CEIT

Department of Computer Engineering

Networks Security
Muad Abdullah Eisa

Computer Networks [CET 410]

Network Security
Computer Networks CET 410

Security
Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety.
Network Security
Computer Networks CET 410

Why do we need Security?

• Protect vital information while still allowing access to those

who need it

• Provide authentication and access control for resources

• Guarantee availability of resources

Network Security
Computer Networks CET 410

Who is Vulnerable?

Anyone on the Network for Example:

• Financial institutions and banks

• Internet service providers

• Pharmaceutical companies

• Government agencies
Security Attacks
 Network Security
Computer Networks CET 410

Security Attacks

Network-Level Application-Level Malware attacks

attacks attacks

Man in DNS spoofing DDoS SQL Injection Cross-Site Cross-Site Viruses Ransomware
The Middle & attack Scripting Request Forgery
ARP Spoofing
Network Security
Computer Networks CET 410

Distributed Denial-of-Service Attack (DDoS)

A Distributed Denial of Service (DDoS) attack occurs when multiple

devices overwhelm a server, service, or network with excessive traffic,
making it inaccessible to legitimate users.

These attacks can target different layers of the network, such as the
application layer, transport layer, or network layer.
Network Security
Computer Networks CET 410

DDoS Attack
Slaves

Attacker Victim server

Network Security
Computer Networks CET 410

How to protect yourself from DDoS Attack

• Use a content delivery network (CDN)

• Use a web application firewall (WAF)
• Use a DDoS mitigation service
• Keep your software up to date
• Use strong passwords
• Back up your data
• Monitor database activity
Network Security
Computer Networks CET 410

SQL Injection

is a backend database manipulation technique used by hackers to gain

control of web applications.

It involves injecting malicious SQL code into web application inputs,

allowing attackers to manipulate data and potentially wreak havoc.
Network Security
Computer Networks CET 410

SQL Injection

Website Input Fields

1. Hacker identifies vulnerable, 2. Malicious SQL query is validated &
SQL-driven website & inject command is executed by database.
malicious SQL query via input
data.

Attacker Database
3. Hacker is granted access to view and
alter records or potentially act as
database administrator
Network Security
Computer Networks CET 410

How to protect yourself from SQL Injection

• Input validation
• Use a web application firewall (WAF)
• Use strong passwords
• Back up your data
• Monitor database activity
Network Security
Computer Networks CET 410

Viruses
A computer virus is a malicious program designed to spread from one computer to
another, typically with the intent of causing harm to the system or data. Viruses can
spread through:

• Email attachments
• Websites.
• Removable devices
Network Security
Computer Networks CET 410

Different types of computer Viruses

• Polymorphic virus
• Multipartite virus
• File infector
• Web scripting virus
• Macro virus
Network Security
Computer Networks CET 410

How do Viruses infect the computers?

• Spam emails and attachments

• Instant messaging
• File-sharing
• Fake antivirus
• Hardware
Network Security
Computer Networks CET 410

How to protect computers from Viruses?

• Install antivirus software

• Keep the computer and software updated
• Don’t open suspicious emails or attachments
• Enable a Firewall
Conclusion
Network Security
Computer Networks CET 410

Bad news

• Increasing cyber attacks

• Continuous evolution of malware
• Skill shortage in information security
Network Security
Computer Networks CET 410

Good news

• Evolution of information security technologies

• Increased awareness of information security
• Increased investment in information security