COMPUTER SYSTEM

SERVICING 4
Second Semester
Quarter 1 Module 2

NETWORK SECURITY

Name of Student:
 Specific Objectives:
WHAT I NEED At the end of the lesson, you should achieve the following objectives:
TO KNOW After going through this lesson, you should be able to:
1. Understand network security concept;
2. Identify the types of network security attacks; and
3. Show the importance of network security.

WHAT I KNOW

DIRECTION: Read the fol l ow ing statement. W rite T rue if the statement is
correct and w rite Fal se if it is incorrect.
__________1. Network Security protects your network and data from breaches, intrusions
and other threats.
__________2. A key component of maintaining confidentiality is making sure that people
without proper authorization are prevented from accessing assets important to your
business.
__________3. Network Security is vital solely in protecting client data and information
__________4. Security attacks is an unauthorized attempt to steal, damage, or expose data
from an information system such as your website.
__________5. Passive Attacks attempts to alter system resources or effect their operations.
__________6. Active Attacks attempts to learn or make use of information from the system
but does not affect system resources.
__________7. Passive attacks are in the nature of eavesdropping on or monitoring of
transmission.
__________8. Active attack involve some modification of the data stream or creation of
false statement.
__________9. - malware is a catch-all term for any type of malicious software designed to
harm or exploit any programmable device, service or network.
__________10. Double-factor authentication provides a security barrier to authentication
by finding it difficult for outsiders to enter computers or the internet activity of individuals.

WHAT IS IT

TRIVIA:
Data is more valuable than oil and is the most expensive assets in the world
Network Security
Network Security protects your network and data from
breaches, intrusions and other threats. This is a vast
and overarching term that describes hardware and
software solutions as well as processes or rules and
configurations relating to network use, accessibility,
and overall threat protection. The network security
protects the data’s confidentiality, integrity and
availability.
CIA Triad of Network Security
Confidentiality - involves the efforts of an organization to make sure data is kept secret or
private. To accomplish this, access to information must be controlled to prevent the
unauthorized sharing of data—whether intentional or accidental.
1
A key component of maintaining confidentiality is making sure that people without proper
authorization are prevented from accessing assets important to your business. Conversely, an
effective system also ensures that those who need to have access have the necessary
privileges.

Integrity - involves making sure your data is trustworthy and free from tampering. The integrity of
your data is maintained only if the data is authentic, accurate, and reliable.

Availability - even if data is kept confidential and its integrity maintained, it is often useless
unless it is available to those in the organization and the customers they serve. This means that
systems, networks, and applications must be functioning as they should and when they should.
Also, individuals with access to specific information must be able to consume it when they
need to and getting to the data should not take an inordinate amount of time.

Benefits of Network Security

Network Security is vital in protecting client data and information, keeping shared data secure
and ensuring reliable access and network performance as well as protection from cyber
threats. A well-designed network security solution reduces overhead expenses and safeguards
organizations from costly losses that occur from a data breach or other security incident.
Ensuring legitimate access to systems, applications and data enables business operations and
delivery of services and products to customers.

Security Attacks
Security attacks is an unauthorized attempt to steal, damage, or expose data from an
information system such as your website.

Category of Security Attacks

Passive Attacks - attempts to learn or make use of information from the system but does not
affect system resources. Passive attacks are in the nature of eavesdropping on or monitoring of
transmission. The goal of the opponent is to obtain information that is being transmitted.

Active Attacks - attempts to alter system resources or effect their operations. Active attack
involve some modification of the data stream or creation of false statement.

2
Types of Security Attacks

3
1. Social Engineering Attack - typically involve some form of psychological manipulation,
fooling otherwise unsuspecting users or employees into handing over confidential or
sensitive data. Commonly, social engineering involves email or other communication that
invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal
sensitive information, click a malicious link, or open a malicious file. Because social
engineering involves a human element, preventing these attacks can be tricky for
enterprises.

2. Malware Attack - malware is a catch-all term for any type of malicious software designed to
harm or exploit any programmable device, service or network. Cybercriminals typically use
it to extract data that they can leverage over victims for financial gain. That data can
range from financial data, to healthcare records, to personal emails and passwords.

