week 24

K1.24 Principles of network security and their application to prevent the unauthorised access, misuse, modification or denial of a computer, information system or data:

Network security is about using policies, tools, and controls to protect systems and data from cyber threats, unauthorised users, and damage or loss.

The CIA Triad

The CIA triad forms the foundation of all digital security practices. It helps protect networks from attack, misuse, and failure.

Example: If a user cannot access a system due to a DDoS attack, availability has been compromised.

IAAA – Identification, Authentication, Authorisation, Accountability

These four principles are used together to ensure only the right people can access systems, and that all actions are tracked and controlled.

Together, these reduce the chances of unauthorised access or abuse of privileges.

Practical Applications in Network Security

These principles are put into action using tools and policies that help secure the network further.

Directory Services (e.g. Active Directory)

Centralised systems that manage users, devices, permissions, and access rights.

Use Case:

• Allows IT teams to control which users can access which folders, applications or devices

• Supports group policies for password control and software permissions

Links directly to identification, authentication, and authorisation.

Security Authentication Process

Validates users trying to access systems.

Examples:

• Single sign-on (SSO): Log in once to access many systems

• Multi-factor authentication (MFA): Combines password + something you have (e.g. phone)

• Biometrics: Fingerprint, face scan

Strengthens authentication by requiring more than just a password.

Use of Passwords and Security Implications

Passwords must be strong, unique, and regularly updated to stay effective.

Best Practices:

• Minimum 12 characters

• Use of symbols, numbers, upper/lower case

• No reuse across systems

Risks if not followed:

• Easy password guessing or brute-force attacks

• Credential stuffing using leaked passwords

Weak password policies can break confidentiality and authorisation.

Identification and Protection of Data

Know what data exists, where it is, and how it must be protected.

Actions:

• Classify data (e.g. personal, sensitive, public)

• Encrypt sensitive files

• Limit who can access/edit them

Supports confidentiality and integrity of the data.

Information Asset Register

A live inventory of all IT assets (hardware, software, databases, etc.)

Purpose:

• Know what you have

• Monitor who owns it

• Understand which assets are most critical

• Helps in risk management and disaster recovery

Ensures accountability, availability, and supports decision-making during a cyber incident.

Discuss network security and its application to prevent unauthorised access or misuse.

Discuss in small groups the CIA triad and IAAA.

Create a poster for the CIA triad (confidentiality, integrity and availability) showing how this is applied to security and how it helps protect against cyber attacks. 

Secure the School Network
Scenario:
You are part of the IT team at a college. You need to protect the network from unauthorised access and maintain the confidentiality, integrity and availability of systems.
Task:
1. Identify three risks (e.g. weak passwords, unknown devices, unauthorised app installation).
2. For each, explain:
        Which CIA principle is at risk
        Which IAAA principle is needed to fix it
        What policy, process or tool should be used to help
Extension:
Draw a diagram showing how a user logs in, is authenticated, is granted access, and has their activity monitored.

Last Updated
2025-07-14 14:12:56