC, including the following:

 Pre-admission: evaluates access attempts and only allows entry to authorized devices
and users.
 Post-admission: re-authenticates users trying to enter a different part of the network;
also restricts lateral movement to limit the damage from cyber attacks.
What is a network access server?
Many NAC functions are performed by a network access server.

 A traditional network access server is a server that performs authentication

and authorization functions by verifying user login information.
 Also known as a media access gateway or remote access server, a network access server
handles remote logins, establishes point-to-point protocol connections and ensures that
authorized users can access the resources they need.

A network access server can function in several ways, such as the following:

 Internet service provider: enables authorized customers to access the internet.

 Virtual private network (VPN): gives remote users access to a private enterprise
network and resources.
 Voice over Internet Protocol: allows users to access communication applications
over the internet.

A network access server can also support the following:

  Network load balancing to distribute traffic and improve reliability and
performance;
 Network resource management to manage and allocate resources for networking
processes; and
 Network user sessions to track users, store their data and persist their specific state.
What is network access control (NAC)?
 Network access control, also called network admission control, is a method to bolster the
security, visibility and access management of a proprietary network.
 It restricts the availability of network resources to endpoint devices and users that comply
with a defined security policy.
 The NAC can also provide endpoint security protection such as antivirus
software, firewall, and vulnerability assessment with security enforcement policies and
system authentication methods.

importance of network access control

 NAC allows organizations to monitor the devices and users -- authorized and
unauthorized -- trying to access the network.
 NAC is an important aspect of network security.

TYPES OF NAC

There are two types of NAC, including the following:

 Pre-admission: evaluates access attempts and only allows entry to authorized devices
and users.
 Post-admission: re-authenticates users trying to enter a different part of the network;
also restricts lateral movement to limit the damage from cyber attacks.
network access server
 Many NAC functions are performed by a network access server. A traditional network
access server is a server that performs authentication and authorization functions by
verifying user logon information.
 Also known as a media access gateway or remote access server, a network access server
handles remote logins, establishes point-to-point protocol connections and ensures that
authorized users can access the resources they need.

A network access server can function in several ways, such as the following:
  Internet service provider: enables authorized customers to access the internet.
 Virtual private network (VPN): gives remote users access to a private enterprise
network and resources.
 Voice over Internet Protocol: allows users to access communication applications
over the internet.

A network access server can also support the following:

 Network load balancing to distribute traffic and improve reliability and

performance;
 Network resource management to manage and allocate resources for networking
processes; and
 Network user sessions to track users, store their data and persist their specific state.

 Network access servers, also known as remote access servers, control remote logins,
ensure authorized users can access the resources they need and more.
What are the common use cases for network access control?
 NAC tools are proactive and designed to stop unauthorized access before it happens.
 They protect an organization’s network perimeter including the physical infrastructure,
devices, software, applications and cloud-based assets.

There are many use cases for NAC:

 Bring Your Own Device: Protects from vulnerabilities created when employees use
their own devices or use company devices from remote locations.
  Network access for non-employees (vendors or partners): NAC with VPN allows
external users to access the corporate network (or specific parts of it) through a secure
self-service portal.
 Internet of things (IoT): Prevents cybercriminals from exploiting IoT devices
connected to the enterprise network but often overlooked in terms of security and
monitoring.
 Incident response: Identifies compromised devices and automatically disables access
to prevent an attack from spreading across the network.

NAC tools are also useful for security and authentication in specific industrial use cases, such as
medical devices and healthcare systems.

FAULT TOLERANCE

 Fault tolerance refers to the ability of a system (computer, network, cloud cluster, etc.) to
continue operating without interruption when one or more of its components fail.
 The objective of creating a fault-tolerant system is to prevent disruptions arising from a
single point of failure, ensuring the high availability and business continuity of mission-
critical applications or systems.
 Fault tolerance refers to how an operating system responds to and allows for software or
hardware malfunctions and failures.
 An operating system’s ability to recover and tolerate faults without failing can be handled
by hardware, software, or a combined solution leveraging load balancers.
 Some computer systems use multiple duplicate fault tolerant systems to handle faults
gracefully. This is called a fault tolerant network.

Fault tolerant computing may include several levels of tolerance:

 At the lowest level, the ability to respond to a power failure, for example.
 A step up: during a system failure, the ability to use a backup system immediately.
 Enhanced fault tolerance: a disk fails, and mirrored disks take over for it immediately.
This provides functionality despite partial system failure, or graceful degradation, rather
than an immediate breakdown and loss of function.
 High level fault tolerant computing: multiple processors collaborate to scan data and
output to detect errors, and then immediately correct them.

