C O URS E T I T L E :

N E T WO R K
M A N AG E M E N T
AND SECURITY

Dr. Abdullah Alamri

 Lec-6
topics

I. Network Management
A. Introduction to Network Management
B. Network Monitoring and Performance Analysis
C. Configuration Management
D. Fault Management
E. Network Management Systems (NMS)

II. Network Security

A.Introduction to Network Security
B. Network Security Technologies
C. Cryptography
D. Authentication and Access Control
E. Security Management
 A. Introduction to Network Security:

1. Security Threats and

2. Security Goals
Vulnerabilities (Malware,
(Confidentiality,
Phishing, Denial-of-
Integrity, Availability)
Service)

3. Security Principles
(Defense in Depth, Least 4. Security Policies and
Privilege, Fail-Safe Procedures
Defaults)
 Definition: Weaknesses or gaps in
A. Security a system that attackers exploit.
Threats and
Vulnerabilities 1. Malware
• Examples: Viruses, ransomware,
spyware.
• Practical Example:
• Use Wireshark to analyze network
traffic infected with malware.
Malware Type Description Real-World Example(s)

Virus Malicious code embedded within an application, requires a host to spread. Melissa (1999)

Worm Self-replicating program that spreads across networks without a host. Flame (2012), Stuxnet (2010)

Disguises itself as legitimate software to gain access and perform malicious

Trojan Emotet (2018), Zeus (2007)
acts.

WannaCry (2017), Colonial Pipeline (2021),

Ransomware Encrypts files or locks a system, demanding payment for their release.
CryptoLocker (2013)

Spyware Secretly monitors user activity and collects sensitive information. Keyloggers, Pegasus

Adware Displays unwanted advertisements, may track user activity. Fireball (2017), Appearch

Botnet Network of infected computers controlled remotely to launch attacks. Mirai (2016)

Fileless Operates in memory without installing files, using legitimate system tools. Astaroth
 Definition:
Phishing uses fraudulent emails, texts, or websites to
trick users into revealing sensitive data (e.g., passwords,
credit cards).

Real-World Statistics:
2. Phishing • 36% of all data breaches involve phishing (Verizon
DBIR 2023).
• Google blocked 100 million phishing emails daily in
2023.
• The 2020 Twitter Bitcoin scam hijacked high-profile
accounts (Elon Musk, Obama) to steal $118k.

Mitigation:
• Employee training

• Email filtering
Denial of
Service (DoS)
and Distributed
DoS (DDoS)
Attacks
7
 A Denial-of-Service (DoS) attack is a type of cyberattack
that aims to disrupt the normal operation of a service,
network, or system, typically by overwhelming it with
Denial-of- excessive traffic or exploiting its weaknesses, thereby
preventing legitimate users from accessing expected
Service services and resources.1 The goal of a DoS attack is to
make an online service unavailable by flooding the
targeted host or network with traffic until it can no
longer respond or ultimately crashes

8
Denial of Service Attack (DoS)
• A Denial of Service (DoS) attack aims to render a server or a device unavailable to legitimate
users by interrupting the device’s normal services1
• A Distributed DoS (DDoS) is a type of DoS that originates from multiple distributed sources
(e.g., botnet DDoS attack), thus, amplifying the effect of DoS

9
Types of DoS Attacks
• DoS attacks can be performed at various levels of the protocol stack (e.g., TCP, UDP)

SYN requests

Attacker
SYN - ACK
Victim

Waiting for
ACK
SYN request
Victim host is
unavailable
Normal
host

TCP SYN flood attack

10
 Attack Name Year Target(s) Method(s) Impact

Widespread internet outages, inaccessibility of

Mirai Botnet 2016 Dyn, various websites Botnet-based DDoS
major websites

Memcached amplification
GitHub 2018 GitHub Service disruption for a short period
DDoS

Google Cloud UDP amplification, CLDAP, Record-breaking bandwidth attack, potential

Google Attack 2020
services DNS, SMTP reflection service disruption averted

Unidentified AWS Largest bandwidth attack at the time, potential

AWS Attack 2020 CLDAP reflection DDoS
customer service disruption averted

Boston Children' s Boston Children's TCP fragmented floods, DNS Slowed legitimate traffic, potential disruption of
2014
Hospital Hospital reflection floods healthcare services

HTTP/2 Rapid Google, Cloudflare, Exploiting HTTP/2 protocol Record-breaking requests per second, potential
2023
Reset others vulnerability service disruption 11
 Security Goals: CIA Triad
(Confidentiality, Integrity, Availability)

The CIA Triad forms the foundation

of cybersecurity, guiding the design
and implementation of secure
systems. Below is an explanation of
each goal and how to achieve them
in network security:
 1. Confidentiality
Definition:
Ensuring that sensitive data is accessible only to authorized users, systems, or processes.

