UNDERSTANDING NETWORK

SECURITY TO
INFORMATION SECURITY
 MEMBERS:

• REGIE ELLADORA
• JUSTINE ROSE CASAS
• JUSTINE DOLERO
• JENNIFHER BORJA
• ANGELIE BONGGAT
 LEARNING OUTCOMES

• Learn what is Network or Computer Network,

Network Security and Information Security
• Identify the types of Network
• Identify the basic components of Computer Security
• Learn about information security policy
• Learn about top information security threats
 WHAT IS NETWORK?

A network is a collection of two or more interconnected

devices that use a common language or protocol to
exchange information. The network has a series of points
known as nodes that are interconnected by communication
paths.
Network topology
TYPES OF NETWORK

Ethernet
The industry standard bus technology for local-
Figure 15.25 Various network topologies area networks.
NetworkNETWORK
topology TOPOLOGY

Local-area network (LAN)

A network that connects a relatively small number of machines in a relatively
close geographical area
Ring topology connects all nodes in a closed loop on which messages
travel in one direction
Star topology centers around one node to which all others are connected
and through which all messages are sent
Bus topology nodes are connected to a single communication line that
carries messages in both directions

6
 Introduction
What is Computer Security ?

Computer security is a branch of computer

technology known as information security as
applied to computers and networks.

computer security means the protection of

computing systems and the data that they store
or access

8
 Basic Components of CS
computer security involves providing appropriate
levels of assurance of

– Availability of computing services and data/information

stored in computing systems

– Confidentiality of data/information stored in computing

systems

– Integrity of computing systems and data/information

stored therein
 Online Security Versus Online Safety

Security: We must
secure our computers
with technology in the
same way that we
secure the doors to
our offices
Safety: We must act
in ways that protect us
against the risks and
threats that come with
Internet use
 Risks and Threats

To Computer Security are :

Virus Hacking
Worm Phishing
Trojan Horse Spoofing
Spyware Denial of Service
Viruses/Worms
Software programs Trojan Horses
designed to invade
your computer, and Viruses that pretend to Spyware
copy, damage or be programs that help
you while destroying Software that secretly
delete your data watches and records
your data and damaging
your computer your online activities
or send you endless
pop-up ads
 Did You Know …

All of these types of attacks are man-made and

intentional.
There is no “natural” or “random” virus.
All of these ride the Internet services you invite in!
Internet services like : ( E-Mail, Peer To Peer
Sharing, Online Gaming, Instant Messaging,
Video and Audio Streaming )
 WHY IS COMPUTER SECURITY IS
Network topology IMPORTANT?

 Cyber Crime is on the rise

 Damage is Significant
 Cyber Security builds
 Our identities protect our data
 Every organization has vulnerabilities

14
 Network Security
Network topology
Devices, tools, techniques and methodologies
used to secure the network.
The basic component of network security is :
 Firewall .
 Encryption and Decryption : changing
plaintext into ciphertext using key (Encryption).
Changing ciphertext back to plaintext using key
(Decryption).
Two types of encryption : (Symmetric
Encryption, Asymmetric Encryption) .
15
Symmetric Cipher Model
Public-Key Cryptography
Network topology
INFORMATION SECURITY

The quality or state of being secure to be free from danger.

The architecture where an integrated combination of
appliances, systems and solutions, software, alarms and
vulnerability scans working together.
Monitored 24x7
Having People , Processes, Technology, policies, procedures
Security is for PPT and not only for appliances or devices.

18
Network topology

19
20
21
 3 PRINCIPLES OF INFORMATION
SECURITY

 Confidentiality measures are designed to prevent unauthorized

disclosure of information.

 Consistency includes protection against unauthorized changes

(additions, deletions, alterations, etc.) to data. The principle of
integrity ensures that data is accurate and reliable and is not
modified incorrectly, whether accidentally or maliciously.

 Availability is the protection of a system’s ability to make

software systems and data fully available when a user needs it (or
at a specified time).
22
 INFORMATION SECURITY VS. CYBER
SECURITY

 Information security differs from cyber security in both scope and

purpose. The two terms are often used interchangeably, but more
accurately.
 Cyber security is a subcategory of information security.
Information security is a broad field that covers many areas such
as physical security, endpoint security, data encryption, and
network security.
 It is also closely related to information assurance, which protects
information from threats such as natural disasters and server
failures.
23
 INFORMATION SECURITY POLICY

 An Information Security Policy (ISP) is a set of rules that guide

individuals when using IT assets.

 Companies can create information security policies to ensure that

employees and other users follow security protocols and
procedures.

 Security policies are intended to ensure that only authorized users

can access sensitive systems and information.

24
 TOP INFORMATION SECURITY THREATS

 Unsecure or Poorly Secured Systems

 Social Media Attacks
 Social Engineering
 Malware on Endpoints
 Lack of Encryption
 Security Misconfiguration

25
 TOP INFORMATION SECURITY THREATS

 Unsecure or Poorly Secured Systems - The speed and

technological development often leads to compromises in
security measures. In other cases, systems are developed
without security in mind, and remain in operation at an
organization as legacy systems.
 Social Media Attacks - Attackers can launch attacks directly
via social media, for example by spreading malware via social
media messages, or indirectly, by using information obtained
from these sites to analyze user and organizational 
vulnerabilities, and use them to design an attack.
26
 TOP INFORMATION SECURITY THREATS

 Social Engineering – Social engineering involves attackers

sending emails and messages that trick users into performing
actions that may compromise their security or divulge private
information. Attackers manipulate users using psychological
triggers like curiosity, urgency or fear.

 Malware on Endpoints- Organizational users work with a large

variety of endpoint devices, including desktop computers,
laptops, tablets, and mobile phones, many of which are privately
owned and not under the organization’s control, and all of which
connect regularly to the Internet.
27
 TOP INFORMATION SECURITY THREATS

 Lack of Encryption– Encryption processes encode data so that

it can only be decoded by users with secret keys. It is very
effective in preventing data loss or corruption in case of
equipment loss or theft, or in case organizational systems are
compromised by attackers.

 Security Misconfiguration- Modern organizations use a huge

number of technological platforms and tools, in particular web
applications, databases, and Software as a Service (SaaS)
applications, or Infrastructure as a Service (IaaS) from providers
like Amazon Web Services.
28
 ACTIVE VS. PASSIVE ATTACK

 Information security is intended to protect organizations against

malicious attacks. There are two primary types of attacks:
active and passive.

 Active attacks are considered more difficult to prevent, and the

focus is on detecting, mitigating and recovering from them

 Passive attacks are easier to prevent with strong security

measures.
29
 ACTIVE ATTACK
Information security is intended to protect organizations against An active attack
involves intercepting a communication or message and altering it for malicious
effect. There are three common variants of an active attacks:

Interruption—the attacker interrupts the original communication and creates new,

malicious messages, pretending to be one of the communicating parties.
Modification—the attacker uses existing communications, and either replays them to
fool one of the communicating parties, or modifies them to gain an advantage.
Fabrication—creates fake, or synthetic, communications, typically with the aim of
achieving denial of service (DoS). This prevents users from accessing systems or
performing normal operations.

30
 PASSIVE ATTACK

 In a passive attack, an attacker monitors, monitors a system and

illicitly copies information without altering it. They then use this
information to disrupt networks or compromise target systems.

31