Here are some examples of fault tolerant systems:

 Transactional log files that protect the Microsoft Windows registry and allow recovery
of hives
 RAID 5 disk systems that protect against data loss
  Uninterruptible power supply (UPS) to protect the system against primary power
failure

Fault tolerance vs. high availability

 Fault tolerance is closely associated with maintaining business continuity via highly
available computer systems and networks.
 Fault-tolerant environments are defined as those that restore service instantaneously
following a service outage, whereas a high-availability environment strives for five nines
of operational service.
 In a high-availability cluster, sets of independent servers are loosely coupled together to
guarantee system-wide sharing of critical data and resources.
  The clusters monitor each other's health and provide fault recovery to ensure applications
remain available.
 Conversely, a fault-tolerant cluster consists of multiple physical systems that share a
single copy of a computer's operating system.
 Software commands issued by one system are also executed on the other system.
 The trade-off between fault tolerance and high availability is cost.
 Systems with integrated fault tolerance incur a higher cost due to the inclusion of
additional hardware.

How fault tolerance works

 Fault tolerance can be built into a system to remove the risk of it having a single point of
failure.
 To do so, the system must have no single component that, if it were to stop working
effectively, would result in the entire system failing.
 Fault tolerance is reliant on aspects like load balancing and failover, which remove the
risk of a single point of failure.
 It will typically be part of the operating system’s interface, which enables programmers
to check the performance of data throughout a transaction.
 It follows two core models:

Normal functioning

This describes a situation when a fault-tolerant system encounters a fault but continues to
function as usual.

This means the system sees no change in performance metrics like throughput or response time.

Graceful degradation

Other types of fault-tolerant systems will go through graceful degradation of performance when
certain faults occur.

That means the impact the fault has on the system’s performance is proportionate to the fault
severity.

That is, a small fault will only have a small impact on the system’s performance rather than
causing the entire system to fail or have major performance issues.

Element of fault-tolerant systems.

Fault-tolerant systems also use backup components, which automatically replace failed
components to prevent a loss of service. These backup components include:

Hardware systems
  Hardware systems can be backed up by systems that are identical or equivalent to them.
 A typical example is a server made fault-tolerant by deploying an identical server that
runs in parallel to it and mirrors all its operations, such as the redundant array of
inexpensive disks (RAID), which combines physical disk components to achieve
redundancy and improved performance.

Software systems

 Software systems can be made fault-tolerant by backing them up with other software.
 A common example is backing up a database that contains customer data to ensure it can
continuously replicate onto another machine.
 As a result, in the event that a primary database fails, normal operations will continue
because they are automatically replicated and redirected onto the backup database.

Power sources

 Power sources can also be made fault-tolerant by using alternative sources to support
them.
 One approach is to run devices on an uninterruptible power supply (UPS).
 Another is to use backup power generators that ensure storage and hardware, heating,
ventilation, and air conditioning (HVAC) continue to operate as normal if the primary
power source fails.

Fault tolerance requirements

 Depending on the fault tolerance issues that your organization copes with, there may be
different fault tolerance requirements for your system.
 That is because fault-tolerant software and fault-tolerant hardware solutions both offer
very high levels of availability, but in different ways.
 Fault-tolerant servers use a minimal amount of system overhead to achieve high
availability with an optimal level of performance.
 Fault-tolerant software may be able to run on servers you already have in place that meet
industry standards.

Fault tolerance architecture

 There is more than one way to create a fault-tolerant server platform and thus prevent
data loss and eliminate unplanned downtime.
 Fault tolerance in computer architecture simply reflects the decisions administrators and
engineers use to ensure a system persists even after a failure.
 This is why there are various types of fault tolerance tools to consider.
 At the drive controller level, a redundant array of inexpensive disks (RAID) is a common
fault tolerance strategy that can be implemented.
 Other facility level forms of fault tolerance exist, including cold, hot, warm, and mirror
sites.
  Fault tolerance computing also deals with outages and disasters.
 For this reason a fault tolerance strategy may include some uninterruptible power supply
(UPS) such as a generator—some way to run independently from the grid should it fail.
 Byzantine fault tolerance (BFT) is another issue for modern fault tolerant architecture.
 BFT systems are important to the aviation, blockchain, nuclear power, and space
industries because these systems prevent downtime even if certain nodes in a system fail
or are driven by malicious actors.

Industries that depend on fault tolerance

 Fault tolerance refers not only to the consequence of having redundant equipment, but
also to the ground-up methodology computer makers use to engineer and design their
systems for reliability.
 Fault tolerance is a required design specification for computer equipment used in online
transaction processing systems, such as airline flight control and reservations systems.
 Fault-tolerant systems are also widely used in sectors such as distribution and logistics,
electric power plants, heavy manufacturing, industrial control systems and retailing.

ERRORS AND CORRECTIVE TECHNIQUES IN NETWORKING

An error is a situation where the sender’s data does not match the data at the receiver’s end.

