Describe how data moves around a network
A network exists when you have two or more devices that share data. As you saw in the previous unit, a network is composed of many different physical parts that work together to ensure your data gets to where it’s needed. This transmission of data across a network is enabled by a suite of communication protocols, often referred to as TCP/IP. It’s named after the two main protocols: Transmission Control Protocol (TCP), which handles the connection between two devices, and Internet Protocol (IP), which is responsible for routing information across the network.
Every network on the planet shares and moves data every second of the day. This data comes in every shape and size, from a simple message to images, and even the movies that are streamed to your home.
The datagram or packet
Networks exist to help make device-to-device or system-to-system communication easier. Whatever the size of data, it all needs to be broken down into tiny, uniform chunks. These chunks are called datagrams but are also more commonly known as packets.
Imagine that you want to stream a movie to your device. Given the enormous size of the data involved, the streaming server can’t give you the whole movie in one go. Instead, the movie is broken up into billions of packets. Each packet contains a small part of the movie, which is then sent to your device. Your device has to wait until enough packets have been received before you can start watching the movie. In the background, the server continues to send a steady stream of packets to your device just ahead of what’s being displayed. If your network speed slows down, then the packets may not reach you in time. The picture you see might become distorted or blocky and there may be gaps in the sound.
IP addresses
When you want to send a letter to a friend, you’ll first write it out before putting it in an envelope. Next you’ll write your friend’s address on the envelope before posting it. The postal service collects the letter, and through various sorting offices, eventually delivers it.
Networks operate in a similar manner. The message is contained in the packet, like an envelope. Then the sender and recipient addresses are added to the packet.
The primary function of the Internet Protocol (IP) is to ensure that every device on a network can be uniquely identified. Before a packet is sent across the network, it must be told the IP address of where it’s going, and the IP address of where it’s come from.
There are presently two standards of IP address: the IPv4 and the IPv6. The details are beyond the scope of this module, but the most common type of IP address, and the one you may be familiar with, is IPv4. This is made up of four groups of digits separated by a dot, for example: 127.100.0.1.
DNS
Just like every device on a network needs a unique IP address, every public facing website has its own IP address. You could use the IP address to visit your favorite online retail store, bank, or streaming video service. But with so many websites available, that would be difficult to remember. Instead, you type the name of the service you’re looking for into your browser and it takes you to the website you want. This is all thanks to the domain name service or DNS.
The DNS holds a table that has the name of the website, for instance microsoft.com, which maps to its corresponding IP address. Your browser uses this to find the actual website in much the same way as you might use a phone book to find a telephone number.
Each time your device connects to the internet, it uses a local DNS server to find the name of the website you’re looking for. If the DNS can’t find the site, it checks other DNS servers. If the site can’t be found, or the request times out, you’ll get an message you’ve probably encountered before: the 404 page not found error.
Routing
When the IP addresses have been added to the packet, it’s ready to be transmitted across the network. If the IP address exists on your network, the packet is sent directly to the device. However, if the IP address is outside of your network, it will need to go via a router. A router is a physical device that connects one network to another.
Using our letter scenario, if your friend was only a few streets away, you might decide to deliver the message by hand. Your friend is within your local network.
However, if your friend is in a different city or country/region, you’ll need to post the letter and let the mail service deliver it. In this instance, the postal service is the router. It takes the message from your network, then finds the best route to get it to your friend’s network for delivery.
Describe threats to network security
Networks are the backbone of the modern world, enabling us to communicate, shop, play, and work from anywhere. They allow access to a vast amount of information not only about ourselves, but also for businesses. That makes networks the prime target for cybercriminals who see information as the new currency. Weak network security risks exposing sensitive critical data and, damaging the confidentiality, availability, and integrity of the data being stored.
Understanding threats is a key part of building a strong security network.
Common network attacks
The ways in which networks can be attacked are too numerous to cover here. Let’s consider the more common ones:
- Man-in-the-middle or eavesdropping attack – this type of attack can occur when cybercriminals compromise or emulate routes in the network, allowing them to intercept the packets of information. Think of this as a form of wiretapping. This allows attackers to not just steal data but also compromise its integrity.
