Network Management and

Security
Group 7 – Carleen Grace De leon
Michael Vincent Mangili
 Network Management
 includes the activities, methods, procedures, and tools that pertain to the operation,
administration, maintenance, and provisioning of networked systems.

 Network Operation - deals with keeping the network up and running smoothly. It includes
monitoring the network to diagnose and identify problems as soon as possible, ideally before
users are get affected.

 Network Administration - deals with keeping track of resources or components in the network
and how these resources are assigned and do necessary steps to keep the network under
control.

 Network Maintenance - is concerned with performing repairs and upgrades.

 Network provisioning - is concerned with configuring resources or components in the network

to support a given service.

 FCAPS (Fault, Configuration, Accounting, Performance and Security) – a common way of

characterizing network management functions.

 Network Management System (NMS) - Is combination of hardware and software used to

monitor and administer a computer network or networks.
 NETWORK SECURITY THREATS
- Arepotential dangers than can affect the integrity,
confidentiality, and availability of the information and
systems in a network.
-It is performed by individuals or groups hoping to gain
unauthorized access to systems and steal data.
 POSSIBLE NETWORK SECURITY THREATS
Wiretapping
Impersonation
Message confidence violations
Message integrity violations
Hacking
Denial of service (DoS)
 POSSIBLE NETWORK SECURITY THREATS
WIRETAPPING - Means to intercept communication

Packet sniffer – can retrieve all packets on the net.

Inductance – process where an intruder can tap a wire without making physical
contact with the cable.
Microwave and satellite – higher possibility of interception due to wider
broadcasting.
 Optical fiber offer two significant security advantages:

- the entire optical network must be tuned carefully each time a new
connection is made. Therefore no one can tap an optical system without detection.
-Optical fiber carries light energy, not electricity. Light does not emanate a
magnetic field as electricity does. Therefore, an inductive tap is impossible on an
optical fiber cable.
 POSSIBLE NETWORK SECURITY THREATS
IMPERSONATION – Pretend to be someone (personnel) or something (process)

In an impersonation, the attacker has several choices:

- Guess the identity and authentication details of the target from a
previous communication
- pick up the identity and authentication details of the target
- circumvent or disable the authentication mechanism at the target
computer
-use a target that will not be authenticated
- use a target whose authentication Unknown
 POSSIBLE NETWORK SECURITY THREATS
MANAGEMENT CONFIDENTIALITY AND VIOLATION
-Mis delivery
-Exposure
-Traffic flow analysis
 POSSIBLE NETWORK SECURITY THREATS
MESSAGE INTEGRITY VIOLATIONS
-Falsification of messages

. Change the content of message

. Change any part of the content of the message
. Replace a message entirely
. Redirect a message
. Destroy or delete the message
- Noise – unintentional interference
 POSSIBLE NETWORK SECURITY THREATS
HACKING – a source of threat to security in computer communication

Hacker – considered as a separate threat because a hacker can develop tools to

search widely and quickly for particular weaknesses and move swiftly to exploit
weaknesses.
- in this way, hacker has unlimited time to analyze, plan, code, simulate and
test for future attack.
 POSSIBLE NETWORK SECURITY THREATS
DENIAL OF SERVICE – Result of actions that prevents any part of a
telecommunications system from functioning.
-Connectivity
-Flooding
-Routing problems
-Disruption of services
 RISK TO NETWORK SECURITY
 Top Network Security Risks:

1. Encryption
Encryption is a double-edged sword. In recent years, organizations have looked to
protect sensitive data by scrambling communications, what we know as encryption.
“End-to-end encryption” can create a false sense of comfort for consumers,
Bloomberg recently reported. The reality is that a hacker can control the device in a
variety of ways, including gaining access to the “full discussion regardless of what
security precautions are built into the app you are using.” Encryption essentially gives
hackers free rein to operate prior to their eventual detection and remediation.
2. Ransomware
Network-based ransomware can cripple systems and data. This threat is particularly
alarming as it does not rely heavily on the human element to execute and bring an
organization to its knees.
 RISK TO NETWORK SECURITY
*Preventative measures against ransomware include:
• Using Diverse Backups
• Keeping Antivirus Up-To-Date
• Maintaining Patch Updates
• Installing File and System Integrity Monitoring Software
• Compliance Maintenance
 RISK TO NETWORK SECURITY
3. DDoS Attacks
DDoS attacks come at a real cost. The severity and frequency of DDoS attacks have
many network managers concerned. Hackers infiltrate organizations by flooding
websites and networks with questionable traffic. Two avenues are emboldening
criminals in their nefarious endeavors. “DDoS for hire” services are one means through
which hacking/attack skills are offered in exchange for money.
*Ways to help defend against DDoS attacks include:
• Identifying unusual traffic activity
• Using the needed amount of bandwidth
• Avoiding the wrong response to extortion attempts
• Immediate contact with your ISP
• Developing a Comprehensive Approach to DDoS Security
 RISK TO NETWORK SECURITY
4. Insider Threats
*Insider abuse can include but is not limited to:
• Remote access to sensitive data
• Unauthorized deletion of data
• Unauthorized access to shared folders
• Unapproved hardware/software

- Utilizing a file integrity monitoring (FIM) software can help reduce the risk of costly
insider breaches, especially a FIM tool with integrity that helps with Zero Trust
Architecture (ZTA) strategy.
 RISK TO NETWORK SECURITY
5. Cloud Security
The security behind legitimate cloud services is being co-opted. As more
organizations gravitate toward the cloud for data storage and retrieval, hackers
have found a way in. They use the same legitimate services but may have ulterior
motives and can wreak havoc.
As Software-as-a-Service(SaaS) continues to grow, and services move to the cloud,
organizations still need to be wary of policies and procedures that can lead to a
false sense of responsibility and security for data in the cloud.
 RISK TO NETWORK SECURITY
6. SQL Injection
An SQL injection attack occurs when a cyber attacker uses code to access, change,
or destroy private company data. Attackers use vulnerabilities in your application
software to create a fake identity, manipulate company data, and even void
transactions or change balances in the books.
Regularly check your software for vulnerabilities to protect against this type of
attack. You will also want to monitor your file integrity continuously to remediate
changes that occur as a result of SQL injection attacks.
 RISK TO NETWORK SECURITY
7. Man-in-the-Middle Attacks
Also known as a MIM attack, a “man-in-the-middle” attack occurs when an attacker
“eavesdrops” on communication that should be private.
In this type of attack, the attacker may intercept an email, chat, or another message
between two parties. They can then use their access to spoof messages, alter data, or
engage in social engineering attacks.
Some examples of MIM attacks include:
• Wi-Fi hacking
• IP spoofing
• SSL hijacking
• DNS spoofing
How To Defend Against Network
Security Risks?