There are three types of errors in Networking; Single bit error

Multiple bits error

Burst error

1. Single bit error

This is where there is a change in only one bit of the sender’s data

2. Multiple bits error

This is where there is a change in more than one bit of the sender’s data

3. Burst error
This is where there is a change in more than one consecutive bits of the sender’s data

Error control

Error correction

It involves ascertaining the exact number of bits that has been corrupted and the location of the
corrupted bit.
 Error detection

It involves checking whether any error has occurred or not. The number of error bits and the type
of error bits doesn’t matter.

ERROR DETECTION TECHNIQUES.

1.Checksum

In this error detection scheme the following procedure is required;

Data is divided into fixed sized frames or segments.

 In the sender’s end the segments are added using 1’s complement arithmetic to get the sum.
The sum is complemented to get the checksum.
 The checksum segment is sent along with the data segments.
 At the receiver’s end, all received segments are added using 1’s complement arithmetic to
get the sum. The sum is complemented.
 If the result is zero, the received data is accepted; otherwise discard

2.Cyclic Redundancy Check

 This technique involves binary division of the data bits being sent.
 The divisor is generated using polynomials.
 The sender performs a division operation on the bits being sent and calculates the
remainder.
 Before sending the actual bits, the sender adds the remainder at the end of the actual bits.
 Actual data bits plus the remainder is called a code word.
 The sender transmits data bits as code words and at the other end, the receiver performs
division operation on code words using the same CRC divisor.
 If the remainder contains all zeros the data bits are accepted, otherwise it is considered as
there some data corruption occurred in transit.

3.Parity check.

In this technique;
 One extra bit is sent along with the original bits to make number of 1s either even in case
of even parity, or odd in case of odd parity.
  The sender while creating a frame counts the number of 1s in it.
 For example, if even parity is used and number of 1s is even then one bit with value 0 is
added. This way number of 1s remains even.
 If the number of 1s is odd, to make it even a bit with value 1 is added.
 The receiver simply counts the number of 1s in a frame.
 If the count of 1s is even and even parity is used, the frame is considered to be not-
corrupted and is accepted.
 If the count of 1s is odd and odd parity is used, the frame is still not corrupted.
 If a single bit flips in transit, the receiver can detect it by counting the number of 1s.
 But when more than one bits are error nous, then it is very hard for the receiver to detect
the error.

ERROR CORRECTION TECHNIQUES

Error detection techniques find out the exact number of bits that have been corrupted and as well
as their location.
There are two principle ways; Backward Error correction
Forward Error correction

Backward Error correction

 If the receiver detects an error on the incoming frame it requests the sender to retransmit
the frame .it is as relatively simple technique, but it can be efficiently used where
retransmitting is not expensive as in fiber option and the time for retransmission is low
relatively to the requirements of the application

Forward Error correction

 If the receiver detects some error in the incoming frame it executes error correcting code
that generates the actual frame.
 This saves bandwidth required for retransmission.
 It is inevitably in real time systems. However, if there are too any errors the frames need
to be retransmitted
The 4 main error correction codes include;

 Hamming code
 Binary convolution code
 Reed-Solomon code
  Low-density parity check code

Hamming code

 Hamming code is an error correction system that can detect and correct errors when data
is stored or transmitted.
 Whenever data is transmitted or stored, it's possible that the data may become corrupted.
 This can take the form of bit flips, where a binary 1 becomes a 0 or vice versa.
 Error correcting codes seek to find when an error is introduced into some data.
 This is done by adding parity bits, or redundant information, to the data.
 If enough parity data is added, it enables forward error correction (FEC), where errors
can be automatically fixed when read back.
 FEC can increase the data transmission rate for noisy channels by reducing the amount of
necessary retransmits.
 Hamming code uses a block parity mechanism.
 The data is divided into blocks, and parity is added to the block.
 Hamming code can correct single-bit errors and detect the presence of two-bit errors in a
data block.
 The amount of parity data added to Hamming code is given by the formula 2 p ≥ d + p + 1,
where p is the number of parity bits and d is the number of data bits.

Binary convolution code

 In convolutional codes, the message comprises of data streams of arbitrary length and a
sequence of output bits are generated by the sliding application of Boolean functions to
the data stream.
 In block codes, the data comprises of a block of data of a definite length.
 However, in convolutional codes, the input data bits are not divided into block but are
instead fed as streams of data bits, which convolve to output bits based upon the logic
function of the encoder.
 Also, unlike block codes, where the output code word is dependent only on the present
inputs, in convolutional codes, output stream depends not only the present input bits but
also only previous input bits stored in memory.

Reed-Solomon code

 It is a linear block code.

 It takes a block of data and insert or add redundant bits before transferring the message.
 Receiver decodes the message and correct the errors.
 In reed solomon code there are some variables or you can say parameters which play an
important role in this. n,k,q are those parameters.
  n is block symbol length, k is length of message symbol and q is size of each symbol.
 Each message and code symbol in the block corresponds to an element of a Galois field.
 Galois field is a set of numbers with arithmetic operations add, subtract, multiply, and
divide which are associative, commutative, and closed.
 It is represented as GF(n), where n is the number of elements in the field.