Implementation in Network Security:

•Encryption:
• Use protocols like TLS/SSL for encrypting data in transit (e.g., HTTPS for web traffic).
• Encrypt data at rest using algorithms like AES-256 (e.g., encrypted databases or files).
•Access Controls:
• Role-Based Access Control (RBAC): Restrict access based on user roles (e.g., HR staff
can’t access financial servers).

• Multi-Factor Authentication (MFA): Require additional verification (e.g., Google

Authenticator) for sensitive systems.
•Network Segmentation:
• Isolate critical systems using VLANs or subnets (e.g., separating payment processing
networks from guest Wi-Fi).

•VPNs:
• Encrypt remote connections to prevent eavesdropping (e.g., using IPsec or OpenVPN).

Example:
A hospital encrypts patient records (AES-256) and restricts access to doctors via RBAC.
 2. Integrity
Definition:
Ensuring data remains accurate, complete, and unaltered unless
explicitly modified by authorized entities.

Implementation in Network Security:

•Hashing & Digital Signatures:

• Use SHA-256 hashes to verify file integrity (e.g.,
checksums for downloaded software).
• Sign critical updates with digital certificates to ensure
authenticity.
•Intrusion Detection/Prevention Systems (IDS/IPS):
• Detect and block unauthorized modifications (e.g., blocking
SQL injection attacks).

Example:
A bank uses digital signatures to validate transaction requests and logs
all changes to detect tampering.
 3. Availability
Definition:
Ensuring systems and data are accessible to authorized users when
needed.

Implementation in Network Security:

•Redundancy & Failover:

• Deploy redundant servers, load balancers (e.g., HAProxy), and
backup links to avoid single points of failure.
•DDoS Mitigation:
• Use services like Cloudflare or AWS Shield to absorb
malicious traffic floods.
•Regular Backups:
• Schedule automated backups (e.g., Veeam or Acronis) stored
offsite or in the cloud.
•Patch Management:
• Regularly update software/firmware to fix vulnerabilities
 Defense In Depth
SECURITY PRINCIPLES

Least Privilege

Fail-safe Defaults)
1 . D E F E NS E I N
DEP TH

Concept and Implementation in

Network Security
W H AT I S D E F E NS E
IN DE P TH?
Defense in Depth (DiD) is a security strategy that relies
on implementing multiple layers of protection to secure
networks and systems. The core idea is to avoid relying
on a single security solution. Instead, a combination of
integrated defensive mechanisms is used so that if an
attacker breaches one layer, subsequent layers prevent
access to critical assets. This concept resembles a
"fortified castle" protected by multiple walls.
Key Objectives of Defense in
Depth

1.Reduce Breach Risks: Make attacks difficult and

costly for intruders.

2.Mitigate Breach Impact: Even if an attacker

breaches one layer, other layers protect critical
data.

3.Adapt to Evolving Threats: Design flexible

defenses to counter modern attack techniques.
 1. Network Segmentation

Divide the network into isolated segments (e.g.,VLANs) to protect

sensitive areas (e.g., databases or servers).

Example: Separating employee networks from guest or IoT device

networks.

2. Layered Firewalls
Implementation
Deploy firewalls at different levels:
in Network
• Perimeter Firewall: Protects the network’s external boundary.

Security • Internal Firewalls: Isolate internal network sections.

Example: Using Fortigate at the network edge and pfSense between

internal departments.

3. Intrusion Detection/Prevention Systems (IDS/IPS)

Intrusion Detection System (IDS): Monitors and alerts on suspicious

activities.

Intrusion Prevention System (IPS): Automatically blocks attacks (e.g.,

DDoS or vulnerability exploits).

Example: Tools-like Snort or Suricata for traffic monitoring.