Utilizing file and system integrity monitoring software,

specifically one with auditing capabilities, flexible response
options, and automated detection processes, may decrease
the risk organizations face daily.
Network-wide file and system integrity monitoring can
establish total accountability with audit trails that cannot be
altered. It should also offer unique, advanced protection
against threats by providing admins with the ability to restore
systems and files to a prior state immediately.
 NETWORK PERFORMANCE MANAGEMENT
- Network performance management represents a proactive solution that helps identify and
reduce instances of bottlenecks or network issues that affect not only the end user, but also
the internal tasks associated with maintaining business operations.
Elements of network performance management (NPM)
1. Collect good data
- Having the appropriate performance metrics to review is a critical step in effective
network performance management. A complex network generates a wide range of data, and
sifting through that information to identify relevant performance clues can be a challenge.
2. Understand your metrics
- Identifying the metrics that give you the most comprehensive view of your multi-
layered network can increase awareness around areas of performance that experience
problems more frequently. Using that data, your IT team can create a set of network
management policies to mitigate issues and improve productivity and user experience.
 NETWORK PERFORMANCE MANAGEMENT
3. Automated data collection
- An effective network monitoring tool logs all performance issues, including
relevant information such as under what circumstances they occurred. Being able to
refer to a log of past concerns allows your team to assess problem areas that require
more in-depth investigation or closer monitoring.
4. Recognizing security issues
- Poor network performance is often the result of security threats such as
malware, which can quickly become a disaster for both your network, and your
business as a whole. The time, cost, and loss of reputation involved with a security
breach can be arduous. Implement a network monitoring system capable of finding
malware, unsecured network devices, and other network vulnerabilities so that your
team can develop protocols to prevent and manage weak points before end users or
confidential data is affected.
 Benefits Of Network Performance
Management
-With network performance management, you can closely monitor key metrics to
address issues like slow speeds, poor connectivity and system failures. Keeping
your network in good shape will ensure a seamless and efficient experience for all
users.
• Maximize network availability: Network performance management helps
optimize network resources and bandwidth usage, resulting in high-quality delivery
of critical services to end users and improved customer retention.
• Minimize network downtime: Real-time alerts and insights provided by network
performance management tools allow businesses to detect and troubleshoot
issues before they result in expensive downtime or outages, minimizing their
impact on the company.
 Benefits Of Network Performance
Management
• Enhance network scalability: As your business and network needs evolve, IT technicians can
leverage historical data and insights from the network management tools to make informed
decisions for topics such as scaling or reconfiguring the network.
• Secure network operations: Cybersecurity attacks often deplete network resources, so any
significant deviation in resource usage could indicate a potential security threat. By staying
vigilant and closely monitoring your network’s performance, you can help ensure the safety
and security of your organization’s valuable data.
• Optimize bandwidth usage: By monitoring the amount of data being transmitted across
devices, network performance management tools can pinpoint areas of inefficient
bandwidth usage and excessive network congestion, and hence help optimize network
performance and efficiency.
• Identify network performance trends: Network performance management tools leverage
machine learning and AI capabilities to identify patterns in large data sets that would
otherwise be impossible to discern. This data can inform decisions for future network
investments and upgrades, improving resource allocation and network performance.
 NETWORK SECURITY PROTOCOLS AND
TECHNOLOGIES
- Are tools and standard used to protect networks from security threats.