Low-Density parity check code

 It is a linear block code which has the capability of correcting errors in blocks of large
sizes.
 It is constructed using a sparse tanner graph.
 A low-density parity-check code is a code specified by a parity-check matrix.
 The parity check matrix has rows and columns which represent equations and bits in code
symbols respectively.
 In this there are basically two parameters as n,i,j where n is block size, i is fixed number
of 1's in each column and j is fixed number of 1's in each row.
 When parity check bits are very small, we have to use decoders that help in doing parity
checks.
 In the process, if we came across any bit that contains more than fixed number of parity
equations that are not satisfied then we will simply reverse that particular bit.
 When we get new values, parity equations are recalculated.
 This whole process keeps on running continuously until we get all parity equations which
are satisfied.

STATIC AND DYNAMIC NETWORKS

• Static:

 Static (fixed) interconnection networks are characterized by having fixed paths,

unidirectional or bidirectional, between processors
 Nodes never crash
 Edges maintain operational status forever

• Dynamic:

 Nodes may come and go

 Edges may crash and recover
DYNAMICS NETWORKS

 A dynamic network is a network that changes with time. Nature, society, and the modern
communications landscape abound with examples.
 Administrative roles are done automatically by the router dynamic protocols for example:
the DHCP (Dynamic Host Control Protocol)
How does the DHCP work?
 DHCP runs at the application layer of the Transmission Control Protocol/IP (TCP/IP)
stack to dynamically assign IP addresses to DHCP clients and to allocate TCP/IP
configuration information to DHCP clients.
 This includes subnet mask information, default gateway IP addresses and domain name
system (DNS) addresses.
 DHCP is a client-server protocol in which servers manage a pool of unique IP addresses,
as well as information about client configuration parameters, and assign addresses out of
those address pools.
 DHCP-enabled clients send a request to the DHCP server whenever they connect to a
network.
 Clients configured with DHCP broadcast a request to the DHCP server and request
network configuration information for the local network to which they're attached.
 A client typically broadcasts a query for this information immediately after booting up.
 The DHCP server responds to the client request by providing IP configuration
information previously specified by a network administrator.
 This includes a specific IP address, as well as a time period -- also called a lease -- for
which the allocation is valid.
 When refreshing an assignment, a DHCP client requests the same parameters, but the
DHCP server may assign a new IP address based on policies set by administrators.
 DHCP clients can also be configured on an Ethernet interface.
 A DHCP server manages a record of all the IP addresses it allocates to network nodes.
 If a node is relocated in the network, the server identifies it using its Media Access
Control (MAC) address, which prevents the accidental configuration of multiple devices
with the same IP address.
 Configuring a DHCP server also requires the creation of a configuration file, which stores
network information for clients.
 This involves assigning IP addresses to hosts and authenticating host devices on the
network

Dynamic Routes

 Signals can freely change path during transmission.

 There are less congested lines thus no traffic
  The Only disadvantage of dynamic networks is that there could be Signal transmission
mismatch

STATIC NETWORKS

• Static network is where most administrative roles are done by an administrator including
assigning IP addresses to individual hosts and authenticating host devices.
• It is characterized by static IP addresses and host IP conflicts.
• Host IP conflicts is where the same IP addresses are assigned to more than one host
device i.e.

192.168.3.1

192.168.3.16 192.168.3.16

Static routes/Static routing

During transmission, signals maintain the same path.
Static protocols
E.g. IP route protocol

R0 R1

• For x to communicate with y, they will use an IP route if assigned IP

addresses of PC1 the same class
• Static protocols are used in networks of similar class IP addresses
• The
PC0demerits of static networks is IP conflicts and signal congestions along the path
• Two types
(CCNs) and limited connection networks (LCNs).
Completely Connected Networks

• In a completely connected network (CCN) each node is connected to all other nodes in
the network.
• Completely connected networks guarantee fast delivery of messages from any source
node to any destination node (only one link has to be traversed).
• Since every node is connected to every other node in the network, routing of messages
between nodes becomes a straightforward task.
• Completely connected networks are, however, expensive in terms of the number of links
needed for their construction.
• This disadvantage becomes more and more apparent for higher values of N.
• It should be noted that the number of links in a completely connected network is given
by:
N (N - 1)/2
• The delay complexity of CCNs, measured in terms of the number of links traversed as
messages are routed from any source to any destination is constant, that is, O(1).
• An example of having N = 6 nodes is shown in the figure. A total of 15 links are
required to satisfy the complete interconnectivity of the network.

