Network Design,

Implementation and
Security

Network Security

Compiled: Engineer M. Mago, MBA, MSc (Electronics & Automation Engineering, Telecoms)
 Content

Network Design

Network Implementation

Network Security
• Definitions
• Types of Network Security
• Different types of network security devices and tools
• Principles of network security
• Real network security examples
• Types of Security provisions at various levels in a system
• Key measures towards making a system safe
Definitions
Network security is a broad term that covers a multitude of technologies, devices and processes.
In its simplest term, it is a set of rules and configurations designed to protect the integrity,
confidentiality and accessibility of computer networks and data using both software and
hardware technologies. It is the process of taking physical and software preventative measures
to protect the underlying networking infrastructure from unauthorized access, misuse,
malfunction, modification, destruction, or improper disclosure, thereby creating a secure
platform for computers, users, and programs to perform.
Types of Network Security
There are three components of network security: hardware, software, and cloud services.
Hardware appliances are servers or devices that perform certain security functions within the
networking environment. Hardware can be installed out of the path of network traffic, or “out-
of-line,” but it’s more commonly installed in the path of traffic, or “in-line.” The advantage of
this is that in-line security appliances are able to stop data packets that have been flagged as
potential threats, whereas out-of-line appliances simply monitor traffic and send alerts when
they detect something malicious.
Network security software, which includes antivirus applications, can be installed on devices
and nodes across the network to provide added detection and threat remediation.
Cloud services refer to offloading the infrastructure to a cloud provider. The set-up is
generally similar to how network traffic passes through in-line hardware appliances, but
incoming network traffic is redirected to the cloud service instead. The cloud service does
the work of scanning and blocking potential threats for you before the traffic is allowed
onto your network.
Every good network security system uses a combination of different types of network
security tools to create a layered defence system. The theory behind this strategy is that if
a threat manages to slip past one security countermeasure, the other layers will prevent it
from gaining entry to your network. Each layer provides active monitoring, identification,
and threat remediation capabilities in order to keep the network as secure as possible.
Different types of network security devices and tools
There are quite a few different networking security tools you can incorporate into your
line-up of services. The following list not exhaustive, but available security tools can
include:
• Access control - refers to controlling which users have access to the network or especially
to sensitive sections of the network. Using security policies, you can restrict network
access to only recognized users and devices or grant limited access to noncompliant
devices or guest users.
• Antivirus and anti-malware software. Malware, or “malicious software,” is a
common form of cyber-attack that comes in many different shapes and
sizes. Some variations work quickly to delete files or corrupt data, while
others can lie dormant for long periods of time and quietly allow hackers a
back door into your systems. The best antivirus software will monitor
network traffic in real time for malware, scan activity log files for signs of
suspicious behaviour or long-term patterns, and offer threat remediation
capabilities.
• Application security. Each device and software product used within a
networking environment offers a potential way in for hackers. For this
reason, it is important that all programs be kept up-to-date and patched to
prevent cyber-attackers from exploiting vulnerabilities to access sensitive
data. Application security refers to the combination of hardware, software,
and best practices you use to monitor issues and close gaps in your security
coverage.
• Behavioural analytics. In order to identify abnormal behaviour, security support personnel need to establish a
baseline of what constitutes normal behaviour for a given customer’s users, applications, and network.
Behavioural analytics software is designed to help identify common indicators of abnormal behaviour, which
can often be a sign that a security breach has occurred. By having a better sense of each customer’s
baselines, network service providers can more quickly spot problems and isolate potential threats.
• Data loss prevention. Data loss prevention (DLP) technologies are those that prevent an organization’s
employees from sharing valuable company information or sensitive data—whether unwittingly or with ill
intent—outside the network. These can prevent actions that could potentially expose data to bad actors
outside the networking environment, such as uploading and downloading files, forwarding messages, or
printing.
• Distributed denial of service prevention. Distributed denial of service (DDoS) attacks are becoming
increasingly common. They function by overloading a network with one-sided connection requests that
eventually cause the network to crash. A DDoS prevention tool scrubs incoming traffic to remove non-
legitimate traffic that could threaten a network, and may consist of a hardware appliance that works to filter
out traffic before it reaches your firewalls.
• Email security. Email is an especially important factor to consider when implementing networking security
tools. Numerous threat vectors, like scams, phishing, malware, and suspicious links, can be attached to or
incorporated into emails. Because so many of these threats will often use elements of personal information
in order to appear more convincing, it is important to ensure an organization’s employees undergo sufficient
security awareness training to detect when an email is suspicious. Email security software works to filter out
incoming threats and can also be configured to prevent outgoing messages from sharing certain forms of
data.
• Firewalls - another common element of a network security model. They essentially function as a gatekeeper
between a network and the wider internet. Firewalls filter incoming and, in some cases, outgoing traffic by
comparing data packets against predefined rules and policies, thereby preventing threats from accessing the
network.
• Mobile device security. The vast majority of users have mobile devices that carry some form of personal or
sensitive data they would like to keep protected. This is a fact that hackers are aware of and can easily take
advantage of. Implementing mobile device security measures can limit device access to a network, which is a
necessary step to ensuring network traffic stays private and doesn’t leak out through vulnerable mobile
connections.
• Network segmentation. Dividing and sorting network traffic based on certain classifications streamlines the job for
security support personnel when it comes to applying policies. Segmented networks also make it easier to assign
or deny authorization credentials for employees, ensuring no one is accessing information they should not be.
Segmentation also helps to sequester potentially compromised devices or intrusions.