NETWORK SECURITY PROTOCOLS

HTTPS(Hypertext Transfer Protocol) – it encrypts data exchange between a web

server and a browser, providing confidentiality and integrity of information.
SSL/TLS (Secure Sockets Layer/Transport Layer Security – are cryptographic
protocols that provide secure communication over a computer network.
IPsec (Internet Protocol Security) – a suite of protocols used to secure Internet
Protocol (IP) communications by authenticating and encrypting each IP packet in a
data stream.
 NETWORK SECURITY PROTOCOLS AND
TECHNOLOGIES
NETWORK SECURITY TECHNOLOGIES
- a tool that protects a company’s
infrastructure from compromise by
disallowing the entry and spread of
cyber threats. As such, it maintains
the network’s usability and integrity.
- protects all corporate infrastructure
components, including the applications
that run on them.
 Types of Network Security Technology
Firewalls: A firewall controls the coming and going of network traffic based on
predetermined security rules. It keeps out unwanted traffic (e.g., coming from malicious
websites), malware, and other attack vectors.
Network segmentation rules: These rules define network component boundaries. Each
segment contains assets with common functions, risks, or roles. An example is a
perimeter gateway that separates the network from the Internet, which protects the
network from external threats and ensures that sensitive data remains inside. Some
companies set internal boundaries to provide even better security and access control.
Remote access virtual private networks (VPNs): A remote access VPN secures an
organization’s employees from cyber threats while working remotely. That ensures the
integrity of sensitive information via multifactor authentication (MFA), endpoint
compliance scanning, and data encryption.
Email security solutions: Email security systems include processes, products, and
services designed to protect a company’s email accounts and content safe from
external threats. These are used on top of the built-in features that come with email
services.
 Types of Network Security Technology
Data loss prevention (DLP) solutions: DLP solutions combine methodologies,
technologies, and best practices to avoid exposing sensitive data to users
outside an organization. This information includes personally identifiable
information (PII) and compliance-related data.
Intrusion detection and prevention systems (IDSs/IPSs): IDSs and IPSs detect
and prevent brute-force and denial-of-service (DoS) attacks and vulnerability
exploitation.
Antivirus or antimalware solutions: These solutions are installed on every
network-connected endpoint to detect and prevent the execution of
malware on a computer, tablet, and other corporate devices.
Load balancers: These devices distribute network or application traffic across
several servers. They increase the capacity and reliability of applications.
 NETWORK ACCESS CONTROL (NAC) AND
AUTHORIZATION
- Network access control (NAC) - also known as network admission control
- is the process of restricting unauthorized users and devices from gaining access to a
corporate or private network.
*Types of Network Access Control
1. Pre-admission
Pre-admission network access control occurs before access is granted. A user attempting to
enter the network makes a request to enter. A pre-admission network control considers the
request and provides access if the device or user can authenticate their identity.
2. Post-admission
Post-admission network access control is the process of granting authorization to an
authenticated device or user attempting to enter a new or different area of the network to
which they have not been granted authorization. To receive authorization, a user or device
must verify their identity again.
 Advantages of Network Access Control
1. Control the users entering the corporate network
2. Control access to the applications and resources users aim to access
3. Allow contractors, partners, and guests to enter the network as needed but restrict
their access
4. Segment employees into groups based on their job function and build role-based
access policies
5. Protect against cyberattacks by putting in place systems and controls that detect
unusual or suspicious activity
6. Automate incident response
7. Generate reports and insights on attempted access across the organization
 Common Use Cases for Network Access
Control
Bring Your Own Device (BYOD) - NAC policies can be extended to BYOD to ensure
that both the device and its owner are authenticated and authorized to enter the
network.
Internet-of-Things (IoT) devices - Security cameras, check-in kiosks, and building
sensors are just a few examples of IoT devices. Although IoT devices extend an
organization's network, they also expand its attack surface. Further, IoT devices
may go unmonitored or in sleep mode for long periods of time. NAC can reduce
risk to these endpoints by applying defined profiling measures and enforcing
access policies for different categories of IoT devices
Network Access for Non-employees - NAC is also helpful for granting temporary
access to non-employees, such as contractors, consultants, and partners. NAC can
allow access to such users so they can connect to the network seamlessly without
having to engage the IT team. Of course, the policies for non-employees have to be
different from those of regular employees.
 Capabilities of Network Access Control
 Policy Life-cycle Management - NAC enforces policies for all users and devices across the
organization and adjusts these policies as people, endpoints, and the business change.

 Profiling and Visibility - NAC authenticates, authorizes, and profiles users and devices. It also
denies access to unauthorized users and devices.

 Guest Networking Access - NAC enables an organization to manage and authenticate temporary
users and devices through a self-service portal.

 Security Posture Check - It evaluates and classifies security-policy compliance by user, device,
location, operating system, and other criteria.

 Incidence Response - NAC reduces the number of cyber threats by creating and enforcing
policies that block suspicious activity and isolate devices without the intervention of IT
resources.

 Bi-directional integration - NAC can integrate with other security point products and network
solutions through the open/RESTful application programming interface (API).
 NETWORK ACCESS CONTROL (NAC)AND
AUTHORIZATION
Authorization is the process of granting or denying access to system resources
based on predefined criteria. Authorization is an important measure in computer
security, as it helps to protect information and systems from unauthorized
access.
- Authorization is often used in conjunction with authentication, which is
the process of verifying the identity of a user or program.
 Three Types Of Authorization:
1. Mandatory Access Control (MAC) -where the system determines what access a
user has,
2. Discretionary Access Control (DAC) - where the owner of the data determines
what access a user has,
3. Role-Based Access Control (RBAC) - where an administrator assigns different
roles to users and determines what access those users have to specific data.
- the most common type of Authorization in use today.
 What is the use of authorization in
Computer Security or Internet Security?
- Authorization is the function of specifying access rights.
- Authorization is what allows or denies users access to specific files, folders, or applications on the
network.
*Two aspects of authorization that are important in computer security:
1. what is being authorized? and,
-Authorization can be used to control access to specific files, folders, or applications. It can also be
used to control access to specific resources on the network, such as printers or databases.
2. who is doing the authorizing?.
- Authorization can be done by an administrator, or it can be done by the operating system. The
administrator is typically someone who has been given specific permissions to authorized users. The
operating system is the software that controls the computer. It is responsible for enforcing security policies
and for authorizing users.
END………