Ethical Considerations in
Cybersecurity
Legal requirements aside, ethical
considerations also play a pivotal role in cybersecurity. Ethical
considerations often revolve around what actions would constitute the
"right" or "good" course of action in any particular
circumstance.
Here are some of the major ethical concerns for cybersecurity:
- Privacy: When protecting systems
and data, cybersecurity professionals often gain access to sensitive
personal or organisational data which should remain private and
undisclosed. Maintaining its protection as part of ethical practice is
therefore of utmost importance.
- Disclosure: When security
researchers or cybersecurity professionals find vulnerabilities within a
system, an ethical question arises of when, how and to whom this
information should be disclosed.
- Proportionality: When responding to cyber
threats, defence measures should be proportionate with their intensity and
should aim at minimising further disruption or injury.
- Equality
of Access: With
internet usage becoming an integral component of daily life, providing
equal and fair access to digital resources while protecting against
digital discrimination are ethical considerations that should be
prioritised.
Network Security
This topic is intended to introduce
you to network security.
Topics to Be Covered:
- Fundamentals
of network security.
- Components
of network security.
- Network
protocols and their vulnerabilities.
- Firewall
technologies and intrusion detection systems.
- Virtual
private networks (VPNs) and secure remote access.
·
Components of Network Security
· Network security entails
multiple layers of defences at both the edge and in the network, each layer
implementing policies and controls designed to allow only authorised users
access to network resources while keeping malicious actors away. Key elements include:
·
1. Access Control
This
is used to control who can access the network. It effectively keeps
unauthorised persons out while granting access to authorised users.
·
2. Antivirus and Antimalware Software
Antivirus and antimalware software
is intended to defend against malware such as viruses, ransomware, worms,
trojans and spyware.
·
3.
Firewalls
Firewalls act as barriers between an internal network and external networks
(typically the internet) which help block malicious traffic while permitting
legitimate traffic through.
·
4.
Virtual Private Network
VPN enables secure connections over
the internet between networks. A VPN provides privacy when browsing over public
WiFi networks or public Wi-Fi hotspots - an additional layer of protection.
5. Intrusion Prevention Systems
(IPS)
These systems identify
fast-spreading threats, such as zero-day or zero-hour attacks.
6. Security Information and Event
Management (SIEM)
These tools allow IT teams to
centrally manage and see events related to security, as well as enable incident
response and report generation for compliance purposes.
7. Email Security
Given that email is a common attack
vector, email security solutions can block incoming attacks and control
outbound messages to prevent the loss of sensitive data.
Network Protocols and Their
Vulnerabilities
What are Network Protocols?
Network protocols are rules
designed to facilitate data communication among computers and devices in a
network, and to facilitate its data packet delivery smoothly from source to
destination.
There are various network protocols, each catering to certain purposes and
operating at various layers of a networking model. Some key ones include
HTTP(S), FTP, SMTP, DNS and TCP/IP among many more.
Understanding Key Protocols and
Their Vulnerabilities
1. HTTP and HTTPS (HyperText
Transfer Protocol and HTTP Secure):
These two protocols allow web users
to transfer data over an unsecured channel; any information can be intercepted
and exploited during transmission.
HTTPS offers more protection by using encryption technology to secure its
message transmission; however, improper configuration can leave HTTPS
vulnerable to attacks such as "SSL stripping", whereby an attacker
downgrades communication from HTTPS back down to HTTP in order to intercept
information being transferred between hosts.
TP (File Transfer Protocol)
FTP is used for sending files
between client and server, but lacks encryption which leaves sensitive data
vulnerable to interception. As an alternative, its secure counterpart, SFTP
uses SSH-based encryption instead.
3. SMTP (Simple Mail Transfer
Protocol)
Used for sending emails, this
protocol can easily be compromised to send spam or phishing attacks. Without
adequate protections in place, its vulnerability could allow any number of
unwanted senders access.
4. DNS (Domain Name System)
DNS provides translation between
domain names and IP addresses, making it vulnerable to DNS spoofing or
poisoning attacks in which an attacker modifiess DNS records to divert traffic
away from targeted websites, often for illicit reasons.
5. TCP/IP (Transmission Control
Protocol/Internet Protocol)
This is the basic communication
protocol of the internet and can be susceptible to various attacks such as SYN
flood attacks; an attacker flooding servers with SYN packets causes it to
become inactive and render itself nonresponsive.
Firewall Technologies/Intrusion
Detection Systems
A firewall is a network security
system which monitors and controls incoming and outgoing network traffic
according to predetermined security rules, acting as an intermediary between
trusted internal networks such as your company network and potentially hostile
external ones like the internet.
Types of Firewalls
·
Packet
Filtering Firewall: This
type of firewall operates at the network level to filter packets of data
passing through it; any that don't meet security rules set out by this device
won't pass.
·
Stateful
Inspection Firewall: Also
known as dynamic packet filtering, this firewall keeps track of active
connections and only allows traffic through if it's part of an
already-established connection.
·
Proxy
Firewall: Proxy
firewalls operate at the application layer, filtering traffic between two
systems by invoking a service request on behalf of one system.
·
Next-Generation
Firewall (NGFW): These
firewalls include functions of traditional firewalls plus other network device
filtering functionalities, such as intrusion prevention, SSL and SSH
inspection, deep-packet inspection, and reputation-based malware detection.
Virtual Private Networks/Secure
Remote Access
What is a VPN?
Virtual Private Network (VPN)
technology creates a secure tunnel between your device and either the network
at work or an Internet server, effectively creating an extension of private
networks across public ones to allow users to send and receive data as though
their computing devices were directly linked into them.
Why is VPN Important?
VPNs are crucial for preserving
privacy and securing data exchange in a world where data breaches and
surveillance are significant concerns.
·
Encryption: VPN provides strong encryption to
ensure that even if cybercriminals intercept data they cannot read it.
·
Anonymity: VPN can mask your IP address,
making your online actions virtually untraceable.
·
Remote
Access: VPNs
provide a secure way for remote employees to access necessary resources on
their company's network.
Understanding Secure Remote Access
Secure remote access refers to any
method by which an individual may connect securely with a network from outside
its location - this may involve VPNs but could also involve using other
strategies and tools.
Ensuring secure remote access is crucial in protecting your network. This
involves several elements:
·
Authentication: Ensure only authenticated
users can gain entry to a network using passwords or alternative methods like
biometric verification and multi-factor authentication.
·
Authorization: This involves managing user
permissions, so users can only access the data and systems they need for their
work.
·
Encryption: As mentioned above,
encryption involves encoding data so it cannot be read if intercepted and read
by third parties.
·
Monitoring: Continuously monitoring network
activity can help identify any unusual or suspicious behaviour that might
signal a security breach.
Types of VPNs
There are various VPN solutions
designed for specific uses; and requirements:
1.
Remote
Access VPN:
Allowing users to securely connect with private networks remotely is often
employed by corporate employees in order to securely access their company
network from home or while travelling.
2. Site-to-Site VPN, also referred to as Router to Router VPN, allows for seamless communication between networks located at different offices by securely linking their networks together.
IPsec (Internet Protocol Security) VPN: This protocol suite is used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a communication session.
2. SSL (Secure Socket Layer) VPN: Provides access to web applications from different locations and types of devices securely while only giving access to specific resources on a network (rather than all).
Understanding VPNs and secure remote access tools in this digital era where much work can be completed remotely is vitally important to cybersecurity professionals.
They allow us to keep networks secure even if users are distributed across disparate locations - remembering that security goes beyond technology alone: trust is what keeps networks functioning well!