Background
As the world increases its adoption of computers, the security threats to computer systems are also increasing. Attackers are working as hard as developers as they try to find ways in which they can gain illegal access to a computer system (The Daily Swig, 2021). A Cybersecurity and news and views channel that focuses on providing data about recent Cybersecurity issues, The Daily Swig publishes a new Cybersecurity attack on different major organizations almost every single day (The Daily Swig, 2021). Most of the cases posted by The Daily Swig show discuss the dire effects that the attacks have on businesses, governments, and individuals.
Most Cybersecurity attacks originate from the networking section of the computers. Computers connected to any network, be it local or through the internet, are always under constant threat of an attack. Whether carried out by hacktivist groups or state-sponsored cyber warfare operations, the attacks are increasingly causing worry (Robertazzi, 2017). Every organization or establishment with networked computers acknowledges the potential attacks their computer system faces. Such establishments also need to understand different strategies and practices that they can adopt to prevent themselves from Cybersecurity attacks.
Statement of the Problem
The rising number of Cybersecurity attacks that are widely propagated by the networking of computer systems has led to the need for organizations or any other establishments that depend on networked computers to understand how they can prevent themselves from such attacks (Robertazzi, 2017). Several strategies, including hardware and software and adopting processes, can prevent attacks. Computer users need to have various approaches to ward off and limit attacks on their computer systems to maintain security. This research paper intends to find out the different networking devices and how they can be deployed to prevent Cybersecurity attacks and increase the safety of computer networks.
Research Questions
This research will be guided by three questions, one primary question, and two subsidiary questions. The research questions will guide the study and help address the research problem.
Primary Research Question
What are the different networking security devices, and how are they deployed in securing computer networks?
Subsidiary Research Questions
- What are the computing threats that originate from computer networking?
- What are the current trends in computing that seek to improve network security?
Research Methods
This research will employ document analysis in collecting information about network devices and the security of computer systems. Document analysis is qualitative research in which documentary materials are studied and specific research questions are addressed systemically. When document analysis is part of qualitative research, the researcher needs to go over the findings several times before drawing any meaningful conclusions about the construct they are researching (“Document Analysis,” 2018). This research will involve the analysis of published journals in computer networking and pick up relevant data about the study from the documents.
Literature Review
The earliest instances of computer networks trace back to 1961 when Leonard Kleinrock proposed the idea of ARPANET. The development of ARPANET began in 1966, but the company officially started in 1969 (Robertazzi, 2017). The views by Kleinrock were scrutinized, improved, and finally adopted. Since then, the development of computer networks has become rapid, and contemporary society is powered by computer networks (Dastres, 2021). The internet is the largest network globally and connects virtually any eligible devices irrespective of their locations in the world.
Network Security Threats
However, although networking seeks to improve communication and cut costs for organizations intending to apply its use, it also comes with its baggage. Businesses face a wide range of network security threats, which can cripple a company or an organization if the threats materialize (Dastres, 2021). Most threats that affect computer systems originate from their connections to a network or the internet. Without the networks, the threats and the insecurities that computers face now would be minimal. Among many others, the hazards that the businesses can be subjected to from their networking activities include the following:
Malware/Ransomware
Ransomware is malicious software that encrypts and holds hostage a computer system until a ransom is paid in the case of ransomware. The ransom demand frequently includes a time limit, and unless the victim pays the ransom promptly, the data is permanently deleted, or the demanded amount rises (Humayun et al., 2021). In recent years, ransomware attacks have grown far too familiar. Corporations across North America and Europe have been impacted due to this issue. The victims of cybercrime come from a wide range of industries, including retail, manufacturing, healthcare, and government.
Businesses are hit by ransomware every 14 seconds. Between 2017 and 2018, ransomware attacks on IoT devices increased by 217.5 percent. The advent of cryptocurrencies like Bitcoin, which allow hackers to make ransom demands anonymously, triggered an explosion in the use of ransomware (Humayun et al., 2021). A ransomware attack ensures that security database systems are breached, data is encrypted, and files are threatened with deletion or alteration until a large ransom payment is made. Businesses should plan and implement a ransomware recovery strategy to avoid losing data, disrupting operations, and incurring additional expenditures.
