Network threats and vulnerabilities in

network security
What is Threat?
A cyber threat is a malicious act that seeks to steal or damage data or
discompose the digital network or system. Threats can also be defined as the
possibility of a successful cyber attack to get access to the sensitive data of a
system unethically. Examples of threats include computer viruses, Denial
of Service (DoS) attacks, data breaches, and even sometimes dishonest
employees.
Types of Threat
Threats could be of three types, which are as follows:
1. Intentional- Malware, phishing, and accessing someone's account
illegally, etc. are examples of intentional threats.
2. Unintentional- Unintentional threats are considered human errors, for
example, forgetting to update the firewall or the anti-virus could make the
system more vulnerable.
3. Natural- Natural disasters can also damage the data, they are known as
natural threats.
What is Vulnerability?
In cybersecurity, a vulnerability is a flaw in a system's design, security
procedures, internal controls, etc., that can be exploited by cybercriminals. In
some very rare cases, cyber vulnerabilities are created as a result
of cyberattacks, not because of network misconfigurations. Even it can be
caused if any employee anyhow downloads a virus or a social engineering
attack.
Types of Vulnerability
Vulnerabilities could be of many types, based on different criteria, some of
them are:
1. Network- Network vulnerability is caused when there are some flaws in the
network's hardware or software.
2. Operating system- When an operating system designer designs an
operating system with a policy that grants every program/user to have full
access to the computer, it allows viruses and malware to make changes on
behalf of the administrator.
3. Human- Users' negligence can cause vulnerabilities in the system.
4. Process- Specific process control can also cause vulnerabilities in the
system.
What is Risk?
Cyber risk is a potential consequence of the loss or damage of assets or data
caused by a cyber threat. Risk can never be completely removed, but it can
be managed to a level that satisfies an organization's tolerance for risk. So,
our target is not to have a risk-free system, but to keep the risk as low as
possible.
Cyber risks can be defined with this simple formula- Risk = Threat +
Vulnerability. Cyber risks are generally determined by examining the threat
actor and type of vulnerabilities that the system has.
Types of Risks
There are two types of cyber risks, which are as follows:
1. External- External cyber risks are those which come from outside an
organization, such as cyberattacks, phishing, ransomware, DDoS attacks, etc.
2. Internal- Internal cyber risks come from insiders. These insiders could have
malicious intent or are just not be properly trained.
Real World Examples of Threat, Vulnerability and Risk
in Computer Network

Threats

1. The WannaCry Ransomware Attack in 2017 used flaws in Microsoft

Windows by encrypting data and demand ransom payments from users.
2. Phishing Attacks, is the attack where the attacker uses email to tricks users
into disclosing their personal information that leads to data breaches or
financial loss.
3. A malicious code was inserted into SolarWinds Orion software by the
hackers that made it's supply chain security vulnerable.

Vulnerabilities

1. A bug in the OpenSSL cryptographic package allowed attackers to access

sensitive data from different sites using this package.
2. In 2018, critical vulnerabilities was found in modern processors permitted
unauthorized access to data stored in memory.
3. A multiple zero-day vulnerabilities, together referred as ProxyLogon,
allowed attackers to inject malware in Microsoft Exchange Server, which
made it possible for the hackers to access email accounts.

Risks

1. Target’s network, had some flaws which was exploited by external

attackers in 2013, allowing the attacker to steal credit card information of
millions of customers.
2. Due to a bug in Equifax’s web application, sensitive private information of
147 million people was exposed.
3. In 2022, attackers obtained access to Okta's internal system that
highlighted the vulnerability in it's identity management system.
Difference Between Threat, Vulnerability, and Risk
Threat Vulnerability Risk

Take advantage of Known as the weakness

vulnerabilities in the in hardware, software, or The potential for loss or
system and have designs, which might destruction of data is caused by
the potential to steal allow cyber threats to cyber threats.
and damage data. happen.

Generally, can't be
Can be controlled Can be controlled
controlled

It may or may not

Generally, unintentional Always intentional
be intentional.

Vulnerability Reducing data transfers,

management is a downloading files from reliable
process of identifying the sources, updating the software
Can be blocked by problems, then regularly, hiring a professional
managing the categorizing them, cybersecurity team to monitor
vulnerabilities prioritizing them, and data, developing an incident
resolving the management plan, etc. help to
vulnerabilities in that lower down the possibility of
order cyber risks
Threat Vulnerability Risk

Can be detected by identifying

Can be detected Can be detected by
mysterious emails, suspicious
by anti-virus penetration testing
pop-ups, observing unusual
software and threat hardware and many
password activities, a slower
detection logs vulnerability scanners
than normal network, etc

Network security planning and policy

What Is a Network Security

Policy?
A network security policy is a formal set of guidelines that dictates how an organization
will protect its network infrastructure and data assets. It serves as a framework for
defining procedures and assigning responsibilities for protecting network resources from
cyber threats. This policy outlines the acceptable use of networks, determines who has
access to data, and establishes measures for handling security breaches.

Creating a network security policy involves understanding an organization’s risks and

defining strategies to mitigate them. This involves an approach that integrates security
technologies with procedural safeguards.

Ideally, network security policies should be dynamic and adaptive, evolving with
emerging threats and new technological advancements. They set clear expectations for
maintaining security and provide a benchmark against which compliance can be
assessed.