- Distributed denial of service (DDoS) attack – the objective of a DDoS attack is to compromise the availability of the targeted network or service. Attackers do this by bombarding the targeted network or service with millions of simultaneous requests, from sources that are distributed across the network, overwhelming it and causing it to crash.
Video animation
In this short video, you’ll see a simulation of how each of these attacks work. For the man-in-the-middle attack, to keep it simple, we’ve chosen to only use one route. With the DDoS attack, hundreds of thousands, or even tens of millions, of computers are used. Again for simplicity, we’ll only show a handful.
Common DNS attack
A DNS attack looks to exploit weaknesses in the DNS server because they’re designed for efficiency and usability, and not with security in mind. A common DNS attack is DNS poisoning. This is where the attacker changes the IP addresses in the DNS lookup tables to divert traffic from a legitimate site to a bad site that might contain malicious links or other malware.
Common wireless attacks
Wireless networks allow our devices to seamlessly connect to networks everywhere. In your home, the wireless network allows your smartphone, and always-on IoT devices to connect to the internet. The broad availability of these networks makes them the perfect target for cybercriminals. There are many different ways to attack a wireless network:
- Wardriving – the term Wardriving was popularized by a couple of 1980s movies. The attacker, typically operating from a vehicle, searches for unsecured wireless networks that have vulnerabilities. Most wardriving attacks seek to use your network for criminal activities, like hacking other computers and stealing personal information.
- Spoofing Wi-Fi hotspots – This is similar to a man-in-the-middle attack. The attacker uses their laptop, or a device connected to it, to offer a network access point that mimics a genuine access point. For example, if you’re in a coffee shop looking to access the internet using their guest Wi-Fi, you might see a couple of access points that show the name of the business. One of those could be from a bad actor. If you connect to the bogus access point, anything you do over the network can be intercepted. It also allows the cybercriminal to direct you to bad websites or capture your private data.
Bluetooth attack
There has been a growth in Bluetooth devices, from smart watches and audio devices to device-to-device communication. Attacks on Bluetooth networks are less common than for wireless, mostly because the criminal needs to be within range of your device – but it’s still a valid attack vector. A Bluejacking attack is where a criminal sends unsolicited messages to any Bluetooth-enabled device that’s within range of their own. Bluejacking is similar to when someone rings your doorbell and then runs away before you can answer. It’s mostly an annoyance.
Protect your network
Network protection is an essential part of a robust security policy. As you saw in the previous unit, there are numerous ways in which a network can be attacked. There’s no single solution that will protect your network; however, the majority of these attacks can be mitigated by using a combination of hardware and software solutions.
How a firewall protects your network
A firewall is typically the first line of defense in your network. It’s a device that sits between the internet and your network, and filters all traffic going in and out. A firewall can be software or hardware based, but for the best protection, it’s good to have both types. A firewall monitors incoming and outgoing traffic. Using security rules, it will keep out unfriendly traffic, while allowing authorized traffic to pass freely.
Maintaining a healthy network using antivirus
Viruses come in all shapes and sizes and none of them are good for the devices and servers that use your network. Cybercriminals use viruses for many purposes, from obtaining user credentials so they can access your network, to more harmful types that encrypt all the data on a device or server unless you pay vast sums of money. Much like your body will fight off a virus when it gets infected, computers can also be protected with antivirus software. When antivirus software is installed it will run in the background, scanning all data that arrives on the device. A detected virus will automatically be deleted to prevent the user from accidentally running it.
You can now get antivirus protection for most devices, including servers, computers, tablets, smartphones, and any other internet-connected devices.
Improve authentication using network access control
While a firewall keeps unwanted devices from accessing your network, you still need to control the ones that you do want to use it. Network access control (NAC) is a security solution that manages device and user access through strict policy enforcement. Device policies control what can be done on the network and limit what the user does on a device. Through NAC, you can improve security by requiring everyone to use multifactor authentication to sign in to the network. NAC allows you to define the devices and users that can access network assets, reducing threats and stopping unsanctioned access.