Botnets
Networks of infected computers are known as botnets, and they’re used to commit a wide range of online fraud and cybercrime. A combination of “robot” and “network” makes up the term “botnet.” Creating a botnet is typically the first step in a multi-layered strategy that aims at attacking several computers in a network (Hasan et a., 2019). Large-scale attacks like data theft, server failure, and the transmission of malware can be automated by bots. Even though botnets are not malware, they are often considered one of the internet’s most dangerous threats. Large-scale attacks can be carried out by exploiting the very sophisticated networks of compromised PCs. Distributed Denial of Service (DDoS) assaults are carried out by “zombie” machines that are generated by each botnet and utilized to swarm “zombie” computers (Hasan et a., 2019). If the target is overwhelmed, they will be forced to pay the ransom to get their system back.
Computer Viruses and Worms
When a malicious application is downloaded and executed on a computer without the user’s permission, it is a computer virus. A computer worm is a virus that spreads from one computer to another. A worm doesn’t need to be attached to a piece of software for it to spread and wreak damage (Dastres, 2021). A significant contrast between worms and viruses is that computer viruses require an active host application or an operating system that has been infected, infect other executable files or documents, execute operations and cause damage. Also, worms replicate themselves and spread over computer networks without human intervention, whereas viruses require human intervention.
An estimated 33 percent of home computers have malware installed, with viruses constituting most infections. Viruses can lie latent in a system or host file until a timer or other event activates them. However, worms use macros to infect documents and spreadsheets. Viruses and worms must first infect a single machine and then begin duplicating themselves to spread to as many networks and computers as possible and are often transmitted via software weaknesses. (Dastres, 2021). Proliferate fast after they’ve established themselves in a system, infecting as many components and users as they can.
Phishing Attacks
Phishing is a form of social engineering in which an attacker sends a fake communication with the intent of tricking a computer user into disclosing sensitive information or installing harmful software on their devices. Passwords, usernames, and credit card information are common targets for phishing attacks. Instant chats or phishing emails that appear to be from a legitimate source are used in these attacks, which mimic well-known websites, banking institutions, and personal relationships (Abazari et al., 2016). After clicking on the reply button or visiting an embedded URL in these messages, the user might provide their credentials or financial information sent to the fraudulent source.
DDoS (Distributed Denial of Service)
A distributed denial-of-service (DDoS) attack sends a torrent of Internet traffic to the target or its surrounding infrastructure to disrupt a server, service, or network’s usual traffic. According to research, about 33% of businesses have been hit by DDoS attacks. In the event of a DDoS attack, firms that rely on online revenue, such as social networking and e-commerce sites, might lose millions of dollars in revenue each day their websites are unavailable (Abarazi et al., 2016). A DDoS attack might involve thousands of devices, many of which are not owned by the perpetrator. Instead, most infected PCs may be part of a botnet connected to the attacker’s network and distributed throughout the world.
Cryptojacking
Cryptojacking is when a criminal exploits a computer’s processing power to mine bitcoin. Hackers have used Cryptojacking to steal bitcoin from unwitting victims for financial gain long before Bitcoin’s stratospheric surge in 2017. Although cryptojacking attacks can be likened to worms and viruses, the end goal of cryptojacking is to steal CPU resources rather than tamper with data and information (Abazari et al., 2016). A cryptojacking attack can trick computer users into downloading mining software, which is then used to mine bitcoin on their computers by exploiting their CPU processing power.
APT (Advanced Persistent Threats)
A persistent advanced threat (APT) occurs when an attacker gains access to a system or network and remains undetected for a lengthy period. The APT obtains financial and other critical security data without identifying itself using the victim’s network. APTs gain network access using malware, exploit kits, and other advanced techniques employed by APT architects (Abazari et al., 2016). An ATP attacker remains idling until they find the login credentials they want after bypassing the firewall. The APT uses these credentials to breach the network to access more system components and steal as much data as possible.
Trojan Horse
The term “Trojan horse” refers to a virus-infected program that looks harmless. As soon as a Trojan horse can get network access, the attacker can record keystrokes and subsequently gather sensitive personal data. Like phishing scams, Trojan horse attacks are usually disseminated via email (Abazari et al., 2016). Emails that look to have been sent from a trusted source will have an attachment that quickly uploads malware onto the victim’s computer if they are clicked on. A Trojan Horse attack may hijack an infected computer’s webcam and access most personal information from the user at any time.
Rootkits
Rootkits are a collection of tools that an attacker deploys on a network after successfully exploiting a security flaw in the target software. Using a rootkit, the attacker can gain remote access to the victim’s system and administrator privileges on their entire corporate network. After establishing a remote access connection, rootkits execute many harmful attacks, including keylogging, password stealing, antivirus disabling, and much more. When a rootkit is installed, a computer system behaves like a zombie computer, allowing the hacker to take complete control of a device via remote access (Abazari et al., 2016). This rootkit feature that makes a computer a zombie, gives them their strength. Rootkits may appear genuine with fileless malware because the hacker has privileged access to system files and processes. Rootkits cause computers to deceive the users and, sometimes, even deceive antivirus and security applications.
