Network Security and Troubleshooting
Learning Objectives
By the end of this section, you will be able to:
- Identify common network security threats and vulnerabilities
- Implement basic network security measures
- Use systematic troubleshooting methodologies
- Document and resolve network issues effectively
- Monitor network performance and identify potential problems
Introduction: Why Network Security Matters
Imagine leaving your office building unlocked with all the doors wide open and a sign saying "Come in and take whatever you want!" That's essentially what an unsecured network is like - it gives attackers easy access to your business data, customer information, and critical systems.
Network security isn't just about keeping hackers out; it's about ensuring your business can operate reliably and your customers can trust you with their information.
Common Network Security Threats
1. Unauthorized Access
What it is: People connecting to your network without permission
Real-world examples:
- Competitors sitting in your parking lot and using your WiFi to access internal systems
- Former employees still having access to network resources
- Visitors connecting to your business network instead of guest network
How it happens:
- Weak or default passwords on WiFi networks
- No password protection on wireless networks
- Physical access to network ports in meeting rooms or common areas
- Shared passwords that never get changed
Impact on business:
- Confidential information stolen or leaked
- Network performance slows down due to unauthorized usage
- Legal liability if customer data is compromised
- Compliance violations in regulated industries
2. Malware and Viruses
What it is: Malicious software that spreads through network connections
Real-world examples:
- Ransomware that encrypts all files on network servers and demands payment
- Keyloggers that record employee passwords and send them to criminals
- Botnet software that uses your computers to attack other companies
How it spreads through networks:
- Email attachments sent to multiple employees
- Infected websites accessed from work computers
- USB drives plugged into work computers
- Network file shares that spread infected files
Impact on business:
- Complete shutdown of business operations
- Loss of all business data
- Customer information stolen
- Reputation damage and loss of customer trust
3. Man-in-the-Middle Attacks
What it is: Attackers intercept network communications between two devices
Real-world analogy: Like someone secretly listening to a phone conversation and possibly changing what each person hears
How it works:
- Attacker sets up fake WiFi network with legitimate-sounding name
- Employee connects to fake network thinking it's legitimate
- All internet traffic flows through attacker's system
- Attacker can see passwords, emails, and confidential data
Common scenarios:
- Fake WiFi hotspots in coffee shops, airports, hotels
- Compromised routers that redirect traffic through attacker systems
- Unsecured wireless networks that can be easily monitored
4. Denial of Service (DoS) Attacks
What it is: Overwhelming your network with fake traffic to make it unusable
Real-world analogy: Like thousands of people calling your business phone number at the same time so legitimate customers can't get through
Types you might encounter:
- Bandwidth flooding: Sending massive amounts of data to overwhelm internet connection
- Connection flooding: Opening thousands of connections to exhaust server resources
- Application attacks: Targeting specific weaknesses in web applications or services
Impact on business:
- Website becomes inaccessible to customers
- Email systems stop working
- VoIP phone systems become unreliable
- Remote workers can't connect to office systems
Essential Network Security Measures
1. Strong Authentication
Router and Switch Passwords:
- Never use default passwords (admin/admin, admin/password)
- Use passwords at least 12 characters long
- Include mix of letters, numbers, and symbols
- Change passwords every 90 days
- Use different passwords for each device
Example strong password: NetWork2024!Secure
- Contains uppercase and lowercase letters
- Includes numbers and symbols
- Not based on dictionary words
- Long enough to resist brute force attacks
Two-Factor Authentication (2FA):
- Requires something you know (password) + something you have (phone, token)
- Available on most business routers and security appliances
- Dramatically reduces risk of unauthorized access
- Should be mandatory for all administrative access
2. WiFi Security
Encryption Standards:
- Never use: Open networks (no password)
- Avoid: WEP (easily broken in minutes)
- Acceptable: WPA2 (current standard, secure if configured properly)
- Preferred: WPA3 (newest standard, strongest security)
WiFi Network Design:
- Separate guest network: Isolated from business systems
- Hidden SSID: Don't broadcast network name (security through obscurity)
- MAC address filtering: Only allow approved devices
