Describe The Goals Of Creating Secure Networks

Posted on December 26, 2025

Describe the goals of creating secure networks

Creating secure networks aims to protect the confidentiality, integrity, and availability of information as it traverses various communication channels. The primary goals include ensuring that data remains confidential and accessible only to authorized users, while preventing unauthorized access and malicious interference. Additionally, secure networks strive to maintain the functionality of network services, prevent disruptions, and mitigate risks from threats and attacks, such as Denial-of-Service (DoS) attacks, ARP poisoning, and unauthorized access attempts. Achieving these objectives involves implementing various security measures like access controls, encryption standards, intrusion detection systems, and secure network architectures to safeguard organizational communication resources.

Explain how denial-of-service (DoS) attacks work

Denial-of-Service (DoS) attacks work by overwhelming a targeted network, server, or application with excessive traffic or malicious requests, rendering it unavailable to legitimate users. The attacker floods the target with a high volume of packets, which exhausts its resources—such as bandwidth, processing power, or memory—causing service disruptions or complete shutdowns. There are various methods of executing DoS attacks, including SYN floods, where the attacker exploits the TCP handshake process, and amplification attacks like Smurf, which utilize misconfigured network devices to reflect malicious traffic. Distributed DoS (DDoS) attacks involve multiple compromised systems or botnets working in concert to intensify the attack, making it more difficult to mitigate. These attacks aim to cause harm by disrupting business operations, damaging reputation, and incurring financial losses.

Explain how ARP poisoning works

ARP poisoning operates by manipulating the Address Resolution Protocol (ARP) tables of hosts within a Local Area Network (LAN). Normally, ARP maps IP addresses to MAC addresses through trusted requests and replies, allowing devices to communicate effectively. However, in ARP poisoning, an attacker sends falsified ARP reply messages, associating their MAC address with the IP address of a legitimate network device, such as a gateway or server. This causes hosts to update their ARP tables with incorrect information, redirecting traffic intended for legitimate devices to the attacker’s machine. As a result, the attacker can perform man-in-the-middle attacks, eavesdrop on sensitive data, or launch further attacks such as session hijacking or data interception. Because ARP does not include authentication, this vulnerability can be exploited quite easily in networks lacking adequate security measures.

Know why access controls are important for networks

Access controls are vital in networks because they regulate who can access specific resources and data, thereby preventing unauthorized users from gaining entry. They safeguard sensitive information, critical systems, and operational capabilities from malicious actors and insider threats. Proper access controls enforce policies based on user identity, roles, and permissions, ensuring that users have only the necessary privileges to perform their duties. This reduces the risk of data breaches, information leakage, and sabotage. Furthermore, access controls help organizations comply with legal and regulatory standards, support audit and accountability processes, and enhance overall security posture by limiting attack surface exposure.

Explain how to secure Ethernet networks

Securing Ethernet networks involves multiple layers of protection, including implementing port security, configuring VLANs, and enabling physical security measures. Port security can be used to restrict the number of MAC addresses learned on a switch port and prevent unauthorized devices from connecting. Virtual Local Area Networks (VLANs) segment the network into isolated domains, minimizing broadcast traffic and limiting the impact of attacks such as ARP spoofing. Enabling 802.1X port-based authentication adds an additional layer by requiring devices to authenticate before gaining network access. Additionally, using secure protocols like SSH instead of Telnet, disabling unused ports, and monitoring network traffic for anomalies further strengthen Ethernet security. Regularly updating firmware and applying patches help close vulnerabilities, while implementing physically secured network infrastructure prevents unauthorized access to cabling and hardware.

Describe wireless (WLAN) security standards

Wireless Local Area Network (WLAN) security standards aim to protect wireless communications from eavesdropping, unauthorized access, and data tampering. Early standards like Wired Equivalent Privacy (WEP) offered basic encryption but were found to be insecure, prompting the development of more robust standards such as Wi-Fi Protected Access (WPA), WPA2, and WPA3. WPA2 employs Advanced Encryption Standard (AES) encryption, which substantially enhances security, while WPA3 introduces even stronger encryption methods and protections against dictionary attacks and side-channel vulnerabilities. These standards provide mechanisms for authentication, encryption, and key management, including the Extensible Authentication Protocol (EAP) and 802.1X, allowing enterprise-level security configurations. Proper deployment of these standards, combined with strong passwords, frequent rekeying, and network monitoring, is essential to safeguard WLANs against unauthorized access and attacks.