SQL Injection Attack
SQL injection, often known as SQLI, can corrupt back-end databases and get access to data that is not meant to be displayed. SQL injection attacks exploit security flaws to gain or remove sensitive data (Abazari et al., 2016). Data-driven assaults are gradually becoming one of the world’s most critical privacy dangers as many e-commerce systems continue to rely on SQL searches for inventory and order processing. Depending on its scale and the size of the business, a successful SQL injection might cost a corporation millions, if not billions, of dollars.
Spyware
Spyware is harmful software installed on a computer without the user’s knowledge. Spyware is a virus or malware that infects a computer, collects personal information, and distributes it to advertising businesses, data companies, or other third-party users. If the software is downloaded without the user’s knowledge, it is classified as spyware. Spyware is the most common internet user enemy. After installation, it monitors web traffic, logs login credentials, and eavesdrops on sensitive information. The majority of spyware is intended to steal credit card numbers, bank account information, and passwords from consumers’ computers and follow their travels. Spyware can also be put discreetly on mobile phones by jealous spouses, ex-partners, and concerned parents. The spyware can eavesdrop on phone calls, record conversations, and personal access data such as images and videos. A dramatic decline in processor or network connection speeds and data usage, as well as battery life on mobile devices, is one sign that a computer has been infected with spyware.
Other threats to computer systems spread through computer networks also exist, but the eleven threats are the most prevalent threats affecting computers. The threats discussed often interrelate to each other. The intent of the threats is always to gain resources from the computer resources, either through asking the users to pay or by gaining illegal access and stealing information from the users. However, the threats posed to the computer and the network systems can be mitigated. In most times, those who fall victim to the attack have usually not put in standard measures to mitigate the attacks. Users can prevent the threats from materializing through network security devices.
Network Security Devices
Network security is essential for computer systems and networks safe and efficient operation. Protecting sensitive data, shielding against unauthorized intrusion, risks, and potential security problems are all part of a network’s security (Robertazzi, 2017). The most crucial components for ensuring network security are encryption and strong passwords, antivirus software, and advanced network security equipment to protect a network. There are four basic types of network security devices: Antivirus scanners, content filtering devices, and firewalls are all examples of active devices to protect computer systems. Such devices are used to stop traffic from building up. Passive intrusion detection appliances, such as firewalls and preventative network devices, such as penetration testing and vulnerability assessment appliances, make up the last two groups of network devices (Robertazzi, 2017). These gadgets keep an eye out for possible security breaches on networks. One-stop shopping for security is provided by unified threat management (UTM) solutions, including firewalls, content filtering, and web caching.
Firewall
Firewalls monitor and filter network traffic following predetermined rules. Installing a firewall on a computer can help users keep their network safe from the outside world. A firewall’s job is to intercept traffic at the “border” of a private network to keep intruders from getting in. For each message, the firewall thoroughly examines it before allowing it to leave or enter the private network (Shirali-Shahreza & Ganjali, 2018). Security checks are completed in this stage, and the communication (also known as a network packet) can proceed to the next phase. A message can only move forward if it fits all of the criteria. Software and hardware firewalls are available. Hardware firewalls can also perform other tasks, such as dynamically allocating IP addresses to network devices.
Hardware firewalls
A hardware firewall can safeguard an organization’s network by placing the network cables that allow traffic to pass through the firewall in a specific order. Traffic entering a firewall is subjected to several security checks before it is allowed to proceed. It is possible to configure firewalls so that only particular types of traffic can enter or leave a network (Shirali-Shahreza & Ganjali, 2018). There are many advantages to using a firewall, including stopping unwanted traffic from entering the network and prohibiting specific types of traffic from exiting the network. Access restrictions and security inspection functions are also expected on many firewalls. Firewalls may restrict access to particular resources based on signature detection or machine learning results. These filters and safeguards guard against exploitation of network and related systems.