- Regular password changes: Change WiFi passwords quarterly
WiFi Password Best Practices:
- At least 15 characters long for WPA2
- Use random words, numbers, and symbols
- Don't use company name, address, or common phrases
- Example:
Coffee$Blue7Mountain!Fast
3. Network Segmentation
What it is: Dividing your network into separate sections with controlled access between them
Real-world analogy: Like having different keycards for different areas of an office building - accounting staff can't access the server room, visitors can't access work areas
Basic segmentation strategy:
- Guest network: For visitors and personal devices
- Employee network: For work computers and phones
- Server network: For databases and critical systems
- IoT network: For printers, security cameras, smart devices
Implementation using VLANs:
- VLAN 10: Guest access (isolated from everything else)
- VLAN 20: Employee workstations (access to internet and approved servers)
- VLAN 30: Servers (restricted access, no internet browsing)
- VLAN 40: Management (network equipment, high security)
Firewall rules between segments:
- Guest network: Internet access only, no access to internal systems
- Employee network: Internet + approved servers, no access to server management
- Server network: No internet access, only approved connections from employee network
4. Firewalls and Access Control
Network Firewall (Router-based):
- Blocks unwanted traffic from internet
- Controls which services can be accessed from outside
- Logs attempted intrusions for security monitoring
- Should be configured to deny all traffic except specifically allowed
Basic firewall rules:
- Block all incoming connections by default
- Allow only specific services (web, email, VPN)
- Block known malicious IP addresses and countries
- Log and alert on suspicious activity
Application Firewall (Software-based):
- Installed on servers and workstations
- Controls which programs can access the network
- Blocks malware from communicating with command servers
- Monitors for suspicious behavior
Systematic Network Troubleshooting
The OSI Model Approach
Think of network problems like a building with 7 floors:
- Start at the bottom (physical) and work your way up
- Don't skip floors - each layer depends on the ones below it
- Once you find the problem, fix it and test each layer above
Layer 1: Physical Layer
"Is everything plugged in and powered on?"
What to check:
- Power cables connected and devices powered on
- Network cables firmly connected (both ends)
- Cable damage (bent, crushed, chewed by pets)
- Port activity lights (should blink or stay solid)
- Environmental issues (overheating, water damage)
Tools to use:
- Cable tester to verify cable continuity
- Visual inspection of all connections
- Voltage tester for power issues
Common problems:
- Loose cable connections (especially patch panels)
- Failed power supplies in network equipment
- Damaged cables (often stepped on or pinched)
- Overheating equipment in closed cabinets
Layer 2: Data Link Layer
"Are devices on the same network segment communicating?"
What to check:
- Switch port status and activity
- MAC address tables on switches
- VLAN configuration and membership
- Duplex and speed settings
Tools to use:
- Switch management interface
arpcommand to check MAC addresses- Network packet capture tools
Common problems:
- Duplex mismatch (one device full-duplex, other half-duplex)
- VLAN misconfigurations
- Switch port errors or failures
- MAC address conflicts
Layer 3: Network Layer
"Can devices reach each other using IP addresses?"
What to check:
- IP address configuration (correct network, subnet mask)
- Default gateway settings
- Routing table entries
- IP address conflicts
Tools to use:
pingcommand to test reachabilityipconfigorifconfigto check IP settingsroutecommand to check routing tables- IP scanner to find address conflicts
Common problems:
- Incorrect IP address or subnet mask
- Wrong default gateway
- Missing or incorrect routes
- DHCP server issues
Layer 4: Transport Layer
"Are specific applications and services working?"
What to check:
- Port numbers for services (web = 80/443, email = 25/110/143)
- Firewall rules blocking specific ports
- Service status on servers
- Connection limits and timeouts
Tools to use:
telnetto test specific port connectivitynetstatto show listening services- Port scanner tools
- Application logs
Common problems:
- Services not running or crashed
- Firewall blocking required ports
- Too many simultaneous connections
- Service configuration errors
The ITIL Problem-Solving Process
Step 1: Problem Identification
Document the problem clearly:
- When did it start?
- Who is affected?
- What exactly isn't working?
- Has anything changed recently?
Example problem statement: "At 2:30 PM today, 5 users in the accounting department reported they cannot access the company database server. The error message says 'Connection timeout.' Other users in different departments can access the server normally. No network changes were made today."