Split your network into parts
Every room in your home has a different purpose, such as the kitchen, lounge, dining room, study, bedrooms, and bathrooms. You can control access to each of these rooms by attaching digital locks to all the doors. As a guest arrives, you can grant them a key that permits them to use specific rooms in your home. You can do the same kind of thing with your network using the concept of network segmentation.
Network segmentation creates boundaries around critical operations or assets, in much the same way as you’d put your finance team in their own office. It improves the integrity of your network assets by ensuring that, even if your network is breached, the attacker can’t reach the segmented areas.
Secure connections using a virtual private network
A virtual private network (VPN) serves as a dedicated and secure connection, between a device and a server, across the internet. A VPN connection encrypts all your internet traffic and then disguises it so it’s impossible to know the identity of the original device. This type of secure connection makes it difficult for cybercriminals to track activities and obtain your data. If you’ve ever connected to your work network from a public Wi-Fi hotspot, such as at an airport, you most likely used a VPN. The VPN establishes a secure connection over an insecure public network. VPN providers have become very common not just for remote work scenarios but also for personal use.
Encrypt your wireless network
Whether you’re setting up a wireless access point in your home or place of work, enabling encryption is critical to protecting against attacks. Wi-Fi Protected Access 2 (WPA2) is the most commonly used Wi-Fi encryption method. It uses the Advanced Encryption Standard (AES) to secure the connection.
Describe device-based threats and security controls
Introduction
In our modern world, people and organizations rely on connected devices to meet their most vital day-to-day needs. Devices access and store important business and personal data, while continuously collecting information about us. As a result, cybercriminals target devices to gain unauthorized access and control of valuable data, creating havoc to users and organizations. In this module, you’ll learn how to guard against device-based cyberattacks to protect data and mitigate the impact for people and organizations.
- 1 minute
By the end of this module, you’ll be able to:
- Describe what your device knows about you.
- Describe how devices and become cybersecurity threats.
- Describe how to mitigate against device-related threats.
Describe what your device knows about you
Completed100 XP
- 4 minutes
Devices are an important part of everyday life and we depend on them for so many things. To do their job efficiently, devices need to capture, store, and share all kinds of sensitive information about us. We might not realize the extent to which we use some devices; they’ve become almost invisible to us. To protect the sensitive information to which our devices have access, we should be aware of how we’re using them, either consciously or subconsciously.
What are devices?
When you hear about a “device”, what’s the first thing that comes to mind? You’ll probably think about the ones you’re familiar with, such as your phone, laptop, or tablet. Devices encompass a lot more than this. For example:
- USB drives.
- Any device connected to your home network, including always-on home assistance devices, printers, TVs, appliances, door cameras, printers, and more.
- Car dashboards, including the navigation system and voice control.
- Wi-Fi hotspots.
From our homes to our offices and everywhere in between, we come into contact with devices.
Let’s look at Kayla. At home, she’s surrounded by devices like her phone, always-on home assistant, tablet, smart watch, wireless router, and more.
The takeaway here is that we should expand what comes to mind when we think about devices. It’s important to do this because, in the context of cybersecurity, these can all be considered as threat vectors—targets for cybercriminals who want to cause harm.
Devices and data
Why are devices an integral part of our lives? It’s largely because they collect and store information, and keep us connected to other devices and services.
Think about the convenience of receiving real-time traffic information on your cell phone or the annoyance when adverts are delivered to your device, based on your internet search history. This type of targeted content is sent because our devices, through their applications, collect enormous amounts of information about us. This includes location details, websites visited, how long we stay on a site, and much more.
Connected devices also enable us to easily access and share information. For example, you’ve probably used your cell phone to share family photos with your friends, access a work document, or pay for something at a store.
Whether you use the device for work or personal business—or both—the accessible information is often sensitive and private. Cybercriminals know this and try to compromise devices as a means to access data.