Describe potential attacks against wireless networks

Wireless networks are vulnerable to several potential attacks due to their broadcast nature and often weak security implementations. Evil Twin attacks involve setting up rogue access points that mimic legitimate ones, luring users to connect and intercepting their data. Man-in-the-middle attacks can occur when attackers exploit weak encryption or fallback to insecure protocols, enabling them to eavesdrop on wireless traffic. Replay attacks involve capturing valid data packets and retransmitting them to deceive or manipulate network behavior. Disassociation and jamming attacks disrupt wireless connectivity by flooding the network with disassociation frames or radio interference, preventing legitimate devices from connecting or maintaining a session. Additionally, attackers may exploit weak or default passwords, outdated security protocols, or misconfigured devices to gain unauthorized access or cause service disruptions. Awareness and implementing strong security measures are critical to counteracting these threats.

Paper For Above instruction

Creating secure networks is a fundamental objective in the field of information security, emphasizing the protection of data integrity, confidentiality, and availability. As networks become increasingly complex and pervasive, organizations face evolving threats, making security a top priority. The overarching goals of secure network design include ensuring that authorized users have reliable access to resources while preventing unauthorized access and malicious activities. This paper explores various aspects related to securing networks, including the primary goals, threat types such as DoS attacks and ARP poisoning, and security standards relevant to wired and wireless environments.

One of the key goals of creating secure networks is to ensure availability. In a business context, this means that users and systems should have continuous, reliable access to information and services. Downtime or disruptions can result in significant financial losses, reputational damage, and operational inefficiencies. Furthermore, confidentiality is essential; protecting sensitive data from unauthorized access preserves user privacy and organizational integrity. Functionality, or the ability of a network to operate as intended without interference, is equally important, as malicious attacks or misconfigurations can compromise system performance. Lastly, access controls act as gatekeepers, regulating who can use or modify network resources, thereby reducing the risk of insider threats or external breaches.

The evolving landscape of network security has rendered traditional perimeter defenses less effective, leading to the conceptual shift from a "castle" model to a "city" model. The castle model advocates fortified barriers controlling a single entry point, but this approach is no longer practical given the proliferation of mobile devices and remote access. Conversely, the city model emphasizes persistent internal defenses, segmentation, and user-based access privileges, requiring internal intrusion detection systems, virtual LANs, and strong authentication measures. This dynamic environment underscores the importance of multi-layered security strategies tailored to modern network architectures.

Denial-of-Service (DoS) attacks exemplify a prevalent threat to network availability. These attacks aim to disrupt services by overwhelming the target with a flood of malicious traffic, such as SYN floods, where attackers exploit TCP handshake mechanics. Distributed Denial-of-Service (DDoS) attacks amplify this threat by harnessing networks of compromised devices, known as botnets, to launch large-scale assaults. Techniques like reflection and amplification, including Smurf attacks, misuse network vulnerabilities to flood targets indirectly. These attacks not only impair operational effectiveness but also lead to financial losses and damage to organizational reputation.

Countering DoS attacks involves a combination of techniques, such as validating TCP handshakes and applying rate limits on traffic inflow. Firewalls equipped with emergency response capabilities, like SYN cookies, can help mitigate the impact by differentiating legitimate connections from malicious traffic. Additionally, deploying intrusion detection systems (IDS) and traffic filtering mechanisms are vital in identifying and thwarting ongoing attacks, safeguarding network availability. As threat actors continually evolve their methods, proactive monitoring and adaptive defense strategies remain critical components of an effective security posture.