Software Firewalls
A computer user can install software firewalls on your computer by downloading and installing them. Such downloadable and installable firewalls are software firewalls. Computer use may configure your firewall with the help of the features that the firewalls ship with. Firewall software can record everything that happens on the internet. Firewall software can be either installed on another computer or placed on a separate physical device, but several key differences exist between them (Shirali-Shahreza & Ganjali, 2018). Almost all operating systems, including Windows and macOS, ship with a built-in firewall. With these operating system-based firewalls integrated into the operating system, any appropriate hardware can be used. Software firewalls are other than operating system-based firewalls that exist. Stand-alone software firewalls, just like hardware firewalls, are also available. A firm can purchase and deploy software firewalls when a hardware firewall is impractical, such as in cloud environments.
Antivirus
Antivirus software is employed to prevent, scan, identify, and remove viruses from a computer. Computer users need anti-malware and anti-fraud software to keep their computers safe. Web pages, files, software, and apps are scanned by antivirus software as they go across the network to the computer (Dobbs & Kerstein, 2020). It checks for known threats and analyzes the behavior of all programs to point out suspicious activities. It seeks to identify and remove malware as quickly and effectively as possible. An antivirus program can protect a computer and other devices from threats by identifying malicious software in specific files, scheduling automatic scans, scanning individual files or the entire computer at the user’s discretion, eliminating malicious codes or software, and verifying the safety of computers and other devices, among other things (Dobbs & Kerstein, 2020). There are malware signature antivirus types, system monitoring antivirus, and machine learning antivirus.
Malware Signature Antivirus
Malware attacks computers or mobile devices with viruses and spyware without the user’s knowledge. The malware gives cybercriminals access to devices, data, and online activity by stealing login credentials, spamming from computers, or crashing computers. To detect malware signatures and digital fingerprints of malicious software, users need anti-malware software. Antivirus protection may check for and detect dangerous codes and viruses and block these programs. While antivirus protection against malware signatures is critical for detecting and eliminating existing viruses, one shortcoming is its inability to address emerging viruses. Simply put, the antivirus program does not include these new malware signatures.
System Monitoring Antivirus
This antivirus defense can keep an eye out for suspicious or abnormal user activity in software and computer systems (Dobbs & Kerstein, 2020). For example, alarms are sent when a user connects to unknown websites, seeks to view many files, or significantly increases data usage.
Machine Learning Antivirus
Machine learning algorithms can also be used as a form of defense through observing typical computer or network activity. Programs or devices that exhibit suspicious behavior can be restricted by antivirus software that incorporates machine learning. Methods used in machine learning detection enable malware detection with a greater reach. When used in conjunction with other antivirus software, this kind of protection provides multiple layers of security.
Content Filtering Devices
Content filtering methods are deployed to eradicate potentially hazardous and objectionable internet content, including unwanted emails, persistent spam, and websites. A blacklist of terms is used to check the safety of web content, which is scanned using these devices. Some CFDs can store and notify users of well-known spam websites and email addresses before interacting with them (Zhao et al., 2017). These devices provide an “Access Denied” error when someone tries to access unverified, potentially harmful content. For example, pornographic and malicious content is blocked by default on this network security device. However, spam pitching items and unwanted mailings can be filtered out by your firm.
Intrusion Detection Systems
Hostile activity on a network can be detected and prevented using Intrusion Detection Systems, also known as Intrusion Detection and Prevention Systems (Khraisat et al., 2019). IDS will provide helpful information about a network’s activity, which may be utilized to improve its security. IDSs help raise alarms when malicious packets attempt to disrupt your network, which causes the packets to be dropped. IDSs also reset network channel connections to prevent the network from blocking all subsequent valid network traffic.
The network security devices are used in protecting computers in a network or a network from the threats that the computer systems and the networks face. The different network security devices protect from various security threats that the networks and the computer systems face.
How Networking Security Devices Protect Against Networking Threats
Different networking devices can protect computer systems from various security threats originating from computer networks. Most computer operating systems now have built-in antivirus systems that protect from several malware attacks. For example, the Windows Operating System ships with Windows Defender, an antivirus developed for windows, and ships pre-activated. Several antivirus software is also available in the market. The purchased antivirus software offers more specialized protection and services than the default antiviruses.
Antivirus
The use of antivirus can protect against several network security threats. Antiviruses protect from ransomware by preventing the installation of the ransomware and deleting any potential ransomware files that may find their way into the computer systems (Abazari et al., 2016). Anti-virus also protects from computer viruses and worms by detecting the viruses, deleting them, and preventing their installation and spread to other computers in the network. Other antivirus software is built to detect phishing attacks, warning the user from falling prey to the attacks. Finally, antiviruses are equipped with code that helps them detect and eliminate Trojan Horse attacks (Abazari et al., 2016). Antiviruses scan every program before running and thus uncover the Trojan Horse program’s viruses.