Devices as threat vectors
While devices help us to get our work done, and go about our daily lives, they also present opportunities to cybercriminals who want to cause harm. This is because they’re threat vectors—they provide different ways in which cybercriminals can carry out attacks. For example:
· Phone, laptop, or tablet – downloading a malicious app might result in the device being contaminated with malware that can exfiltrate sensitive data stored locally, without the user’s knowledge. This compromises confidentiality and integrity because the cybercriminal can now view or modify the data.
· USB drives – cybercriminals can put malicious software or files on a USB drive and insert it into a device like a laptop. The drive could, for example, run ransomware, meaning the availability of the data has been compromised because it’s locked in return for a ransom.
· Always-on home assistant devices – these devices are always listening or watching. A cybercriminal can put malicious software on the app stores for these devices. If a user then installs it, the cybercriminal could, for example, attack the device with spyware to secretly record information, and compromise data confidentiality. They could also move laterally to other home devices, and compromise their data.
Device vulnerabilities
A device can become compromised because of poor health, either because it doesn’t have the latest security updates, or it has weak authentication. If you connect this type of device to a Wi-Fi hotspot—in an airport, for example, it’s an easy target for attackers. They know the common vulnerabilities of devices and applications, and how to gain unauthorized access.
After an attacker gains access, they can run scripts to install malware. In most cases, malware like back doors or botnets can persist on the device even after it’s updated. This causes further damage when a user connects the infected device to a work or home network.
Some users want to gain more control of their devices for customization or other purposes, and might resort to jailbreaking. This is where a user finds unofficial ways to get full access to the core systems of a device. The device becomes vulnerable because this action might circumvent security measures. This gives cybercriminals the opportunity to provide false guidance or software that compromises the device.
Any connected device has the potential to be a threat vector if it’s not properly secured. Having learned this, we can now think about the different ways in which we protect our devices.
Mitigation measures
There are different ways to protect devices and data. Let’s look at a few of the common ones:
Device hardening
Device hardening is how you minimize the possibility of having device vulnerabilities that can be exploited. You can use the following methods:
· Make sure devices have the latest security updates.
· Turn off any unused devices.
· Enable security features supported through the device operating system.
· Require PIN or biometrics, such as facial recognition, to access devices.
Many modern operating systems have capabilities that support device hardening. For example, users can enable automatic operating system updates to help protect against known vulnerabilities and ensure continued availability of the device. Updates also support security features such as virus and threat protection, and firewall functionality.
These features are easily enabled and can help keep your connected device secure to maintain the confidentiality and integrity of accessible data.
Encryption
Encryption is a process that turns information on the device into unintelligible data. The only way to make this information useful is to reverse the encryption. This requires a specific password or key that’s only available to the authorized user. When the information is encrypted, it becomes useless without the correct key or password. This way, data confidentiality is maintained. The contents of a device can be encrypted in many different ways. For example, some operating systems come with built-in tools that enable you to encrypt your computer’s hard drive or any storage device you connect to it.
Limit application device access
So far, we’ve looked at the different ways in which applications and devices might be compromised, and the steps you can take to mitigate threats. However, one of the more overlooked attack vectors is when someone directly uses your apps on the physical device.
Suppose you’ve left your smartphone on the desk and hurried off for an urgent meeting. A bad actor could use your phone to access any of your apps. They could send messages, access bank accounts, and make purchases—all by using apps from your device. If they’re smart, they’d leave the device where they found it, so you would never know.
This threat also applies to your work computer. Suppose you’re busy working on important and sensitive data, and step away from your computer to get a coffee. A criminal could now use the unsecured computer to look up secret or sensitive data, or download it to a USB drive.
In these two cases, everything the bad actor does will be logged and tracked in your name. There’s little chance that the bad actor’s actions will be traced back to them, and you’ll have to deal with the fallout and clean-up.
The best way to limit access to your applications is to ensure that they’re closed or secured when you aren’t using them. You do this by locking a device when you step away from it. If the device is small enough, keep it with you.