The Importance of Network

Security Policies
Network security policies are vital for organizations to protect their data and systems
from cyber threats. They provide a structured approach to managing security risks and
ensuring compliance with legal and regulatory requirements:

 Risk management: A well-defined network security policy enables organizations

to identify potential vulnerabilities and implement appropriate controls to mitigate
risks. By systematically assessing threats, organizations can prioritize resources
and responses to protect critical assets.
 Regulatory compliance: Adhering to a network security policy helps
organizations comply with various laws and standards related to data protection
and privacy. Many compliance standards have specific requirements related to
network security or access control.
 Operational continuity: Implementing security measures as outlined in the
policy ensures the continuous operation of network systems. By preventing
unauthorized access and potential breaches, organizations can maintain
business continuity and protect their reputation.
 Employee awareness and responsibility: A security policy educates
employees about their roles in maintaining security. Clear guidelines on
acceptable use, access controls, and incident reporting foster a culture of
security awareness and accountability.

Key Components of a Network

Security Policy
1. Defining Security Objectives and Scope
Security objectives outline the primary goals the policy intends to achieve, such as
protecting sensitive data, ensuring uninterrupted network availability, and maintaining
compliance with regulatory standards. The scope defines the boundaries of the policy,
specifying which devices, users, and resources it applies to within the organization.
Security objectives should align with the organization’s broader business goals. This
alignment guarantees that the network security policy supports the organization’s
operations without causing disruptions. Establish a clear understanding of risks and
priorities, which aids in the formulation of realistic and achievable security goals.

2. Asset Identification and Classification

Asset identification involves creating an inventory of all network resources, including
hardware, software, and data. This process helps in understanding what is at risk and
devising strategies to protect these assets. Classification denotes categorizing assets
based on their importance and impact on the organization if compromised. Prioritizing
assets allows organizations to allocate security resources more effectively and focus on
protecting high-value items.

Classifying assets often involves determining their confidentiality, integrity, and

availability requirements. This understanding enables crafting targeted security controls
tailored to different asset classes. For example, critical systems might require more
stringent access controls and monitoring. An accurate classification system ensures that
security measures are proportionate to the risk level of each asset.

3. Access Control Policies

Access control policies determine who can access network resources and under what
conditions. These policies prevent unauthorized access while ensuring that legitimate
users have the necessary permissions to perform their tasks. Effective access control
policies establish user authentication methods, such as passwords and biometric
verification, and authorize appropriate access levels based on roles and responsibilities.

Implementing access control policies can reduce the potential for insider threats and
unauthorized data exposure. These policies should include regular reviews and updates
to user access rights, especially when employee roles change or when they exit the
organization.
4. Acceptable Use Policies
Acceptable use policies (AUPs) specify acceptable user behaviors regarding network
resources. These guidelines inform employees about permitted actions when using the
organization’s network and technology assets, aiming to prevent activities that may
compromise network security.

AUPs commonly include regulations on the use of email, internet, and company-owned
devices, and highlight consequences for violations. Clearly defined acceptable use
guidelines help mitigate risks related to user activity, such as downloading unauthorized
software or accessing inappropriate websites.

5. Network Security and VPN Usage Policies

VPNs provide secure connections for users accessing the network from offsite
locations. VPN usage policies establish rules for when and how VPNs should be used,
emphasizing encrypted communication to protect data from potential interceptions.
These policies also specify acceptable devices and software configurations for VPN
connections to maintain security.

Enforcing VPN usage policies ensures consistent security measures for users
accessing the network remotely, reducing vulnerabilities from unsecured connections. A
strong VPN policy helps prevent unauthorized access by ensuring only trusted devices
and users can establish VPN connections.

6. Password and Authentication Policies

Password and authentication policies establish protocols for creating and managing
passwords, emphasizing strength and regular updates. They may also dictate the use of
multi-factor authentication (MFA) to improve security. Strong passwords and
authentication measures help defend against unauthorized access and reduce the risk
of breaches.
Password policies should enforce complexity and uniqueness to minimize vulnerability
to common attacks like password guessing and brute force. Requiring periodic
password changes and not reusing old passwords are recommended practices.
Authentication policies might also include biometric verification or security tokens to add
extra layers of protection.

7. Patch Management and Update Policies

Patch management and update policies ensure software and systems remain secure by
addressing vulnerabilities. These policies outline schedules and processes for applying
patches and updates to operating systems, applications, and hardware. Timely updates
are crucial, as they often contain fixes for security flaws that could be exploited by
attackers.

Effective patch management involves regular monitoring for updates and promptly
applying them across the network environment. It should also include guidelines for
testing patches in a controlled setting prior to deployment, minimizing disruption risks.

8. Incident Response and Reporting Procedures

Incident response and reporting procedures define how to manage security incidents
efficiently. A structured incident response plan outlines the steps to detect, assess, and
mitigate security breaches. Reporting procedures ensure timely communication to
relevant stakeholders and help in documenting incidents for review and future
prevention efforts.

Clear guidelines for identifying potential security breaches enable quick action, while
established communication channels enable coordination during an incident. Post-
incident reviews are essential for refining procedures and bolstering future defenses. An
organized response framework can reduce the impact and recurrence of security
incidents.

9. Compliance and Regulatory Requirements

Compliance and regulatory requirements may include industry standards like ISO
27001, as well as legal mandates such as GDPR or HIPAA. A network security policy
ensures the organization adheres to these guidelines, thereby avoiding potential legal
repercussions and financial penalties.

Understanding and integrating applicable compliance requirements into security policies

promotes a structured approach to risk management. Keeping policies aligned with
regulations ensures that security controls meet both legal obligations and industry best
practices. Regular audits and assessments help maintain compliance and uncover
areas for improvement

Network Security Diagram Examples to

Visualize Firewalls, Segmentation, and
Access Control

1. Basic Network Security Diagram Example

Shows a standard network layout with firewalls, DMZ, and security controls.
Helps teams visualize traffic flows and identify potential vulnerabilities in a
simple, easy-to-understand structure.