As we learnt in the previous lesson, there are many types of attacks and threats that a network can be subjected to. For this reason, we need to try to find ways to prevent attacks occurring. It can be extremely helpful in preventing attacks if we are able to identify any threats that a network may be subjected to. There a number of methods we can use to identify and prevent areas of a network that could be vulnerable.

​

Penetration Testing

In order to test the security of a network, a company can employ a team of people to simulate potential attacks on their network. This is called penetration testing or (pen testing). This can be carried out manually by individuals who carry out attacks and reveal any security weak points. It can also be carried out by automated software that will perform a series of attacks.

​

Penetration testing normally involves:

• looking for a possible vulnerability 

• setting up an attack 

• carrying out the attack 

• testing the ability to recover any compromised data after the attack.

​

People who carry out penetration testing are often referred to as ethical hackers, or white-hat hackers.

​

Network forensics

Network forensics is carried out on a network to find out the cause of a network attack. The packets that have entered a network can be analysed to find the cause and source of the attack. The data can be used to develop the security of a network and prevent further attacks from occurring. 

​

Some organisations carry out network forensics on an ongoing basis. Data packets are analysed as they enter the network and the data from this is captured and stored. At periodic intervals, the stored data is analysed and checked for any issues. This is normally done in batches. 

​

Network policies

It is essential that a company has a well-thought-out and thorough network policy in place. This should include:

• Regular testing of the system to find any vulnerabilities. 

• Regular updating of the system to make sure both hardware and software are as up to date as possible.

• Limiting the access of data to those who should only have access to it.

• Installing and updating any security measures that will strengthen the security of a network.

• Monitoring the use of the network by users and making sure it follows the acceptable use rules in place.

• Regularly backing up data so that it is not lost in the event of an attack.

​

Anti-malware software

This kind of software is designed to find any malware that has been downloaded onto a user's system. The anti-malware software will search a computer system to look for any malware. If it finds malware it will isolate it and quarantine it, the malware can then be deleted. 

​

If malware is found on a system, it may need to be scanned a number of times before the malware is completely eradicated. This is because it can often have the ability to hide in different files and folders.

​

Firewalls

A firewall is a network security system that can either be hardware or software based. It uses sets of rules to control network traffic coming into and going out of a network. All traffic that is allowed into and out of the network is defined in the firewall policy. Any traffic that is unauthorised is rejected and does not gain access to the network, or is not allowed to leave the network. The rules that are set out in a firewall policy are designed to recognise malicious traffic and to deny it access.

​

User access levels

The levels of access that are granted to users control the data and the parts of the network that users have access to. Limiting access to sensitive and confidential data with levels of access can help to keep data more secure. This helps mostly with any kind of insider attack that may occur, or with a social engineering attack.

​

The levels of access that a user is granted is normally linked to their username.

​

Passwords

To help prevent unauthorised access to a network, users must be encouraged to set strong passwords. A strong password is one that:

​

• Is more than a few characters in length, e.g. more than eight

• Uses a combination of letter, numbers and symbols

• Uses a combination of lower-case and capital letters

• Is not identifiable data that is easily linked to the user, e.g. birthday, pet name

• A strong password will be much harder to crack and is far less likely to be generated by software in a brute-force attack. It is also advisable to regularly change passwords.

​

 

Encryption​

When we store data on a network it is always going to be at risk.

We need to do everything we can to protect this data, and one of

the things that we can do is encrypt the data that we store.

This way, even if a hacker gains access to the data, it will not be of

much use to them as they are not able to read it.

​

​

​