• Security information and event management. These security systems (called SIEMs) combine host-based and
network-based intrusion detection systems that combine real-time network traffic monitoring with historical data
log file scanning to provide administrators with a comprehensive picture of all activity across the network. SIEMs
are similar to intrusion prevention systems (IPS), which scan network traffic for suspicious activity, policy
violations, unauthorized access, and other signs of potentially malicious behaviour in order to actively block the
attempted intrusions. An IPS can also log security events and send notifications to the necessary players in the
interest of keeping network administrators informed.
• Web security. Web security software serves a few purposes. First, it limits internet access for employees, with the
intention of preventing them from accessing sites that could contain malware. It also blocks other web-based
threats and works to protect a customer’s web gateway.
Principles of network security
There are three principles within the concept of network security—confidentiality, integrity, and availability—
which together are sometimes referred to as the “CIA triad.” A network can only be considered secure when it
has all three elements in play simultaneously.
Confidentiality works to keep sensitive data protected and sequestered away from where it can be accessed by
the average user. This goes hand-in-hand with the principle of availability, which seeks to ensure that data and
resources are kept accessible for those who are authorized to access them. Challenges to availability can include
DDoS attacks or equipment failure. The principle of integrity seeks to protect information from intentional or
accidental changes in order to keep the data reliable, accurate, and trustworthy.
Every decision made regarding network security should be working to further at least one of these principles.
This means that MSPs need to ask if each decision will ensure that data is kept confidential, that its integrity will
be protected, and that it will be made more easily available to those with authorization to access it.
Why these network security concepts are so important: Cyber-attacks are on the rise, with a recent report from
Positive Technologies showing that government and healthcare organizations are becoming prime targets for
hackers. The report also shows the goal of more than half of cybercrimes is data theft, and that financial gain was
the motivation behind 42% of cyber-attacks against individuals—and behind 30% of cyber-attacks against
organizations.
As the world becomes increasingly digitized, we rely more and more on the internet and networks to function.
This in turn requires that the internet and networks provide us with reliable and secure service. However, as
more personal and sensitive data is stored in electronic repositories and archives, hackers are turning their
attention to networked systems. For this reason, it is imperative that MSPs and security support personnel offer
customers robust security systems that protect data from various threat vectors.
Real network security examples
There are many solutions in application in the market today, and below is a discussion of
just but a few:
• #1) Antivirus and Anti-malware Software:
The protection software that is used to shield our system from viruses, Trojan attacks,
worms, etc is an antivirus and anti-malware software.
This software scans the system and network for malware and Trojan attacks every time
when a new file is introduced into the system. It also detects and fixes identified
problems, if found with any infected data or with a virus.
• #2) Data Loss Prevention (DLP):
Large organizations maintain the confidentiality of their data and resources by making
sure that their internal information will not be leaked out by any of the employees to the
outside world.
This is done by deploying DLP technology in which the network administrator restricts
the employees’ access to the information to prevent it from sharing to the outside world
by blocking ports and sites for forwarding, uploading or even printing information.
• #3) Email Security:
The attackers can induce the virus or malware in the network by sending it through an e-mail
in the system.
Therefore a highly skilled email security application which can scan incoming messages for
viruses and capable of filtering suspicious data and controlling the outflow of messages to
prevent any kind of information loss to the system is required.
• #4) Firewalls:
These are an integral part of the networking system. It acts as a wall between two networks
or between two devices. It is basically a set of pre-defined rules which are used to prevent
the network from any unauthorized access.
Firewalls are of two kinds, i.e. hardware, and software. The software firewall is installed in the
systems to shield them from various types of attacks as they filter, block and fix the unwanted
creatures in the network.
The hardware firewall acts as a gateway between two networking systems so that only a
particular pre-defined user or traffic can access the network and its resources.
Intrusion prevention system (IPS) - It is the network security system which contains some set
of rules which when followed you can easily figure out the threats and block them as well.
• #5) Mobile Security:
The cyber-criminals can easily hack or attack mobile handsets with the data facility on
the handsets, and enter into the devices from any unsecured resource link from the
website.
Hence it is necessary to install an antivirus on our device and people should download
or upload data from reliable resources and from secured websites only.
• #6) Network Segmentation:
For the security point of view, a software-based organization does have to segment
their crucial data into two-or-three parts and keep them at various locations and on
several resources or devices.
This is done, so that in the worst case, if the data at any location is corrupted or
deleted by a virus attack, then it can be reconstructed from the backup sources.
• #7) Web Security:
Web security refers to providing limited access to websites and URLs by blocking the
sites which are more vulnerable to viruses and hackers. Thus it is basically concerned
with controlling the web-based threats.
#8) Endpoint Security:
In a networking system in which a user present at the remote end, accessing the crucial
database of the organization from a remote device like mobile phones or laptops, endpoint
security is required.
Various software which has inbuilt-advanced endpoint security features is used for such a
purpose. This provides seven layers of security inclusive of file reputation, auto-sandbox,
web- filtering, antivirus software, and a firewall.
#9) Access Control:
A network should be designed in such a way that not everyone can access all the resources.
This is done by deploying a password, unique user ID and authentication process for
accessing the network. This process is known as access control, since by implementing it
we can control the access to the network.
#10) Virtual Private Network (VPN):
A system can be made highly secure by using VPN networks in association with using
encryption methods for authentication and floating data traffic over the Internet to a
remotely connected device or network. IPSec is the most commonly used authentication
process.
Types of Security provisions at various levels in a system

