Network security is the security provided to a

network from unauthorized access and risks. It is the

duty of network administrators to adopt preventive
measures to protect their networks from potential
security threats.
Computer networks that are involved in regular
transactions and communication within the
government, individuals, or business require security.
 How to secure networks (Home WI-FI)
Use Strong password
Make it long—at least 16 characters is recommended.
Use a mixture of upper and lowercase letters, numbers, and special
characters.
Don’t use common phrases or personal information.
Test the strength of your password. You can use a password manager or
an online password checker to find out how secure the password is in real
time.
Make sure it’s unique—don’t reuse a password you’ve already used.
Use a password manager. They help you keep track of your passwords,
and some even generate random passwords that are hard for both
humans and computers to crack .
 Keep everything updated
• Routers need to be updated on a regular basis. Router
manufacturers update the firmware on routers
whenever a vulnerability is detected, just like the
operating system on your phone or PC. Set a
reminder to check your router settings every month
to see if there have been any updates.
 Turn on encryption
 These days every router on the market includes encryption, and it’s
one of the simplest ways to secure your internet connection.
 Go to your router’s settings and find the security options.
 Look for the WPA2 Personal setting. If you don’t see that, select WPA
Personal (but this could be a sign that your router is outdated and
more vulnerable).
 Set the encryption type to AES.
Enter a password or network key. This password is different from the
one you used for your router and will be used to connect all devices to
your Wi-Fi network.
 Use a VPN
A virtual private network (VPN) is one of the best ways to
secure your internet connection. It acts as a middleman
between your connected device and the internet. It hides
your activity so that no one (even online advertisers) can
see what you’re doing online.
You can find free browser-based VPNs or subscribe to a
monthly VPN service. This tool is a must-have for when
you’re on a public network, but it’s also a smart way to add
an extra layer of security to your home Wi-Fi.
 Use multiple firewalls

Firewalls are crucial to any internet security plan.

Firewalls work as a barrier between your protected
network and unauthorized users and networks.
Consider using a firewall in conjunction with other
security measures like antivirus software and
identity theft protection.
 Rename routers and networks
• All wireless routers come with a generic username, and many also include a generic
password. When you set up the router for the first time, you’ll need to use this generic
admin information, but after it’s up and running you should change both.
• The generic usernames and passwords that come with routers are public record, which
makes a hacker’s job easy—especially if you skip changing the router’s factory settings.
• After changing the username and password for your wireless router, you
should change the name of your home Wi-Fi network. This is called the SSID
(service set identifier), and it’s the name that people will see if they are
scanning for nearby networks.
• Avoid tipping off hackers (and keep neighbors from accessing your Wi-Fi) by
renaming the network. Be warned that any devices currently connected to your
Wi-Fi network will be kicked off after the name change, including
smartphones, computers, game systems, smart home devices, etc .
 Turn off the WPS setting
The WPS, or Wi-Fi protected setup, is the function that
lets devices like phones and smart home gadgets pair
with your network. This setting is convenient,
especially if you have a lot of smart devices to connect,
but it leaves an opening for a hacker to get in. Look for
the WPS button on your router and turn it off unless
you’re actively pairing your devices with the network.
 TYPES OF NETWORK SECURITY DEVICES

↪Active Devices
• These security devices block the excess traffic. Firewalls,
antivirus scanning devices, and content filtering devices are
the examples of such devices.
↪Passive Devices
• These devices identify and report on unwanted traffic, for
example, intrusion detection machines.
 TYPES OF NETWORK SECURITY DEVICES

↪Preventative Devices
• These devices scan the networks and identify potential
security problems. For example, penetration testing
devices and vulnerability assessment machines.
↪Unified Threat Management (UTM)
• These devices serve as all-in-one security devices.
Examples include firewalls, content filtering, web
caching, etc.
 TYPES OF NETWORK SECURITY DEVICES