Step 2: Problem Categorization
Classify by impact and urgency:
High Impact, High Urgency:
- Complete network outage affecting all users
- Server crash affecting critical business processes
- Security breach or attack in progress
High Impact, Low Urgency:
- Performance degradation affecting many users
- Planned maintenance requiring downtime
- Equipment reaching end of life
Low Impact, High Urgency:
- Single user unable to access important system before deadline
- Minor security vulnerability that needs immediate patching
Low Impact, Low Urgency:
- Individual workstation issues
- Cosmetic problems with network management interface
- Documentation updates
Step 3: Investigation and Diagnosis
Systematic approach:
- Gather information from users
- Review recent changes (software updates, configuration changes)
- Check system logs for error messages
- Test from multiple locations and devices
- Isolate the problem to specific components
Investigation checklist:
- Can you reproduce the problem?
- Does it affect all users or just some?
- Are there any patterns (time of day, specific applications)?
- What error messages appear?
- When did users last successfully use the affected system?
Step 4: Resolution and Implementation
Fix the immediate problem:
- Apply the most targeted solution possible
- Make one change at a time
- Test after each change
- Have a backup plan if the fix doesn't work
Resolution documentation:
- What was the root cause?
- What steps were taken to fix it?
- What was tested to verify the fix?
- Are any follow-up actions needed?
Step 5: Closure and Review
Verify the solution:
- Confirm with affected users that problem is resolved
- Monitor system for 24-48 hours to ensure stability
- Update problem ticket with final resolution
- Document lessons learned for future reference
Network Monitoring and Maintenance
Performance Monitoring
Key Metrics to Track:
- Bandwidth utilization: How much of available network capacity is being used
- Latency: How long it takes data to travel across the network
- Packet loss: Percentage of data packets that don't reach their destination
- Error rates: Number of corrupted or failed transmissions
Normal vs. Problem Indicators:
- Bandwidth: Normal 70% utilization, problem >85% sustained
- Latency: Normal 50ms internal, problem >100ms
- Packet loss: Normal 0.1%, problem >1%
- Errors: Normal 0.01%, problem >0.1%
Monitoring Tools:
- Built-in router/switch monitoring: Basic statistics and graphs
- SNMP monitoring: Collects detailed performance data
- Network monitoring software: Zabbix, PRTG, SolarWinds
- Cloud-based monitoring: Provides alerts and reporting
Preventive Maintenance
Daily Tasks:
- Check monitoring dashboards for alerts
- Review system logs for errors or warnings
- Verify backup systems are functioning
- Monitor network performance trends
Weekly Tasks:
- Test disaster recovery procedures
- Review security logs for suspicious activity
- Check equipment temperature and power consumption
- Update network documentation with any changes
Monthly Tasks:
- Install security updates and firmware patches
- Review and test firewall rules
- Clean and inspect network equipment
- Analyze performance trends and capacity planning
Quarterly Tasks:
- Review and update network security policies
- Test emergency procedures and contact lists
- Replace UPS batteries and test power systems
- Audit user access and remove unused accounts
Common Network Problems and Solutions
Problem: "Internet is slow for everyone"
Systematic troubleshooting:
- Test from multiple devices: Is it affecting everyone or just some users?
- Check router interface: Look at WAN utilization and error counters
- Test bandwidth: Use speedtest.net from wired connection
- Check for background activities: Large file downloads, cloud backups, updates
- Contact ISP: If speed test shows significantly lower speeds than paid plan
Common causes and solutions:
- High bandwidth usage: Identify and schedule large transfers for off-hours
- ISP issues: Work with provider to resolve connectivity problems
- Malware: Scan network for infected devices using excessive bandwidth
- Equipment failure: Replace aging routers or switches causing bottlenecks
Problem: "Can't access company server"
Systematic troubleshooting:
- Ping the server IP: Tests basic network connectivity
- Check server status: Is the server powered on and responsive?
- Test from different locations: Problem with user's computer or network-wide?
- Verify credentials: Are username/password still valid?
- Check service status: Is the specific application running on the server?
