Network Security Methods
- Network security is essential for protecting data, ensuring privacy, and maintaining the integrity of communication systems.
- As networks grow more complex, the risks of attacks increase, and so do the methods used to defend against them.
Here are examples of a few widely used techniques for the defence.
Encryption
Encryption
The process of converting data into a coded format to prevent unauthorised access.
Encryption works by transforming readable data (plaintext) into an unreadable code (ciphertext) using a mathematical algorithm and a key.`
It can be of two types.
Symmetrical:
- Uses the same key for both encryption and decryption.
- Examples: AES (Advanced Encryption Standard), DES (Data Encryption Standard).
- Advantages:
- Fast and efficient, especially for large amounts of data.
- Requires less computational power than asymmetric encryption.
- Disadvantages
- Key distribution problem: How can two parties securely share the key?
- Scalability: More users = more keys to manage.
Banks often use AES for encrypting transactions because it is fast and efficient, making it ideal for large-scale real-time systems.
And asymmetrical (public key):
- Uses a pair of keys: a public key for encryption and a private key for decryption.
- Examples: RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography).
- Advantages:
- Secure key exchange — no need to share secret keys.
- Easier to scale for large networks.
- Disadvantages:
- Slower than symmetric encryption.
- Requires key verification to prevent man-in-the-middle attacks.
While encryption itself has many advantages and disadvantages, there are also other problems when it comes to security risks.
Encryption animation
Authentication and Access Control
OWASP Top 10 declares that the top vulnerability found in 94% cases is broken access control.
Hence, it is essential to understand what policies we can introduce to fix the issue:
- User IDs
- Each user has a unique identifier.
- Used with passwords or multi-factor authentication (MFA).
- Ensures only authorised individuals have access to resources.
- Trusted Media Access Control (MAC) Addresses
- Each device has a unique hardware identifier.
- Networks can restrict access to specific MAC addresses.
- Such methods are simple to implement in small networks, but are vulnerable to spoofing, where attackers fake a MAC address.
- Although simple to implement in small networks, it becomes challenging to manage on large networks.
- Such countermeasures are vulnerable to spoofing, where attackers fake a MAC address.
- Additionally, for some critical applications, such as banks or government internal documentation, some agencies might require biometric authentication to access and/or modify specific information.
- For instance, scanning your fingerprint, eye or entire face.
Wireless Security Protocols
Over time, security protocols have evolved significantly, alongside improvements in encryption methods.
WEP (Wired Equivalent Privacy)
- An early standard for Wi-Fi security.
- Easy to configure, but it is vulnerable to attacks.
WPA and WPA2 (Wi-Fi Protected Access)
- Successors to WEP.
- WPA2 uses AES encryption for strong protection.
- Common in homes, schools, and businesses.
WPA (Wi-Fi Protected Access) was created as a quick fix to replace WEP, but today it is considered dangerous and insecure because:
- Weak Encryption (TKIP):
- WPA mostly uses TKIP (Temporal Key Integrity Protocol), which is outdated and vulnerable to modern attacks.
- Hackers can capture packets and eventually break the encryption.
- Susceptible to Dictionary Attacks:
- If users choose weak Wi-Fi passwords, attackers can easily guess them using brute force or dictionary attacks.
- Man-in-the-Middle Attacks:
- WPA does not provide as strong protection against interception as WPA2 or WPA3.
- Attackers can sometimes trick devices into connecting to fake access points.
WPA3
- The latest standard with stronger protection.
- Features forward secrecy, so past data remains secure even if keys are exposed.
Unfortunately, WPA3 is not yet supported on all devices.
Firewalls and Antivirus Software
Firewalls
Firewalls are security devices that monitor and control network traffic based on predetermined rules. They act as a barrier between trusted and untrusted networks.
There are 2 types of firewalls: hardware (entire) and software (individual devices).
- Advantages:
- Blocks unauthorised traffic.
- Can be customised for different security needs.
- Disadvantages:
- Misconfiguration creates vulnerabilities.
- May slow down performance.
Check if your OS has a firewall enabled!
Antivirus
Software that detects, prevents, and removes malware.
- Advantages:
- Provides real-time protection against a wide range of threats.
- Disadvantages:
- Can reduce performance.
- Sometimes produces false positives.
Method Evaluation
How can we choose what protection to set up?
| Method | Advantages | Disadvantages |
|---|---|---|
| No Security | High speed, no setup | Fully vulnerable to attacks |
| Password Protection | Simple to implement | Weak passwords can be cracked |
| MAC Address Filtering | Adds extra control | Easily bypassed via spoofing |
| Network encryption (WPA2/WPA3) | Strong protection | May need hardware upgrades |
| Firewalls | Effective filtering | Can be complex to configure |
| Antivirus Software | Wide threat protection | Can slow devices |
Ethical and Social Considerations
While improving security is a generally good thing to do, it also highlights multiple ethical dilemmas:
- Data Privacy: Encryption protects user data but raises questions about surveillance.
- Wireless Vulnerabilities: Open Wi-Fi networks increase risks, but is beloved by users.
- Balancing Security vs. Accessibility: Excessive restrictions may frustrate users or limit freedom.
- How do symmetric and asymmetric encryption complement each other in real-world systems?
- Why is relying only on passwords not enough for modern security?
What are the ethical implications of monitoring user activity, for instance, in a school network?