↪Firewalls
A firewall is a network security system that manages and regulates the
network traffic based on some protocols. A firewall establishes a barrier
between a trusted internal network and the internet.
Firewalls exist both as software that run on a hardware and as hardware
appliances. Firewalls that are hardware-based also provide other functions
like acting as a DHCP server for that network.
Firewalls are commonly used in private networks or intranets to prevent
unauthorized access from the internet. Every message entering or leaving
the intranet goes through the firewall to be examined for security measures.
 Hardware and Software Firewalls
 Hardware firewalls are standalone products. These are
also found in broadband routers. Most hardware firewalls
provide a minimum of four network ports to connect other
computers for larger networks − e.g. for business purpose
− business networking firewall solutions are available.
 Software firewalls are installed on your computers. A
software firewall protects your computer from internet
threats.
 Antivirus
• An antivirus is a tool that is used to detect and remove
malicious software. It was originally designed to detect
and remove viruses from computers.
• Modern antivirus software provide protection not only
from virus, but also from worms, Trojan-horses,
adware’s, spywares, keyloggers, etc. Some products also
provide protection from malicious URLs, spam, phishing
attacks, botnets, DDoS attacks, etc.
 Content Filtering
Content filtering devices screen unpleasant and offensive emails or
webpages. These are used as a part of firewalls in corporations as
well as in personal computers. These devices generate the message
"Access Denied" when someone tries to access any unauthorized web
page or email.
Content filtering can be divided into the following categories
 Web filtering
 Screening of Web sites or pages
 E-mail filtering
 Screening of e-mail for spam
 Other objectionable content
 Intrusion Detection Systems
Intrusion Detection Systems, also known as Intrusion Detection and
Prevention Systems, are the appliances that monitor malicious activities in a
network, log information about such activities, take steps to stop them, and
finally report them.
Intrusion detection systems help in sending an alarm against any malicious
activity in the network, drop the packets, and reset the connection to save
the IP address from any blockage. Intrusion detection systems can also
perform the following actions −
• Correct Cyclic Redundancy Check (CRC) errors
• Prevent TCP sequencing issues
• Clean up unwanted transport and network layer options
 Secure Data Transmission
There are a number of methods that use
encryption to ensure that data transmission on a
network is Secure.
• Internet Protocol Security (IPSec)
This protocol defines encryption, authentication
and key management for TCP/IP transmissions. It
secures data in transmission by various means at
the IP packets level
 Internet Protocol Security (IPSec)
• The key components of IPSec are:
Authentication Header (AH) This component authenticates
and validates data packets. Each packet basically contains a
digital signature
Encapsulation Security Payload (ESP) This component encrypts
the data payload of the packet.
Internet Key Exchange (IKE) The above components AH and
ESP use asymmetric encryption. IKE manages the
public/private key exchanges for encryption and decryption.
 Point-to-Point Tunnelling Protocol (PPTP)
 The original Point-to-Point Protocol (PPP) is an encapsulation protocol for
transporting IP traffic over point-to-point connections.
 The Point-to-point Tunnelling Protocol (PPTP) is an expansion of the
existing Point-to-Point Protocol (PPP). PPTP uses the same principle of
encapsulating other protocol packets so that they can be transported via a
switched network (the Internet) to a specific destination. The destination
receives the PPTP packet and extracts the encapsulated data. PPTP also
supports encryption and authentication.
 This protocol is a proprietary Microsoft development and is widely used in
conjunction with VPN
 Layer 2 Tunnelling Protocol (L2TP)

 This protocol is similar to PPTP but developed by a

number of industry groups. This protocol has
become the method of choice for Microsoft
Windows VPN
 L2TP is just a tunnelling protocol. It is generally
used with IPsec to provide encryption
 Virtual Private Network (VPN)
• Virtual Private Networks are basically a secure
connection through a network (Internet, WAN, etc)
that connects either computers or networks together.
These connections make remote users appear that they
are on one single network.
• The main functions provided by VPNs are tunneling,
data security, data integrity and authentication.
 Secure Sockets Layer (SSL)
 This is a method of encrypting TCP/IP transmissions between
hosts. It is used for the encrypt web pages and data on web forms
reroute. The encryption method uses public key encryption. It
requires Digital Certificates

 URLs prefixed with 'HTTPS' initiate an SSL session between the web
browser and web server. Most online banking facilities will direct
you to a secure site with 'HTTPS' at the beginning of the address.
 Secure Shell (SSH)
• This provides a secure means of establishing
remote connections to a host. It provides
authentication via the exchange of digital certificates
and uses public key encryption. It is mainly used in
Unix/Linux environment and is a means of using
insecure protocols (telnet, ftp, etc) in a secure
fashion.
 Pretty Good Privacy (PGP)
•This is one of the most popular encryption
programs. This is a public key encryption system
that provides authentication and encryption. It is
commonly used for email transmissions and
supports a wide range of operating systems. Both
commercial and open source versions are available.