02 OCT 2018

Systems and computer networks security

System and network security is essential in a modern world like ours which is strongly interconnected (in fact this historical period is called “information age”) and many of our daily activities rely on computer networks. For this reason, it is absolutely critical and essential to protect computer networks. It’s like building a beautiful house (Internet services) but leaving the door open (security). It is not a smart idea.

In this article we will examine what computer networks are, what the job is of computer network technicians, what the threats are to computer networks for users and companies and how these individuals can protect themselves.


Computer networks: what are they?

Computer networks are the tool to connect any device able to communicate. The largest currently existing network is Internet (more correctly Internet is a set of interconnected networks) and it extends across the globe.


Computer network technicians: what they do

The computer network technician deals with computer network security. Usually, the security of computer networks enriches other existing IT professions. There are specific IT professions in the IT security sector. Some examples:

  • IT Forensics;
  • Threat hunter: the equivalent of investigators;
  • IT Security Analyst: a more generic figure that controls and coordinates security.

Often, in business contexts, some – or all, depending on the needs – of these figures are concentrated in a specific organizational unit: the SOC (Security Operations Center).


Cyber threats for users: malware and phishing

There are many Cyber threats and they are always evolving. Without getting too technical, we can list the main ones:

malware: software written specifically to perform malicious actions without the user’s knowledge;

phishing (neologism that remembers “to fish”): techniques able to deceive the user: users believe they are on a “legitimate” webpage (such as an online bank or the portal to check his e-mails and similar). The user will trust and insert their credentials, but these will be sent to a hacker. Phishing is one of the most common methods of infection and one of the most dangerous.


Computer threats for companies: DoS and DDoS attacks

For companies, the main cyber threats are DoS and DDoS attacks.

DoS is the acronym of “Denial of service” and generally, DoS attacks are addressed to web servers. DoS cyberattacks “flood” a server with requests, and the server cannot recognize which of these requests come from real people and which, are automatic. In order to serve everyone, the server exhausts its resources. To explain it in simple words, we can think about a pizzeria that is flooded with telephone orders, not all real, and the supply of the pizza dough is used up as the pizzeria responds to both real and non-real requests, unable to understand the difference.

Returning to DoS attacks, receiving too many requests, the web server (or the pizzeria, to reconnect to our previous example) can no longer perform its function. DoS attacks are technically simple to carry out and occur continuously, even against larger companies and there have been many of these cases. There are defense techniques against DoS attacks that allow to “mitigate” the effects, making DoS attacks much less effective or very expensive for the attacker.

On the other hand, DDoS attacks have the same goal of DoS attacks – deny the service – but a different scale. DoS attacks are performed by an attacker, while DDoS are “distributed” (hence the first “D”), that is, performed by several attackers. It is irrelevant whether the “mind” behind a DDoS attack is always the same, the question is only technical.


Computer network security: how to protect yourself from IT attacks

There is no a single method, but there are different layers of protection, according to particular needs. However, there are some common aspects in all cases:

  • Defense in depth or level defense: any communication network is structured in levels, each of which is managed by a device. For example: the “point of contact” between a home network and Internet is the router. Each of these levels must have its own protection.
  • Isolation: as a general rule, it should not be possible to directly access (except for specific cases to be managed separately, such as a company web servers or a home site) to a network from outside, the network but only from within. This may seem counterintuitive, but it is the best way to protect yourself. Modern home routers (which also have an integrated firewall) already have this mechanism activated (called NAT). For corporate networks, instead, it is not always possible to achieve this result because they often provide services from outside. In this case, there are other security devices, such as WAF and IDS/IPS.
  • Proactivity: security is a complicated matter. What the average user can do is:
    • keep the operating system, and antivirus and anti-malware software up-to-date
    • if it is possible, keep the home router up-to-date too;
    • do not download pirated software! A few euros saved could expose you to malware and you could lose your documents.

In business contexts it is necessary to, in addition to what was said for the average user:

  • implement policies to control and periodically review all access to corporate services and networks;
  • insert in the network some traffic analysis tools able to identify the most common intrusions (IDS/IPS);
  • hire a team (also external) able to handle emergency situations.

Elaborated by Lucia D’Adamo, in collaboration with Fabio Toscano