Security Plus Notes
Network Security
Network Architecture and Topology:
Network Architecture:
1. General Overview:
 Network architecture refers to the overall design and layout of a computer
network. It encompasses the arrangement of components, devices,
protocols, and services that make up the network.
2. Key Components:
The key components are routers, switches, servers, clients, firewalls, and
network cables.
Routers:

Overview: Routers are devices that connect different networks and forward data
packets between them. They operate at the network layer (Layer 3) of the OSI
model.

Function: Routers determine the best path for data to travel from the source to
the destination across interconnected networks. They are essential for
connecting local networks to the internet and for segmenting networks into
smaller subnetworks.

Security Role: Routers can enforce network access control, limit exposure to
external threats, and implement Network Address Translation (NAT) to hide
internal network structures.
Switches:

Overview: Switches are devices that operate at the data link layer (Layer 2) of
the OSI model. They connect devices within a local network (LAN).

Function: Switches efficiently forward data packets to the appropriate destination
device within a LAN based on the device's Media Access Control (MAC) address.

Security Role: Switches provide network segmentation and help control network
traffic, but they primarily function as a network infrastructure device.
Servers:

Overview: Servers are powerful computers or devices designed to provide
services, data, or resources to other devices on the network. They can serve
various purposes, such as hosting websites, managing email, storing data, and
running applications.

Function: Servers respond to client requests, process data, and deliver services
to users or clients on the network.

Security Role: Servers are a critical element of network security as they often
store sensitive data and provide entry points for attackers. Protecting servers is a
key security concern.
Clients:

Overview: Clients are the end-user devices, such as desktop computers, laptops,
smartphones, and tablets, that access network resources and services.

Function: Clients request and receive data, services, or resources from servers
and other devices on the network.

Security Role: Securing clients is essential to prevent malware infections, data
breaches, and unauthorized access to network resources.
Firewalls:

Overview: Firewalls are security devices or software applications that control
network traffic by examining and filtering packets based on predefined rules and
policies.

Function: Firewalls block or permit network traffic based on criteria like source
and destination IP addresses, ports, and protocols. They protect against
unauthorized access and security threats.

Security Role: Firewalls are a primary security measure for protecting networks
from external threats and controlling traffic within the network.
Network Cables:

Overview: Network cables are physical cables or wires used to transmit data
between network devices. There are various types of network cables, including
Ethernet (Cat 5e, Cat 6, Cat 6a, Cat 7) and fiber optic cables.

Function: Network cables carry data between devices within a network. The type
of cable used depends on factors like data speed requirements, distance, and
environmental conditions.

Security Role: While not directly a security device, the choice of network cables
can impact data transmission security, especially in terms of data integrity and
confidentiality.
3. Design Considerations:
 When designing a network architecture, factors such as scalability,
performance, redundancy, fault tolerance, security, and cost-effectiveness
are considered.
4. Types of Network Architectures:
 Common network architectures include client-server, peer-to-peer, and
hybrid models. Each has its own advantages and is suitable for different
use cases.
5. Security Implications:
 Network architecture can have a significant impact on security. For
instance, the placement of firewalls, intrusion detection systems, and
access control mechanisms within the architecture can influence the
network's security posture.
Network Topology:
1. General Overview:
 Network topology refers to the physical or logical layout of devices and
connections in a network. It defines how devices are interconnected and
how data flows between them.
2. Types of Network Topologies:
 Common network topologies include:
 Bus Topology: All devices are connected to a central cable,
creating a linear network.
 Star Topology: Devices are connected to a central hub or switch.
 Ring Topology: Devices are connected in a circular or ring-like
fashion.
 Mesh Topology: Every device is connected to every other device.
 Hybrid Topology: A combination of two or more topologies.
3. Security Implications:
 The network topology can influence the security of a network. For
example, in a star topology, the central hub or switch may be a single
point of failure, making it a critical security consideration.
4. Scalability and Performance:
 Different topologies have different characteristics related to scalability and
performance. The choice of topology can impact a network's ability to
expand and its overall performance.
5. Reliability and Redundancy:
 Network topologies can affect reliability and redundancy. For example,
mesh topologies are highly redundant, as data can travel through multiple
paths.
6. Network Management:
 Network topology also affects network management and troubleshooting.
The layout of devices can influence how network administrators monitor,
maintain, and troubleshoot the network.
Basic Information:
Security Protocols:
Overview: Familiarize yourself with common network security protocols such as
SSL/TLS for encryption, SSH for secure remote access, IPsec for VPNs, and
WPA/WPA2/WPA3 for securing wireless networks.
Summary:
Security protocols are sets of rules and procedures that are designed to ensure the
secure communication and exchange of data between two or more entities in a network
or system.
Cryptography Protocols:


Encryption Protocols: Understand encryption methods and protocols like
SSL/TLS for securing data in transit over the internet, and IPsec for securing
virtual private networks (VPNs).
Public Key Infrastructure (PKI): Learn about PKI, which includes protocols like
X.509 for managing digital certificates, and how it supports secure authentication
and data encryption.
Authentication Protocols:


RADIUS: Be familiar with the Remote Authentication Dial-In User Service
(RADIUS) protocol, which is commonly used for authenticating and authorizing
network users, especially in remote access scenarios.
TACACS: Know about Terminal Access Controller Access-Control System
(TACACS) and TACACS+ protocols, used for remote authentication and
authorization in network devices.
Access Control Protocols:

LDAP: Learn about the Lightweight Directory Access Protocol (LDAP), used for
accessing and managing directory services like Microsoft Active Directory, which
plays a significant role in user authentication and authorization.
Secure Wireless Protocols:
WPA/WPA2/WPA3: Understand the various iterations of the Wi-Fi Protected Access
(WPA) protocol, which provide security features for wireless networks, and the
importance of choosing strong encryption and authentication methods.
1. WEP (Wired Equivalent Privacy): WEP was the original security protocol used for
wireless networks. However, it is now considered weak and easily compromised. Its use
is strongly discouraged.
2. WPA (Wi-Fi Protected Access): WPA is an improvement over WEP and provides stronger
security. It uses TKIP (Temporal Key Integrity Protocol) for encryption and includes
authentication mechanisms like WPA-PSK (Pre-Shared Key) and WPA-Enterprise (using
an authentication server).
3. WPA2 (Wi-Fi Protected Access 2): WPA2 is the current standard for wireless network
security. It uses the AES (Advanced Encryption Standard) algorithm for encryption and
offers stronger security than WPA. It supports both WPA2-PSK and WPA2-Enterprise
authentication modes.
4. WPA3 (Wi-Fi Protected Access 3): WPA3 is the latest iteration of Wi-Fi security
protocols. It enhances security by introducing new features like SAE (Simultaneous
Authentication of Equals) and stronger encryption methods. WPA3 is backward
compatible with WPA2.
5. EAP (Extensible Authentication Protocol): EAP is an authentication framework used in
wireless networks. It allows for different authentication methods to be used, such as
EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), PEAP (Protected EAP), and
EAP-FAST (Flexible Authentication via Secure Tunneling).
Secure Email Protocols:


S/MIME: Be aware of the Secure/Multipurpose Internet Mail Extensions
(S/MIME) protocol, which provides email message encryption and digital
signatures for email security.
PGP/GPG: Know about Pretty Good Privacy (PGP) and GNU Privacy Guard
(GPG) for end-to-end email encryption and authentication.
Secure File Transfer Protocols:


SFTP: Understand the Secure File Transfer Protocol (SFTP) for secure file
transfers over SSH.
FTPS: Learn about FTPS, which is FTP over SSL/TLS, providing secure file
transfer capabilities.
Firewalls:
Understand the purpose of firewalls, including stateful and stateless firewalls, and how
they are used to filter network traffic and protect against unauthorized access.
Types of Firewalls:



Packet Filtering Firewalls: These firewalls inspect each network packet and
allow or block it based on predefined rules. They operate at the network layer
(Layer 3) and are often the first line of defense.
Stateful Firewalls: Stateful firewalls keep track of the state of active connections
and make decisions based on the state table. They provide greater security and
are aware of the state of the connection, helping to prevent unauthorized access.
Proxy Firewalls: Proxy firewalls act as intermediaries between clients and
servers. They inspect and filter traffic at the application layer (Layer 7) and can
provide enhanced security by hiding the internal network structure.

Next-Generation Firewalls (NGFW): NGFWs combine traditional firewall
capabilities with advanced features such as intrusion detection and prevention,
deep packet inspection, and application layer filtering.
Firewall Rule Configuration:

Understand how firewall rules work. Rules specify which traffic is allowed or
denied based on criteria such as source and destination IP addresses, ports, and
protocols.
Stateful Inspection:

Comprehend the concept of stateful inspection, which allows stateful firewalls to
keep track of the state of network connections and make decisions based on the
context of the traffic.
Network Address Translation (NAT):

Learn about NAT, which is often used in conjunction with firewalls to map internal
private IP addresses to a single public IP address. This helps hide the internal
network structure.
Application Layer Filtering:

Understand how proxy firewalls and some NGFWs perform deep packet
inspection to filter traffic at the application layer, allowing granular control over
the applications and services being accessed.
Firewall Security Policies:

Be aware that firewalls are configured with security policies that define which
traffic is allowed and which is blocked. You should understand how to create,
implement, and manage these policies.
Intrusion Detection and Prevention:

Some firewalls can have intrusion detection and prevention capabilities. Be
aware of how these features enhance security by identifying and responding to
potentially malicious traffic.
Logging and Reporting:

Understand that firewalls typically log network traffic and security events. This
information can be useful for monitoring and incident response.
Intrusion Detection and Prevention Systems (IDPS):
Learn about the role of IDPS in network security and how they monitor network traffic to
identify and respond to suspicious activities.
1. Intrusion Detection vs. Intrusion Prevention:

2.
3.
4.
5.
6.
7.
8.
Intrusion Detection Systems (IDS) are designed to identify and alert on
suspicious or potentially malicious activities. They monitor network or
system traffic and compare it against known patterns or signatures to
detect anomalies.
 Intrusion Prevention Systems (IPS) go a step further by not only detecting
intrusions but also actively blocking or preventing them. They can take
automated actions to stop threats in real-time.
Types of IDPS:
 Network-Based IDPS (NIDS): These systems monitor network traffic to
detect and respond to suspicious activities. They analyze packets and
network data, looking for signs of intrusion or anomalies.
 Host-Based IDPS (HIDS): HIDS are installed on individual hosts (such as
servers or workstations) to monitor activities on those specific devices.
They can identify attacks or misconfigurations on the host itself.
 Hybrid IDPS: Some systems combine NIDS and HIDS capabilities to
provide comprehensive network and host-based intrusion detection and
prevention.
Signature-Based and Anomaly-Based Detection:
 Signature-Based Detection: This approach involves comparing network
or system activity to known attack signatures or patterns. If a match is
found, it triggers an alert.
 Anomaly-Based Detection: Anomaly-based IDPS looks for deviations
from established baselines. It identifies activities that are unusual or
inconsistent with normal behavior, which may indicate an attack.
Behavioral Analysis:
 Some modern IDPS incorporate behavioral analysis to identify abnormal
patterns of behavior. This includes tracking user behavior and network
traffic for deviations from typical usage.
Response Mechanisms:
 Learn about the response mechanisms used by IDPS, which can include
alerting administrators, blocking traffic, isolating compromised systems,
and triggering incident response procedures.
Tuning and False Positives:
 Understand that IDPS systems may generate false positives (incorrectly
identifying normal activity as an intrusion). You might need to know how to
tune the system to reduce false alarms.
Log Analysis and Reporting:
 IDPS generate logs of detected events. These logs can be used for
incident analysis and reporting. You should be familiar with interpreting
these logs for potential security incidents.
Integration with Other Security Systems:
 Be aware that IDPS often work in conjunction with other security systems,
such as firewalls and antivirus so
Network Segmentation:
Understand the concept of network segmentation, which involves dividing a network into
smaller, isolated segments to limit the spread of threats and secure sensitive data.
1. Purpose of Network Segmentation:
 Network segmentation is primarily used to improve security by isolating
different parts of a network from each other. It limits the "blast radius" of a
security incident, making it more challenging for an attacker to move freely
throughout the network.
2. Benefits of Network Segmentation:
 Isolation: Each segment operates independently and has restricted
communication with other segments, reducing the impact of a security
breach.
 Access Control: Segments can have their own access control policies
and authentication mechanisms, limiting who can access them.
 Performance: Smaller segments can lead to improved network
performance as there is less broadcast traffic and congestion.
 Compliance: Segmentation can help organizations meet regulatory
compliance requirements by enforcing separation of sensitive data.
3. Types of Network Segmentation:
 Logical Segmentation: This involves using VLANs (Virtual Local Area
Networks) to separate network traffic logically. VLANs can be created
without the need for physical separation.
 Physical Segmentation: Physical separation involves using separate
physical networks, such as separate LANs or even completely isolated
networks, to segment traffic.
4. Segmentation Use Cases:
 Guest Networks: Many organizations create separate guest networks to
isolate guest traffic from internal resources.
 DMZ (Demilitarized Zone): A DMZ is a network segment that sits
between the public internet and the internal network. It typically hosts
public-facing services like web servers and email servers.
 Secure Zones: Segments can be created for critical assets, separating