ARP poisoning, a common LAN attack, manipulates the protocol used to resolve IP addresses to MAC addresses. Since ARP does not enforce authentication, attackers can send falsified replies, associating their own MAC address with targeted IP addresses—most notably, the network gateway. This adulteration facilitates man-in-the-middle attacks, allowing attackers to eavesdrop, intercept, or alter data in transit. The consequences include compromised confidentiality and potential service disruptions, as malicious traffic can mislead or overload network devices. To mitigate ARP poisoning, static ARP entries and dynamic ARP inspection are employed, alongside network segmentation and monitoring for suspicious ARP activity.

Access controls are a cornerstone of network security, serving to restrict unauthorized users from accessing sensitive data or critical systems. Implementations such as authentication protocols, role-based access control (RBAC), and encryption enable organizations to enforce policies aligned with the principle of least privilege. Proper access control mechanisms prevent data breaches, insider threats, and unauthorized modifications, ensuring system integrity and confidentiality. They also facilitate compliance with regulatory standards and foster accountability by maintaining logs of user activities. As networks grow more complex, implementing multi-factor authentication and dynamic authorization measures enhances the security and robustness of access control frameworks.

Securing Ethernet networks necessitates multiple layers of defense. Physical security measures prevent unauthorized hardware access, while switch port security restricts device connections to known MAC addresses. Enabling Virtual LANs (VLANs) partitions the network into isolated segments, reducing broadcast domains and containing potential attacks. Extensible Authentication Protocol (EAP) with 802.1X port-based access control permits authentication before granting access, thwarting unauthorized devices. Regularly updating firmware, disabling unused ports, and monitoring network traffic detect anomalies early. Employing encryption protocols such as MACsec further enhances data confidentiality on Ethernet links. These practices collectively contribute to a resilient wired network environment resistant to intrusion and data compromise.

Wireless Local Area Networks (WLANs) introduce flexibility but also pose unique security challenges. Standards like WEP, WPA, WPA2, and WPA3 define protocols for encrypting wireless traffic and authenticating users. While WEP is now deprecated due to vulnerabilities, WPA2 with AES encryption offers robust security, and WPA3 provides enhanced protections against dictionary and side-channel attacks. Security measures include strong passwords, dynamic key management, and enterprise authentication systems leveraging 802.1X and Extensible Authentication Protocol (EAP). Regular firmware updates, disabling WPS, and implementing network segmentation bolster WLAN security, making it resilient against unauthorized access and passive eavesdropping.

Wireless networks are susceptible to several sophisticated attacks. Evil Twin attacks create rogue access points mimicking legitimate ones, tricking users into connecting and capturing data. Man-in-the-middle attacks exploit weak encryption, intercepting or altering communications. Replay attacks reuse captured packets to deceive systems, while disassociation attacks flood the network with disconnection frames or interference, disrupting sessions. Exploiting default or weak passwords, outdated protocols, and misconfigurations allows attackers to infiltrate WLANs easily. Safeguarding wireless networks requires implementing strong encryption standards, conducting regular security audits, deploying Intrusion Detection Systems (IDS), and educating users about threats.

References

Bishop, M. (2003). Introduction to Computer Security. Addison-Wesley.
Boyle, R. J., & Panko, R. R. (2016). Security Networks (Mis450). Pearson.
Chen, S., & Zhao, S. (2020). Wireless network security standards and their vulnerabilities. IEEE Communications Surveys & Tutorials, 22(2), 1071-1090.
Kerr, R. (2020). A comprehensive review of DDoS mitigation strategies. Cybersecurity Journal, 6(4), 112-129.
Moore, T., & Clayton, R. (2017). The evolving threat of ARP poisoning. Journal of Network Security, 15(3), 45-53.
Shin, R., et al. (2018). Securing Ethernet connections with advanced authentication techniques. IEEE Transactions on Network and Service Management, 15(2), 748-761.
Stallings, W. (2017). Network Security Essentials: Applications and Standards. Pearson.
Vacca, J. R. (2014). Computer and Information Security Handbook. Elsevier.
Wang, H., & Li, H. (2019). Analysis of WPA3 security protocol enhancements. International Journal of Network Security, 21(5), 809-817.
Zhou, W., et al. (2021). Countermeasures against wireless jamming and DoS attacks. Wireless Communications and Mobile Computing, 2021.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.