Common causes and solutions:
- Network connectivity: Fix cable, switch port, or routing issues
- Server failure: Restart services or server hardware
- Authentication: Reset passwords or check domain authentication
- Application issues: Restart specific applications or services
- Firewall changes: Verify required ports are still open
Problem: "WiFi keeps dropping connections"
Systematic troubleshooting:
- Check signal strength: Move closer to access point, check for obstacles
- Identify interference: Look for other WiFi networks, microwaves, Bluetooth
- Test with different devices: Is it device-specific or network-wide?
- Check access point logs: Look for error messages or overheating
- Update drivers: Ensure WiFi adapter drivers are current
Common causes and solutions:
- Weak signal: Add access points or reposition existing ones
- Interference: Change WiFi channels, upgrade to 5GHz band
- Overloaded access point: Add capacity or upgrade to higher-performance equipment
- Power saving: Disable aggressive power management on client devices
- Outdated equipment: Replace old WiFi equipment with current standards
Problem: "New employee can't get network access"
Systematic troubleshooting:
- Check physical connection: Cable properly connected, switch port active
- Verify DHCP: Is device getting IP address automatically?
- Test with known good device: Rule out hardware issues
- Check access controls: Is device allowed on network (MAC filtering, 802.1x)?
- Verify account setup: Are user credentials properly configured?
Common causes and solutions:
- Cable issues: Test and replace network cable
- DHCP exhaustion: Expand DHCP pool or remove unused reservations
- Access control: Add device MAC address to allowed list
- Account provisioning: Create user account and assign proper permissions
- VLAN configuration: Ensure switch port is in correct VLAN
Documentation and Knowledge Management
Incident Documentation
Essential information to capture:
- Date and time problem was reported
- Who reported the problem and how it affects them
- Detailed description of symptoms and error messages
- Steps taken to diagnose and resolve
- Root cause analysis
- Final resolution and verification steps
Template for problem tickets:
Ticket #: [Unique identifier]
Date/Time Reported: [When user first contacted support]
Reported By: [User name and contact information]
Priority: [High/Medium/Low based on impact and urgency]
Problem Description:
[What the user experienced, exact error messages]
Affected Systems:
[Which servers, applications, or network segments]
Troubleshooting Steps:
[Chronological list of what was tested and results]
Root Cause:
[What actually caused the problem]
Resolution:
[Specific steps taken to fix the problem]
Verification:
[How the fix was tested and confirmed working]
Follow-up Actions:
[Any preventive measures or monitoring needed]
Network Documentation Standards
Network Diagrams:
- Physical layout showing cable runs and equipment locations
- Logical diagram showing IP addresses and network relationships
- Keep updated with all changes
- Store in accessible location with version control
Equipment Inventory:
- Make, model, serial number for all network devices
- Purchase date, warranty information, support contracts
- Current firmware versions and update history
- Configuration backup dates and locations
Configuration Management:
- Backup configurations for all network equipment
- Document all configuration changes with reasons
- Keep baseline configurations for quick recovery
- Test configuration restore procedures regularly
Knowledge Base Development
Common Problems and Solutions:
- Document recurring issues and their resolutions
- Include screenshots and step-by-step procedures
- Make searchable by symptoms, error messages, or equipment
- Update based on new problems and solutions
Procedures and Checklists:
- Standard procedures for common tasks
- Emergency response procedures
- Equipment replacement procedures
- New employee network setup checklist
Contact Information:
- ISP support numbers and account information
- Equipment vendor support contacts
- Key personnel contact information
- Escalation procedures for critical issues
Key Takeaways
- Network security requires multiple layers of defense, not just passwords
- Systematic troubleshooting using the OSI model saves time and ensures thorough investigation
- Proper documentation is essential for efficient problem resolution and knowledge sharing
- Preventive monitoring and maintenance prevent many problems before they impact users
- Regular security updates and configuration reviews are critical for maintaining network security
- User education and awareness are important components of overall network security
- Having standard procedures and checklists improves consistency and reduces errors
What's Next?
Congratulations! You've completed the foundation networking module. You now understand how networks operate, how devices communicate, the hardware involved, and how to secure and troubleshoot network issues.
In the next module, we'll build on this knowledge by exploring virtualization - how to run multiple "computers" on a single physical machine, which is fundamental to modern cloud computing and managed services.