Types of Malware
a. Virus
Possibly the most common type of malware, viruses attach their malicious code to clean
code and wait for an unsuspecting user or an automated process to execute them. Like a
biological virus, they can spread quickly and widely, causing damage to the core functionality
of systems, corrupting files and locking users out of their computers. They are usually contained
within an executable file.
b. Worms
Worms get their name from the way they infect systems. Starting from one infected
machine, they weave their way through the network, connecting to consecutive machines in
order to continue the spread of infection. This type of malware can infect entire networks of
devices very quickly.
c. Spyware
Spyware, as its name suggests, is designed to spy on what a user is doing. Hiding in the
background on a computer, this type of malware will collect information without the user
knowing, such as credit card details, passwords and other sensitive information.
d. Trojans
Just like Greek soldiers hid in a giant horse to deliver their attack, this type of malware
hides within or disguises itself as legitimate software. Acting discretely, it will breach security by
creating backdoors that give other malware variants easy access.
e. Ransomware
Also known as scareware, ransomware comes with a heavy price. Able to lockdown
networks and lock out users until a ransom is paid, ransomware has targeted some of the
biggest organizations in the world today — with expensive results.

3. Password Attack - a password attack refers to any of the various methods used to maliciously
authenticate into password-protected accounts. These attacks are typically facilitated through
the use of software that expedites cracking or guessing passwords.
a. Brute-Force Attack
A brute-force attack is a type of password attack where hackers make numerous hit-or-
miss attempts to gain access. It is a simple attack and often involves automated methods, such
as software, for trying multiple letter-number variations.
b. Dictionary Attack
A type of brute-force password attack, a dictionary attack is based on a list of
commonly used words and phrases, as well as often-used passwords. To avoid having to crack
a long list of possible passwords, attackers narrow down the list to what’s known as dictionary
words.

4
c. Keylogger Attack
A keylogger is spyware that records a user’s activity by logging keyboard strokes.
Cybercriminals use keyloggers for stealing a variety of sensitive data, from passwords to credit
card numbers. In a password attack, the keylogger records not only the username and
password but also the website or app where those credentials are used, along with other
sensitive information.

4.Denial of Service (DOS) Attacks - DOS attacks work by flooding systems, servers, and/or
networks with traffic to overload resources and bandwidth. This result is rendering the system
unable to process and fulfill legitimate requests.

5. Phishing Attacks- Phishing attacks are extremely common and involve sending mass
amounts of fraudulent emails to unsuspecting users, disguised as coming from a reliable
source. The fraudulent emails often have the appearance of being legitimate but link the
recipient to a malicious file or script designed to grant attackers access to your device to
control it or gather recon, install malicious scripts/files, or to extract data such as user
information, financial info, and more. Phishing attacks can also take place via social networks
and other online communities, via direct messages from other users with a hidden intent.
Phishers often leverage social engineering and other public information sources to collect info
about your work, interests, and activities—giving attackers an edge in convincing you they’re
not who they say.

a. Email Phishing
Arguably the most common type of phishing, this method often involves a “spray and
pray” technique in which hackers impersonate a legitimate identity or organization and send
mass emails to as many addresses as they can obtain. These emails are often written with a
sense of urgency, informing the recipient that a personal account has been compromised and
they must respond immediately. Their objective is to elicit a certain action from the victim such
as clicking a malicious link that leads to a fake login page. After entering their credentials,
victims unfortunately deliver their personal information straight into the scammer’s hands.

b. Spear Phishing
Rather than using the “spray and pray” method as described above, spear phishing
involves sending malicious emails to specific individuals within an organization. Rather than
sending out mass emails to thousands of recipients, this method targets certain employees at
specifically chosen companies. These types of emails are often more personalized in order to
make the victim believe they have a relationship with the sender.

c. Whaling
Whaling closely resembles spear phishing, but instead of going after any employee
within a company, scammers specifically target senior executives (or “the big fish,” hence the
term whaling). This includes the CEO, CFO or any high-level executive with access to more
sensitive data than lower-level employees. Often, these emails use a high-pressure situation to
hook their victims, such as relaying a statement of the company being sued. This entices
recipients to click the malicious link or attachment to learn more information.