Limited Connection Networks

• Limited connection networks (LCNs) do not provide a direct link from every node to
every other node in the network.
• Instead, communications between some nodes have to be routed through other nodes in
the network.
• The length of the path between nodes, measured in terms of the number of links that
have to be traversed, is expected to be longer compared to the case of CCNs.
• Two other conditions seem to have been imposed by the existence of limited
interconnectivity in LCNs.
 • These are the need for a pattern of interconnection among nodes and the need for a
mechanism for routing messages around the network until they reach their destinations.
• These patterns include linear arrays, ring (loop) networks, two-dimensional arrays
(nearest-neighbour mesh), tree networks, and cube networks.

NETWORK SECURITY

Network security is a set of rules and configurations designed to protect the confidentiality,
integrity and availability of computer networks and data using both software and hardware.

It basically combines multiple layers of defenses at the edge of the network and within the
internal network so only authorized users gain access to the network resources. But malicious
actors are blocked from carrying exploits or threats

Goals of network security

It aims at maintaining the CIA triad.

Which is to ensure:

1. Confidentiality- Assures that private or confidential information is not made available or

disclosed to unauthorized individuals.
2. Integrity- Assures that information is only changed in a specific and authorized manner.
3. Availability- assures that the system works promptly and authorized users have access to
services.
Threats

This refers to what an attacker is able to do in our network

They include:

● Intercept packets; modify, change it before it reaches destination. This can be prevented
by encrypting data.
● Inject data that you never sent
● An attacker can participate in protocols via their own machines.

Network Security Controls

This refers to the layers to consider when addressing network security.

They are;

1. Physical Network Security

Physical security controls are designed to prevent unauthorized personnel from gaining physical
access to network components.such as; network cabinets, routers, switches, firewalls.

Controlled access implemented are locks, biometric authentication.

2. Technical Network Security

Technical security controls protect data that is stored in the network(data at rest), data which is
across, into and out of the network(data in motion).

3. Administrative Network Security

Administrative security controls consist of the security policies and processes that govern user
behavior on the network. Including how the user is authenticated into the network, level of
access on the network and how the staff member implements changes in the network.
Types of network security

1. Firewall
Firewalls control incoming and outgoing traffic on networks and decides whether to allow or
block specific traffic based on a defined set of security rules.

It acts as a barrier between the untrusted external networks and your trusted internal network

Administrators typically configure a set of defined rules that block or permit traffic onto the
network.

It can be a hardware or software appliance or both based on the need in the network.

2. Network Access Control

To ensure that potential attackers cannot infiltrate your network comprehensive access control
policies need to be in place for both users and devices.

For instance, you could grant administrators full access to the network but deny access to
specific confidential folders or prevent their personal devices from joining the network.

3. Antivirus and Antimalware software

This should detect the malware on entry and also continually track the file afterwards for any
malicious executions.

4. VPN
It encrypts connection from an endpoint to a network, often over the internet.

5. SIEM
Security, information and event management.

SIEM products pull together information that the information security analysts need in order to
identify and respond to threats.

6. Intrusion Detection System (IDS).

An IDS detects unauthorized access attempts and flags them as potentially dangerous but does

not remove them. It is often used in combination with a firewall.

7. Sandboxing.
This approach lets organizations scan for malware by opening a file in an isolated environment

before granting it access to the network. Once opened in a sandbox, the organization can observe

whether the file acts in a malicious way or shows any indications of malware.

8. Software-defined Perimeter (SDP).

An SDP is a security method that sits on top of the network it protects, concealing it from

attackers and unauthorized users. It uses identity criteria to limit access to resources and forms a

virtual boundary around networked resources.

9. Web security.
This practice controls employee web use on an organization’s network and devices, including

blocking certain threats and websites, while also protecting the integrity of an organization’s

website themselves.

Benefits of Network Security.

Functionality- Network security ensures that ongoing high performance of the networks that

businesses and individual users rely on.

Privacy and security- Network security prevents the security breaches that can expose PII and
other sensitive information, damage a business’s reputation and result in financial losses.

Intellectual property protection- Intellectual property is key to many companies’ ability to

complete. Securing access to intellectual property related to products, services and business

strategies helps organizations maintain their competitive edge.

Compliance- Complying with data security and privacy regulations is a legal requirement in

many countries hence security networks are a key part of adhering to these mandates.

Challenges of Network security.

Evolving network attacks methods- The biggest network security challenge is the rate at which

cyber-attacks evolve. Threat actors and their methods constantly change as technology changes.

User adherence- It can be difficult for an organization to ensure that everyone is adhering to

network security best practices, while simultaneously evolving those strategies to address the

newest threats.

Remote and mobile access- Remote work is more prevalent. This makes wireless security more

important as users are more likely to be using a personal or a public network while accessing the

company’s networks.

Third party partners- Cloud providers, managed security services and security products
vendors

often get access to an organization’s network, opening new potential vulnerabilities.