 4. Encryption at All Levels
• Encrypt data at rest (e.g., AES-256 for files) and in transit
(e.g., TLS 1.3 for communications).
• Example: Enforcing VPNs for all remote connections to
encrypt data.

Implementation 5. Identity and Access Management (IAM)

in Network • Apply the Least Privilege Principle: Grant users the minimum
necessary permissions.
Security • Use Multi-Factor Authentication (MFA) for accessing sensitive
systems.
• Example: Requiring MFA via Google Authenticator for server
access.

6. Endpoint Security
• Install antivirus software (e.g., Microsoft Defender).
• Enable features like Full Disk Encryption (BitLocker) on
devices.
• Regularly update systems to patch vulnerabilities.
 7. Data Backup and Recovery
• Create automated backups stored in separate locations
(e.g., cloud or offsite).
• Periodically test data restoration to ensure
effectiveness.
• Example: Using tools like Veeam for daily backups.
Implementation
8. Security Awareness Training
in Network
• Train employees to recognize threats such as:
Security • Phishing attacks.
• Malware.
• Example: Simulating phishing attacks to test
employee responses.
9. Continuous Monitoring and Analysis
• Use SIEM tools (e.g., Splunk or ELK Stack) to
monitor and analyze suspicious activities.
• Conduct security audits to review permissions and
configurations.
 Practical Examples of Defense in Depth

1.Securing a Web Server:

1. Layer 1: Firewall blocking unnecessary ports.
2. Layer 2: IPS preventing SQL injection attacks.
3. Layer 3: HTTPS encryption for data.
4. Layer 4: Daily data backups.
2.Corporate Network Protection:
1. Segmenting the network (employees, guests, admin
devices).
2. Installing antivirus software on all endpoints.
 Conclusion

Defense in Depth is not a single product or

technology but a security philosophy built
on strategic planning and integration of
tools and policies. In an era of increasingly
sophisticated attacks, implementing this
strategy is vital to protecting digital
infrastructure from internal and external
threats
 2. Least Privilege

The Principle of Least Privilege (PoLP) is a

cybersecurity concept that dictates that users,
applications, and systems should only be
granted the minimum level of access
(privileges) necessary to perform their specific
tasks. No entity should have more permissions
than absolutely required. This reduces the risk
of accidental or intentional misuse of
privileges, limits the attack surface, and
contains potential breaches.
 User Accounts:
• Users should only have access to the data,
networks, or systems directly relevant to their
role (e.g., a marketing employee doesn’t need
Key Components access to financial databases).

of Least Privilege Applications/Services:

• Software should run with the least privileges
required (e.g., a web server doesn’t need
admin rights).
Network Devices:
• Routers, switches, and firewalls should restrict
administrative access to authorized personnel
only
 1. Role-Based Access Control (RBAC)
•Define roles (e.g., "Network Admin," "HR User") and assign
permissions based on job requirements.
•Example:
How to Implement • A junior IT staff member can view network logs but cannot
modify firewall rules.
Least Privilege in • A finance team member can access payment systems but not
Network Security server configurations.

2. Network Segmentation
•Divide the network into segments (e.g.,VLANs, subnets) and
restrict traffic between zones.
•Example:
• IoT devices are isolated in a separate VLAN with no access
to the corporate LAN.
• Database servers are placed in a secured segment accessible
only to specific applications.
 3. Strict Access Controls
• Use Access Control Lists (ACLs) on firewalls,
routers, and switches to allow only necessary
traffic.
How to Implement • Example:
Least Privilege in • Block all inbound traffic to a server except
port 443 (HTTPS) for web services.
Network Security • Restrict SSH access to administrators’ IP
addresses.
4. Privilege Escalation Controls
• Use just-in-time (JIT) access for temporary privileges.
• Require multi-factor authentication (MFA) for
administrative tasks.
• Example:
• Admins must request temporary elevated access via a
privileged access management (PAM) tool.
 5. Least Privilege for Service Accounts
• Ensure service accounts (e.g., for databases, APIs) have only
the permissions they need.
How to Implement • Example:
Least Privilege in A backup service account can read files but cannot delete
or modify them.
Network Security
6. Regular Audits and Reviews
• Periodically review user permissions, firewall rules, and
device configurations.
• Use tools like SIEM (Security Information and Event
Management) to detect privilege misuse.
• Example:
• Quarterly audits to revoke unused permissions or
inactive accounts.
 7. Default Deny Policies
•Configure systems to deny all access by default,
How to Implement then explicitly allow only what’s necessary.
Least Privilege in •Example:
• Firewalls block all traffic unless whitelisted.
Network Security • New user accounts start with zero permissions.