d. Smishing
SMS phishing, or smishing, leverages text messages rather than email to carry out a
phishing attack. They operate much in the same way as email-based phishing attacks:
Attackers send texts from what seem to be legitimate sources (like trusted businesses) that
contain malicious links. Links might be disguised as a coupon code (20% off your next order!) or
an offer for a chance to win something like concert tickets.
5
e. Vishing
Vishing—otherwise known as voice phishing—is similar to smishing in that a phone is used
as the vehicle for an attack, but instead of exploiting victims via text message, it’s done with a
phone call. A vishing call often relays an automated voice message from what is meant to
seem like a legitimate institution, such as a bank or a government entity.

Network Security Measures

1. Two-way Authentication
Double-factor authentication provides a security barrier to authentication by finding it difficult
for outsiders to enter computers or the internet activity of individuals. You must check the CVV
number of your account when making online transactions, so you get another verification with
your contact phone.

2. Using Secure Passwords

You have to make strong passwords. So, in this way, it will be difficult to hack you. The most
efficient kind of password in this sense should contain the following; At least 15 characters,
Capital letters, Special characters, Numbers.

3. Routine Updates
Keep applications and your device always up to date. Most patches include more cyber
threat protections.

4. Using Antivirus Programs

Antivirus is an antivirus software program for malware protection, identification, and elimination.
For instance, Norton, Quickheal, and McAfee are antivirus examples.

5. Firewalls
Firewalls prohibit unauthorized web users, particularly intranets, from reaching private internet-
connected sites.

6. Anti-Phishing Tactics
In the case you receive an email that looks doubtful to you, it is recommended in this computer
security article to make the followings happen: Do not use the email connection, Do not offer
any sensitive information as requested, Do not access files that have been added to the email.

7. Encryption
So here, you should have understood what is computer security. This last method, which is
encryption, is a method by which similar pace text is converted into indecipherable and
conversely. Encryption is utilized in a variety of actions such as; Online payment through banks,
Passwords for the machine, Purchases in e-commerce.

WHAT’S MORE

DIRECTION: Answer the following questions.

QUESTIONS:
1. What is network security
2. What are the types of network security attacks?
3. Why do we need to learn the network security and the different types of network
security?

6
ANSWERS:
1. __________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

2. __________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

3. __________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

WHAT I CAN DO

Direction: Watch the short video about the I Love You Virus that spread in 2000 (refer on this
link https://youtu.be/NZDiQczOsdc.) Write a reaction paper discussing your reaction about it.
The reaction must answer the following guided questions:

1. What is I Love You Virus?

2. Where does it came from?
3. What are the impact of this virus on the world.
4. Why should we mindful of this virus?
5. How will you prevent to have this kind of virus?

NOTE: You can refer on the next page for your reaction sheet.

7
 REACTION PAPER
I Love You Virus

____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
8
 ASSESSMENT

DIRECTION: Read the following statement and select the letter of the correct answer.

1. It is any software designed to damage or to disrupt a system.

a. Malware c. Adware
b. Spyware d. Phishing
2. Someone monitors the data travelling on a network and intercepts sensitive info. They
use packet sniffing software to do this. Encryption can prevent this.
a. Passive c. Active
b. Insider d. Brute Force
3. This type of attack scares the user into thinking they have lots of viruses. Provides a
malicious link to ‘fix the problem’
a. Scareware c. Ransomware
b. Spyware d. Trojan
4. Encrypts all files on the device. The attacker demands large sums of money to decrypt
the files.
a. Ransomware c. Scareware
b. Spyware d. Trojan
5. Secretly Monitors users’ action (e.g., buttons pressed)- info is sent on to a hacker.
a. Spyware c. Ransomware
b. Scareware d. Trojan

WHAT I CAN SHOW

Which category in 21st Century skills do you think the core of our topic falls in?
(Communication, collaboration, creativity, critical thinking, productivity, leadership and
technology literacy). Explain why.
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________