ENTERPRISE NETWORKS

What Is Enterprise Networking?

Enterprise networking refers to the physical, virtual and logical design of a network, and how the
various software, hardware and protocols work together to transmit data.

When it comes to enterprise networking, every organization has different needs, and in the era
of digital transformation, modern enterprises are relying more on software-driven solutions to
power intelligent network architecture, automation and design

Types of enterprise networks

There are three common types of enterprise networks:

Local Area Network (LAN)

 This network usually connects computers and other devices in a small area such as an
office building.
 It’s local because it only covers a limited geographic area and typically uses cables to
connect devices.
 Since LANs cover a small space, there isn’t much concern about security or privacy.

Wide Area Network (WAN)

 A wide-area network (WAN) is any computer network that spans larger distances than a
LAN.
 A WAN may span cities, states, countries, or even continents.
 In contrast to LANs, which use cables for connectivity, WANs often use telephone lines
or radio waves to communicate between network nodes.
 The Internet is one example of a WAN.

Cloud Networks

 Enterprise IT departments can also take advantage of cloud computing resources.

 Cloud computing uses virtualization technology to allow companies to rent server space
on a pay-as-you-go basis instead of purchasing their hardware.
 Cloud computing allows users to access applications and data from anywhere using any
device with Internet access.
 These applications reside on servers hosted by a third-party company known as a cloud
provider.
 Aspects of Enterprise Networking and their importance:

Networking

 It goes beyond any reasonable doubt that a business can hardly survive without good
networking.
 How then will customers, clients as well as partners keep in touch? The process involves
creating and designing a network of devices involved.
 The components include a Switches, Routers, and Firewalls among others.

Advantages

 Improves communication and information availability

 Fast and convenient resource and file sharing
 A system that is not only cheap but also cost-effective
 Increased secured network Performance

Wireless
 It is a computer network without physical cables connecting the devices.
 Radio waves are used to enable communication.
 As a result, the sender and the receiver communicate seamlessly.
 There are many companies that offer innovative wireless solutions in Dubai and
facilitates BYOD.

Advantages

 Ease scaling.
 Management of mobile devices and their security
 Reduce confinement to a particular workstation
 Facilitates Bring Your Own Device (BYOD)

WAN
 In enterprise networks, a Wide Area Network (WAN) may be inevitable.
 If you have branches in various parts of the globe, WAN will ensure that each of them
communicates.
 Considering each department will have a Local Area Network (LAN), the WAN
solutions Dubai will connect all of them into one big enterprise network.
 Advantages

 A centralized IT infrastructure Solutions Dubai used by all offices and branches

 Privacy
 Higher bandwidth
 Cheap due to features like emailing and video conferencing for communication.

Security
 Network Security Solutions in Dubai is essential for any organization that relies on a
network enterprise.
 For it to be abundant, policies, as well as protocols, are vital. Security ensures that no
unauthorized people access data and vice versa.
 For the authorized, there is no room for change or misuse of information.

Advantages

 Minimal risks of infections, attacks as well as breaches

 High profits due to lack of downtime and sluggish systems
 Prevent instead of dealing with attacks after they happen
 Clients will be confident with the enterprise

Advantage of enterprise networking

Minimization of cost

Enterprise networking reduces operational, service, software, hardware, infrastructure, services

and maintenance costs. With WAN and wireless, the price of scaling your network is low.

Fast Communication

 This sector in your organization becomes quick and easy once you consider enterprise
networking.
 Why not when it will facilitate several activities? They include email messaging, video
conferencing and IP telephony.
 There will be ample communication between all the employees from various stations.

Manageability
  The sharing feature simplifies the management of your firm.
 When files’ storage is in a central place, those using remote workstations efficiently
access it.
 As a result, every employee obtains all the needed data without the need for duplication.
 Applications, as well as expensive devices, can be shared through as well.
 Additionally, enterprise Networking Companies eliminates personal backing up of data.
 Instead, it is the data in the central location that is backed up.

Security
 In enterprise networking, appropriate measures are in place to secure your network from
attacks.
 There will be a central place to monitor access, and every user gets what he or she is
supposed to retrieve.
 Threats are detected to prevent where possible.
 Sign up with a reliable and trustworthy technology partner for best network security
solutions .
Productivity and Performance
 The two will improve if you go for enterprise network solutions .
 Elements that facilitate that include the mobility, BYOD, real-time access and efficiency.
 They subsequently increase the two.

What are the consequences if a good networking solution is not in place in Enterprise
Networking?

An increase in downtime

 The right solution is automatic.

 Therefore, it keeps collecting information and lets you know in case of a device failure.
 On the other hand, a bad one will not.
 In return, it will take longer to detect the problem and once identified, solving it is hard.

Manual identification of problems

  That demands that you outsource an IT profession to dig into the issues.
 It may take some time, and the cost will not be pocket-friendly. That can bring loss to the
company.