8. Micro-Segmentation
•Apply granular controls within a network (e.g.,
isolating workloads in a data center).
•Example:
• In a cloud environment, restrict communication
between virtual machines unless required.
 Examples of Least Privilege in Action

•Firewall Rules: Only allow specific IPs to access

administrative interfaces.
•Database Permissions: A customer support tool can query
customer data but cannot alter tables.
•End-User Devices: Employees cannot install software
without IT approval.
 Automate Permissions: Use tools
like Ansible or Terraform to
enforce least privilege.

Best Practices Zero Trust Model: Assume no

user or device is trusted by
default.

Monitor Privileged Activity:

Log and audit all
administrative actions.
 The Principle of Least Privilege is
a cornerstone of network security,
ensuring that access is tightly
controlled and aligned with
operational needs. By
Conclusion implementing RBAC,
segmentation, strict access controls,
and continuous monitoring,
organizations can significantly
reduce risks and build a resilient
security posture. In a world where
insider threats and credential theft
are rampant, PoLP is not
optional—it’s essential.
 3.Fail-Safe Defaults

The principle of is a foundational concept in

designing secure systems and is widely applied
in network security. It revolves around the
idea that a system should automatically
prioritize security in the event of failures or
ambiguities, rather than granting unrestricted
access or privileges. In other words, if an error
or uncertainty occurs, the system should
default to the most secure state (e.g., denying
access) instead of allowing it.
 1 2 3
Default Deny: Least Privilege Enforcement: Secure Failure Handling:
• The system starts in a state where • Users, devices, and services • If the system fails to validate a
all requests or operations are denied receive minimal privileges by request (e.g., authentication failure),
by default, unless explicitly default, with permissions expanded it automatically denies access.
authorized only as needed. • Example: Terminating a connection
• Example: A firewall blocking all • Example: A new employee account if a TLS handshake fails during
traffic except pre-approved ports starts with zero access to internal encryption.
(e.g., HTTPS on port 443). databases until roles are assigned.

Core Principles
 Implementation in Network
Security

1. Firewall Configuration: - Configure firewalls to

block all traffic (inbound/outbound) by default,
then open only necessary ports and protocols.
• Example: Allowing ports 80 (HTTP) and 443
(HTTPS) on a server while blocking others.
2. Network Access Control (NAC): - Treat new
devices connecting to the network as untrusted
by default until authenticated and compliant
with security policies.
• Example: Using 802.1X authentication to
verify devices before granting network access.
 Implementation in Network
Security

3. System and Software Updates: - Automatically reject

updates that fail integrity checks (e.g., unsigned
software).
• Example: Windows Update refusing to install
updates without a valid Microsoft signature.
4. Default Encryption: - Enforce encrypted
communications (e.g., TLS 1.3) by default for all
network traffic.
• Example: Web applications automatically
redirecting HTTP to HTTPS.
5. Network Device Hardening: - Enable security features
like BPDU Guard or DHCP Snooping by default on
routers and switches to prevent Layer 2 attacks.
BPDU Guard (Bridge Protocol Data Unit Guard)
Rogue DHCP Server Attacks
Homework Assignments
Assignment 1: Malware Analysis
Task: Analyze a malware sample using Cuckoo
Sandbox and write a report on its behavior.
Deliverable: 3-page report detailing network traffic,
registry changes, and processes.

38
 Homework Assignments
Assignment 2: Design a Defense-in-Depth
Architecture
• Task: Create a network diagram using Cisco Packet
Tracer that includes:
o Firewall
o IDS/IPS
o VPN
o Encrypted databases
• Deliverable: Diagram + 500-word explanation of
each layer.

39
Homework Assignments
Assignment 3: Policy Drafting
• Task: Write an Acceptable Use Policy for a
university lab.
• Deliverable: Policy document covering
device usage, data access, and penalties.

40