them from less critical systems.
 IoT Networks: Internet of Things (IoT) devices can be placed on their own
segments to reduce security risks.
5. Access Control and Security Policies:
 Understand that each network segment can have its own access control
policies and security measures. For example, you might need to configure
firewall rules and access controls for different segments.
6. Challenges and Considerations:
 Be aware of the challenges of network segmentation, such as the need for
proper planning, maintenance, and the potential complexity it introduces.
Access Control:
Be aware of access control mechanisms, including role-based access control (RBAC)
and mandatory access control (MAC), and how they restrict access to network
resources based on user roles and permissions.
1. Access Control Basics:
 Access control is the process of determining who is allowed to access
what, when, and under what conditions. It involves granting or denying
permissions based on the identity and authorization level of users or
entities.
2. Components of Access Control:
 Access control systems typically include three primary components:
 Subjects: These are the entities seeking access, which can be
users, devices, or processes.
 Objects: These are the resources or assets being accessed, such
as files, directories, databases, networks, and systems.
 Access Controls: These are the rules, policies, and mechanisms
that define and enforce access permissions.
3. Access Control Models:
 Different access control models are used to define and enforce access
rights. Common models include:
 Discretionary Access Control (DAC): Users have control over the
permissions they grant to others on objects they own.
 Mandatory Access Control (MAC): Access is based on security
labels and set by administrators or security policies.
 Role-Based Access Control (RBAC): Access is determined by
the role or job function of users.
 Attribute-Based Access Control (ABAC): Access decisions are
based on attributes and conditions.
 Rule-Based Access Control (RBAC): Access rules are
predefined, and access is granted or denied based on these rules.
4. Access Control Lists (ACLs):
 ACLs are commonly used to specify which users or groups have access to
specific objects. You may need to understand how to configure and
manage ACLs.
5. Authentication and Authorization:
 Authentication: Ensures that users are who they claim to be. Knowledgebased authentication (passwords), biometrics, and multi-factor
authentication are relevant here.
 Authorization: Determines what resources or actions users are allowed
to access after they've been authenticated. It's about defining permissions
and rights.
6. Access Control Policies:
 Organizations typically define access control policies that specify who has
access to what, based on job roles, data sensitivity, and other factors.
These policies need to be enforced consistently.
7. Access Control Mechanisms:
 Different technical mechanisms are used to enforce access control,
including user accounts, permissions, access tokens, encryption, and
access control lists (ACLs).
8. Access Control Enforcement:
 Understand how access control is enforced through methods like access
request processing, access approval, and access auditing.
Wireless Network Security:
Know the fundamentals of securing wireless networks, including the use of encryption
protocols like WPA3, disabling unnecessary services, and implementing strong
passwords.
1. Wireless Network Threats:
 Understand the various security threats that can affect wireless networks,
including unauthorized access, eavesdropping, denial of service (DoS)
attacks, and rogue access points.
2. Encryption and Authentication:
 Be familiar with encryption protocols like WPA2, WPA3, and the use of
AES (Advanced Encryption Standard) for securing wireless
communications.
 Understand authentication methods such as pre-shared keys (PSK) and
EAP (Extensible Authentication Protocol), which are used to verify the
identity of wireless clients.
3. Wireless Access Control:
 Learn about MAC filtering, which allows or denies access to a wireless
network based on the physical addresses of wireless devices.
 Be aware of the use of captive portals and 802.1X authentication for
controlling access to Wi-Fi networks.
4. SSID Management:
 Understand the importance of properly configuring Service Set Identifiers
(SSIDs) to avoid broadcasting them unnecessarily, and how hiding SSIDs
can be a security measure.
5. WPS Vulnerabilities:
 Be aware of the vulnerabilities associated with Wi-Fi Protected Setup
(WPS) and why it's often recommended to disable WPS on wireless
routers.
6. Wireless Intrusion Detection and Prevention:
 Learn about wireless intrusion detection systems (WIDS) and wireless
intrusion prevention systems (WIPS), which help detect and respond to
unauthorized wireless devices or activities.
7. Guest Networks:
 Know why organizations often set up separate guest networks with limited
access to the internet to protect their internal networks from potential
threats from guest devices.
8. Wireless Network Auditing:

Be aware of the use of tools like Wireshark and network analyzers for
monitoring and auditing wireless traffic for security vulnerabilities.
9. Security Best Practices:
 Understand best practices for securing wireless networks, such as
regularly changing default passwords, enabling strong encryption, and
updating firmware to patch known vulnerabilities.
10. Wireless Security Protocols:
 Familiarize yourself with WPA2, WPA3, and the security features they
offer, such as protection against dictionary attacks and better encryption
methods.
Security Policies:
Be prepared to understand the importance of network security policies, including
acceptable use policies, incident response plans, and disaster recovery plans.
1. Types of Security Policies:
 Acceptable Use Policy (AUP): Defines what is and isn't allowed when
using an organization's IT resources, including computers, networks, and
the internet.
 Data Classification Policy: Establishes how data should be classified
based on its sensitivity and how it should be handled, stored, and shared.
 Password Policy: Outlines requirements for creating and managing
passwords, including complexity, change frequency, and storage.
 Incident Response Policy: Defines how the organization will respond to
security incidents, including the roles and responsibilities of incident
response teams.
 Remote Access Policy: Addresses secure remote access to the
organization's systems and data, specifying access methods,
authentication, and encryption requirements.
 BYOD (Bring Your Own Device) Policy: Governs the use of personal
devices for work purposes, including security measures and restrictions.
 Network Security Policy: Covers the organization's approach to network
security, including firewall rules, intrusion detection/prevention, and
network segmentation.
 Physical Security Policy: Specifies measures to protect physical assets,
such as access controls, surveillance, and environmental controls.
 Social Media Policy: Guides employees on the appropriate use of social
media for work-related activities and the protection of sensitive
information.
2. Content and Structure:
 Understand that security policies should be well-organized and clearly
written. They typically include sections for purpose, scope, responsibilities,
definitions, enforcement, and revision.
3. Compliance and Legal Requirements:

4.
5.
6.
7.
Be aware that many security policies must align with industry-specific
regulations and legal requirements. These policies may also be influenced
by international standards, such as ISO 27001.
User Awareness and Training:
 Security policies should include provisions for user training and
awareness, ensuring that employees understand their responsibilities and
the consequences of policy violations.
Policy Enforcement:
 Policies must define how they will be enforced and the potential
consequences of policy violations. This can include disciplinary actions
and legal consequences.
Review and Revision:
 Recognize that security policies should be regularly reviewed and updated
to reflect changing threats, technology, and business needs.
Role-Based Policies:
 Some organizations implement role-based policies that specify the
responsibilities and access rights of specific job roles.
Threat Mitigation Techniques:
Learn about various threat mitigation techniques, such as intrusion prevention, network
monitoring, and security awareness training for employees.
1. Antivirus and Antimalware Software:
 Antivirus and antimalware software helps protect systems from malicious
software, including viruses, worms, Trojans, and spyware. Regular
updates are essential to keep up with new threats.
2. Firewalls:
 Firewalls filter network traffic, allowing or blocking data packets based on
defined rules. They are essential for controlling inbound and outbound
traffic and protecting against unauthorized access.
3. Intrusion Detection and Prevention Systems (IDPS):
 IDPS are used to monitor network and system activities, identify
suspicious patterns, and take actions to prevent or mitigate intrusions.
4. Encryption:
 Encryption techniques protect data by converting it into a secure,
unreadable format. This safeguards data during transmission (e.g.,
SSL/TLS for web traffic) and at rest (e.g., full-disk encryption).
5. Access Control:
 Access control mechanisms limit user access to resources based on
permissions, roles, or policies. This includes user authentication,
authorization, and accounting (AAA).
6. Patch Management:
 Regularly applying software and firmware updates (patches) helps
address known vulnerabilities and reduce the risk of exploitation.
7. Backup and Disaster Recovery:

Backup solutions create copies of data, and disaster recovery plans help
organizations recover quickly after incidents like data loss, hardware
failures, or natural disasters.
8. Security Awareness and Training:
 Educating employees and users about security best practices, policies,
and potential threats is vital for reducing human error and improving
overall security.
9. Network Segmentation:
 Dividing a network into smaller segments can limit the spread of threats
and improve overall network security.
10. Incident Response Plans:
 Incident response plans define procedures for identifying, responding to,
and recovering from security incidents, including data breaches and
cyberattacks.
11. Vulnerability Scanning and Assessment:
 Regularly scanning and assessing systems and networks for
vulnerabilities helps organizations proactively address potential
weaknesses.
12. Secure Coding Practices:
 Developers should follow secure coding guidelines and practices to
reduce the risk of software vulnerabilities.
13. Security Policies and Procedures:
 Establishing and enforcing security policies and procedures helps ensure
consistent and compliant security practices within an organization.
14. Physical Security Measures:
 Physical security measures, such as access controls, surveillance, and
environmental controls, protect physical assets and prevent unauthorized
access.
15. Web Application Firewalls (WAFs):
 WAFs are specialized firewalls designed to protect web applications from
common attacks like SQL injection and cross-site scripting (XSS).
16. Secure File Transfer Protocols:
 Using secure file transfer protocols like SFTP and FTPS helps protect
data during file transfers.
Threats, Attacks, and Vulnerabilities
Identity and Access Management, Technologies and Tools
Risk Management and Incident Response