Security threats

 A lousy networking solution will not be able to detect attacks.

 Therefore, the organization will be aware of it when the systems start showing it which
could be too late.
 If the enterprise network lacks adequate security, an attack on one computer could lead to
harming the others.

High Costs

If a good networking solution is not in place, identifying problems will take longer. The service
fee and the waiting time will cost the organization a lot.

New Trends and Threats to Enterprise networking

Hyper automation
 Hyper automation is essentially the identification and automation of as many processes as
possible.
 Many of the solutions adopted under the umbrella of hyper automation are driven by AI
and machine learning (ML).
 In fact, the development of hyper automation is already being seen through the rise
of robotic process automation (RPA) tools.
 These solutions allow you to employ bots and automate simple, routine processes within
various software applications.
 In a way, RPAs signal the potential of hyper automation moving forward.
 The two primary advantages of hyper automation are employee up skilling and business
efficiency.
 Because many automated solutions are increasingly low-or no-code, advanced techniques
are opened up to the everyday user.
 This brings a general up skilling across all enterprise employees.
 In the same vein, because your employees have access to more advanced technologies,
business operations become more efficient.
 Employees can empathize with different departments and their pain points to increase this
efficiency even more.
Artificial Intelligence

As enterprise businesses continue to leverage hyper automation in different facets of their

operations, solutions built with AI will be a priority.

AI finds three main applications for enterprise businesses:

 Cyber security: Cyber security tools are one of the fastest growing applications for AI.
Enterprises are finding these solutions more important now than ever due to concerns
around 5G cyber security.
 Task automation: As we previously mentioned, many AI-driven automation solutions, such
as RPAs, are growing in popularity for enterprises. They are a precursor to the full potential
AI-based automation holds.
 Virtual assistants: Virtual assistants are one of the more practical ways enterprises continue
to leverage AI in their business operations. Sales and customer service teams use them to
automate and learn from customer support.

5G
 With the advancement and standardization of 5G comes the idea of 5G-powered
businesses — essentially businesses that leverage 5G for their operations.
 5G promises faster and more flexible ways to connect with one another.
 It will also likely advance the amount of Internet of Things (IoT) devices.
 This is one of the most actionable benefits 5G provides for enterprises, who can provide
and offer services that would’ve previously been too expensive to operate.
 Although IoT devices can bring a tectonic shift to enterprise networking, the benefits of
5G will also bring with them cyber security concerns.

SD-WAN

 Software-defined wide-area networks (SD-WAN) are the modernization of the traditional

WAN infrastructure.
 And, as 41 million U.S. employees are projected to work remotely for the next five years,
SD-WAN will continue to grow.
 This is because SD-WAN allows for more flexible and efficient remote operations.
 In fact, businesses are encouraged to adopt multiple transport options through SD-WAN
as cloud infrastructures continue to advance.
 The primary reason many enterprises are adopting SD-WAN is its increased stability and
lower operational costs.
SASE

 Secure Access Service Edge (SASE) architectures are similar to SD-WAN.

 Their greatest advantage, however, comes in their ability to increase enterprise visibility.
 One of the main consequences of the shift to remote work was the loss in company-wide
visibility key stakeholders faced.
 In a sense, business leaders lost a grasp of company operations due to remote work.
 SASE counters this by allowing businesses to manage users and track network traffic in
real time.
 Again, just like the rapid adoption of SD-WAN, enterprise businesses should track the
rise of the SASE market due to the future of remote work.
 This visibility is also a big reason why SASE offers an additional layer of security.

Cybersecurity

 Because so many other technologies and advancements, such as hyper automation, AI,
and 5G, all have security implications, cyber security will be a main topic for enterprises.
 One of the main reasons cyber security will trend is due to the sheer amount of data
businesses are dealing with.
 Traditional IT departments are beginning to implement AIOps to deal with this amount of
data.
 AIOps, alongside the rise of data democratization, could help mitigate cyber security
threats by opening up analysis to a wider breadth of departments.
 However, this conversely means that any breach could be detrimental for enterprises due
to the vast amount of customer data cyber attackers could gain access to.
 Another point of vulnerability for enterprises is in their adoption of 5G networking.
 5G cyber security is a growing concern for many enterprises and has even been addressed
by former FCC chairman Tom Wheeler, who maintains that enterprises must adopt a
“new cyber duty of care.” They must also adopt new business standards to mitigate any
risks.
 Ultimately, questions surrounding cyber security must stay at the forefront going into
2022.

Metaverse

 Finally, just as unified communications and collaboration tools such as Zoom and
Microsoft Teams have grown during the pandemic, so shall new frontiers for
communication in the metaverse.
 The metaverse refers to online spaces where humans can interact in a more engaging and
immersive way compared to our existing modes of communications. With the rise of
 other blockchain technologies such as cryptocurrency, the metaverse has become a main
topic of discussion for enterprises.