Firewall
Firewalls work by filtering the traffic that gets into computer systems. Firewalls prevent the attacks from reaching the computer system, using its assigned rules. A firewall will only allow particular packets to get into the computer system and deny packets blocked by the user. Therefore, effective use of firewalls in preventing an attack from a network involves the user understanding what kind of packets will cause an attack and block them (Shirali-Shahreza & Ganjali, 2018). Therefore, firewalls can keep off-network security threats such as ransomware, viruses and worms, rootkits, SQL injection, APTs, and DDoS. Such computer network threats thrive through sending packets that destabilize and attack the computer systems. When a firewall is used, however, the packets from such attacks will not find their way into the computer systems, and the computer systems will consequently remain safe.
Content Filtering Devices
Content filtering devices protect from network attacks by limiting the content that a computer user can access. Content filtering devices are constantly updated with content that the computer system should not access and prevents the computer systems from receiving such content, even if the user requests the content (Zhao et al., 2017). Content filtering devices can block network security threats such as viruses and phishing. Computer users might decide to prevent the computer from receiving certain types of files that may be viruses or certain types of emails that may lead to successful phishing attempts.
Intrusion Detection Systems
Intrusion detection systems work after the above measures have been unable to stop the attacks from getting into the computer systems. Intrusion detection devices work to stop the attacks that have found their way into the computer systems from propagating and becoming successful (Khraisat et al., 2019). Intrusion detection systems can successfully catch almost all the threats from the networks. When a system gets attacked, the intrusion detection system will notice that the system is not functioning normally due to an external body, which is most likely an attack. The IDSs alert the user of the malware or the attack that has hit the computer system and might offer solutions that the user might take to remove the attack (Khraisat et al., 2019). The IDS can also purge the attack and prevent damage from hitting the computer systems.
There is a need to successfully protect data from the materialization of the threats in the computer and the networking systems. However, an organization or an individual connected to a network needs to employ more strategies than one. It is common to find organizations operating all five to prevent and remedy attacks. Using all the methods and the network devices results in a more secure computer system environment. Further, using different strategies leads to the approach complementing each other. For example, a firewall might fail to prevent a virus from entering a computer system, but the virus will be purged if the antivirus is present.
Conclusion
Computer networks have had several advantages that have eased communications and helped organizations cut operational costs in businesses. However, networking in an organization is susceptible to attacks that can lead to dire losses if the attacks materialize. Most attacks that target computer systems at personal and organizational levels originate from the internet or other network connections. Several threats can attack computer systems, but this research paper looks at ten of the most common attacks. Several networking devices that aim at keeping networks secure also exist. Such devices either work by intercepting threats before they hit the networks or computer systems or by eliminating the threats that are about to establish themselves in the systems. The networking devices are implemented to eliminate the threats that affect networks and the computer systems on the networks. Therefore, security devices prevent and rectify any threats that hit computer systems.
References
Abazari, F., Madani, A., & Gharaee, H. (2016). Optimal response to computer network threats. 2016 8th International Symposium on Telecommunications (IST). Published. Web.
Dastres, R. (2021). A Review in Recent Development of Network Threats and Security Measures. Archive ouverte HAL. Web.
Dobbs, T., & Kerstein, R. (2020). Antivirus technology. The Bulletin of the Royal College of Surgeons of England, 102(5), 212–213. Web.
Document Analysis. (2018). The SAGE Encyclopedia of Educational Research, Measurement, And. Published. Web.
Hasan, M. Z., Hussain, M. Z., & Ullah, Z. (2019). Computer Viruses, Attacks, and Security Methods. Lahore Garrison University Research Journal of Computer Science and Information Technology, 3(3), 20-25.
Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets, and challenges. Cybersecurity, 2(1). Web.
Robertazzi, T. G. (2017). Introduction to Computer Networking. Computer Science. Published. Web.
Shirali-Shahreza, S., & Ganjali, Y. (2018). Protecting Home User Devices with an SDN-Based Firewall. IEEE Transactions on Consumer Electronics, 64(1), 92–100. Web.
The Daily Swig. (2021). Latest cyber-attack news. Web.
Zhao, F., Yan, F., Jin, H., Yang, L. T., & Yu, C. (2017). Personalized Mobile Searching Approach Based on Combining Content-Based Filtering and Collaborative Filtering. IEEE Systems Journal, 11(1), 324–332. Web.