1. COMP.SEC.100
  2. 20. Network Security
  3. 20.3 Network structures (advanced)

Network structures (advanced)

This section presents key wireless networking implementations and illustrates through them why ensuring network security is important. The purpose is not to provide direct solutions, but to help understand security objectives and the context-dependent challenges associated with them.

Local area networks (advanced)

A local area network (LAN) is the most common network type used in data transmission, and it is often (incorrectly) associated with low security requirements. LANs connect systems and services into larger entities, and the internet itself consists of such interconnected networks of organisations and households. A typical mistake is to trust the security of one’s own network without assessing its actual state. The more devices are connected to a network, the more difficult it is to secure, and individual devices can weaken the security of the entire network. Without additional protections, such as firewalls or encryption, attackers can use services without authorisation, monitor traffic, and gain access to sensitive information.

The situation is emphasised when devices are not fully under the control of the administrator. For example, the BYOD model allows employees to connect their own, potentially untrusted, devices to a corporate network, which in the worst case may lead to leakage of internal data. In addition, physical access to the network enables the connection of malicious devices. An attacker may also impersonate another user by stealing a network identity, for example by cloning a MAC address and thus appearing as a trusted party.

Although LANs are structurally simple, their protection involves key challenges:

  • can it be controlled which devices connect to the network and can untrusted connections be prevented;
  • can users and devices be monitored to detect attacks;
  • can the network be divided into isolated parts (e.g. subnets) to limit damage.

Interconnected networks and the Internet (advanced)

Securing data transmission becomes significantly more difficult when data travels across multiple networks. A typical example is connecting a local network to the internet or establishing a connection between two sites, which is often implemented using a VPN solution. A VPN enables a private and secure connection over a public network.

Without additional protection, connecting networks exposes data transmission to multiple risks. On the internet, traffic passes through several routers, each of which can in principle observe or modify it. The sender generally has no control over transmission routes, and there is a risk that an attacker may redirect traffic through a compromised node. For example, malicious routing announcements can influence how traffic flows through the network.

In enterprise networks, the risk is increased by third-party services such as cloud and data centre solutions, which are integrated into the organisation’s own network. In such cases, part of the data transmission and data itself is moved to infrastructure that is not under the organisation’s direct control, potentially exposing sensitive information.

Key questions include:

  • can secure communication (confidentiality and integrity) be ensured over an untrusted network?
  • how can different networks be securely interconnected, for example in enterprise environments?
  • how can routing of data transmission be ensured or monitored, and attacks against it detected?

Wireless local area networks (WLAN) (advanced)

Wireless local area networks do not fundamentally introduce entirely new security threats, but their use increases the likelihood of certain attacks. In particular, data transmission is more vulnerable to eavesdropping because the signal propagates freely through the air.

Unlike in wired networks, in wireless communication the propagation of the signal cannot be precisely limited. This makes it easier for attackers to access network traffic: the signal may extend beyond buildings, and a physical wall alone does not prevent its detection. Without additional protection (e.g. Faraday cage–type solutions), attackers can locate and monitor networks. Therefore, in wireless networks, access control, protection of data transmission, and confidentiality of communication are emphasised – including protection against traffic analysis.

In order to better understand the security challenges of wireless networks, the following questions should be considered:

  • How can access control be enforced in wireless networks without compromising usability?
  • How can eavesdropping attacks in wireless communication be prevented or made more difficult?
Posting submission...