Enterprises can expect three main benefits as the metaverse grows:

 Unique modes of customer and business relations

 New currencies and transactions, such as cryptocurrencies and NFTs
 Streamlined remote employee communications.

VPN
 Virtual Private Network (VPN) is a private network that connects one network node to
another network node using a public network (internet).
 The data passed will be encapsulated and encrypted to ensure confidentiality. The
security system on VPN uses several layers which include;
a) Tunneling method
 Tunnels are a method for transporting data across a network using protocols that
are not supported by that network.
 Tunneling works by encapsulating packets: wrapping packets inside of
other packets.
 A typical packet has two parts: the header, which indicates the packet's
destination and which protocol it uses, and the payload, which is the packet's
actual contents.
 An encapsulated packet is essentially a packet inside another packet. In an
encapsulated packet, the header and payload of the first packet goes inside the
payload section of the surrounding packet. The original packet itself becomes the
payload.
b) Encryption method
 It refers to wrapping a data packet that passes in tunneling, the data passed on the
packaging will be changed with certain cryptographic algorithms such as DES,
3DES, and AES.
c) User authentication method
 Because many users who will access usually use many user authentication
methods such as Remote Access Dialin user services (RADIUS) and Digital
Certificates.
d) Data integrity
 Data packets that are passed on public networks need to guarantee data integrity
(integrity), whether changes occur or not.
 The VPN method uses HMA C-MD5 or HMA CSHA1 so that the data packet
does not change at the time of transmission.

VPN Applications

 VPNs can be grouped according to their applications:

a) Extranet VPN

 They extend the connectivity to business partners, suppliers, and customers across
the Internet or an SP's network.

 The security policy becomes very important at this point; for example, the
company does not want a hacker to spoof any orders from a business partner.

b) Intranet VPN

 Intranet VPNs link remote offices by extending the corporate network

across a shared infrastructure.

 The intranet VPN services are typically based on extending the basic
remote-access VPN to other corporate offices across the Internet or across
the SP's IP backbone.

c) Access VPN:

 Access VPNs provide access to a corporate intranet (or extranet) over a

shared infrastructure and have the same policies as a private network.

 Remote-access connectivity is through dial-up, ISDN, DSL, wireless, or

cable technologies.

 Access VPNs enable businesses to outsource their dial or other broadband

remote access connections without compromising their security policy.

VPN Connectivity Options

Overlay VPN

 Overlay networks consist of a series of virtual or physical computers

layered on top of an existing network.

 The purpose of the overlay network is to add missing functionality

without a complete network redesign.

 Typically, these networks link to the existing network through virtual or

physical nodes.
  overlay VPNs are more difficult to operate and have higher maintenance
costs for the following reasons:

 Every individual virtual circuit must be provisioned.

 Optimum routing between customer sites requires a full mesh of

virtual circuits between sites.

 Bandwidth must be provisioned on a site-to-site basis.

VPDNs

 Virtual private dial-up networks (VPDNs) securely carry

private data over a public network, allowing remote users
to access a private network over a shared infrastructure
such as the Internet.

 VPDNs maintain the same security and management

policies as a private network, while providing a cost-
effective method for point-to-point connections between
remote users and a central network.

Advantages of using VPNs.

1) Secure Your Network-One of the most important is the fact that businesses can effectively
secure their network. Without your knowledge, an application or website can keep track
of your activity online. They can then analyze the data they collect and use it to try to
target you with ads. Without a VPN, you may experience an influx of pop-up ads that can
interrupt your browsing experience and be a general nuisance.

2) Hide Your Private Information-Hackers can use a variety of methods to intercept sensitive
information you enter on websites. Using that information, they can try to impersonate
you, gaining access to bank accounts, credit card information, and more. With a VPN,
however, you can enjoy high-level security.

3) Offer cheaper long distance telephone charges.

 4) Reduce support costs- Using a VPN may help a business reduce the cost of maintaining

servers, because support can be outsourced to third-party service providers who can

support a lower cost structure due to their many clients.

5) Avoid censorship when traveling abroad- Some VPNs can help you bypass geographical

restrictions.
Disadvantages of VPNs

1) Slightly slower internet

A VPN reroutes and encrypts your internet connection, which may slightly lessen your
internet speed.

2) Illegal in some countries*

In some countries, the use of VPNs is banned or heavily regulated, so always check the
legislation where you’re located.

3) Potentially difficult to set up

Depending on the VPN you use, you may have some trouble setting it up. Be sure to choose a
beginner-friendly VPN service to avoid this.

4) Lack of encryption knowledge

Unless you’re an encryption expert, it’s hard to know the encryption quality of your
VPN. However, selecting a reliable VPN service with positive reviews will make it more likely
that your encryption quality is high.