To manage a network, in such a way that it will be capable enough to deal with all the
possibilities of the network attacks & virus problem and fix them is known as Network security
management.
Key measures towards making a system safe
1) Set-up Strong Passwords
To protect a system or network from malicious attacks, firstly put a strong password in the system for login
and access and the password must consist of lots of character, symbol, and numbers. Avoid using
birthdays as a password as it can be easily cracked by the hackers.
2) Establish a Firewall
Always put a strong firewall in a networking system to protect it from unwanted access or other threats.
3) Antivirus Protection
Always install a system and laptops with antivirus software. The software will scan, spot and filter the
infected files and also fix the problem that arises due to virus attacks in the system.
4) Updating
To update a system and network with the latest version of the antivirus software and install the latest
patches and scripts for the system as per the need of the system is very crucial. This will minimize the
chances of virus attacks and make the network more secure.
5) Guard Laptops and Mobile Phones
Laptops are movable devices and are very vulnerable to network threats. Similarly, mobile phones are
wireless devices and are also easily exposed to threats. To shield these devices, a strong password should
be used to access the various resources of it. It will be better to use a biometric finger-print password to
access the smart devices.
6) On-Time backups
Periodically take backups of files, documents and other important data in a system or hard-
disk and save them onto a centralized server or some secure location. This should be done
without fail. In case of emergency, this will help to restore the system quickly.
7) Smart Surfing on websites
Before downloading and clicking on any link or site on the Internet, keep in mind that one
wrong click can give an invitation to many viruses onto a network. Thus download the data
from trusted and secure links only and avoid surfing on unknown links and websites.
Also, avoid clicking on advertisements and offers which are frequently displayed on web-page
whenever you log into the Internet.
8) Secure Configuration
A configuration done on the IOS or router should be done using a unique user ID and
password and should be kept secure.
9) Removable media control
Removable devices like pen drives, dongles, and data cards should always be scanned when
induced in the system. The usage of removable devices should be limited and such a policy
should be made through which it can’t export any data from the system.
Conclusion
In this tutorial, we explored what is network security, its need, types and key points
to manage it.
We also saw how to make our networking systems immune to all kinds of virus and
Trojan attacks by implementing strong passwords to the system, assigning multi-
level security, using anti-virus software and by updating all the software and system
on time.