Basic Network Security Concepts
Concept
Description
Key Points
Firewall
A security system that
monitors and controls
incoming and outgoing
network traffic based on
predetermined security rules.
- Filters traffic based on IP
address, protocol, and port.
- Can be hardware or softwarebased.
- Helps block unauthorized
access and attacks.
Encryption
The process of converting
data into a code to prevent
unauthorized access during
transmission or while stored.
- Symmetric and asymmetric
encryption algorithms (e.g., AES,
RSA).
- Used in VPNs, HTTPS, and
secure communications.
Virtual Private
Network (VPN)
A secure connection between
a user and a remote network
over the internet, encrypting
the data to prevent
interception.
- Protects data privacy and
ensures secure remote access.
- Uses protocols like OpenVPN,
L2TP, or IPSec.
Intrusion
Detection System
(IDS)
A device or software
application that monitors
network traffic for suspicious
or malicious activities.
- Alerts administrators about
potential security breaches.
- Can be signature-based or
anomaly-based.
Intrusion
Prevention System
(IPS)
Similar to IDS, but with the
capability to actively block or
prevent detected threats.
- Blocks malicious activity in realtime.
- Often integrated with firewalls
or network monitoring systems.
Access Control
Mechanisms to define and
enforce who can access
network resources, including
authentication and
authorization processes.
- Types include Discretionary
Access Control (DAC), Mandatory
Access Control (MAC), and RoleBased Access Control (RBAC).
- Multi-factor authentication
(MFA) strengthens security.
Network
Segmentation
The practice of dividing a
network into smaller, isolated
segments to reduce exposure
and improve security.
- Limits the spread of malware or
unauthorized access.
- Often implemented through
VLANs or subnets.
Virtual LAN (VLAN)
A logical grouping of devices
within the same broadcast
domain, used for network
segmentation and security.
- Allows devices on the same
network to be grouped logically.
- Enhances network performance
and security.
Antivirus/Antimalware Software
Software designed to detect,
prevent, and remove
malicious software like
viruses, worms, and trojans.
- Often includes real-time
scanning and regular updates.
- Helps prevent infections from
spreading within the network.
Patch
Management
The process of updating
software and hardware to fix
vulnerabilities and improve
security.
- Critical for closing security gaps
and preventing exploitation of
known vulnerabilities.
- Regularly apply patches and
updates to all devices and
software.
Authentication
The process of verifying the
identity of users or devices
attempting to access a
network or resource.
- Includes username/password,
biometrics, smart cards, or digital
certificates.
- Multi-factor authentication
(MFA) adds an extra layer of
security.
Authorization
The process of granting or
denying access to resources
based on the authenticated
identity of a user or device.
- Ensures users only have access
to the data or systems they are
authorized to use.
- Role-Based Access Control
(RBAC) is a common method of
authorization.
Data Loss
Prevention (DLP)
Technologies and policies that - Used to protect data from being
monitor, detect, and prevent
leaked, especially on networks.
unauthorized access or
- Commonly implemented in
transmission of sensitive
data.
organizations handling personal,
financial, or sensitive data.
Security
Information and
Event Management
(SIEM)
A system for collecting,
analyzing, and monitoring
security data from various
sources to identify threats.
- Correlates data from logs,
devices, and applications.
- Provides real-time analysis and
alerts to security teams.
Network Access
Control (NAC)
A solution that controls
access to a network based on
the security posture of the
device attempting to connect.
- Checks device security (e.g.,
antivirus status, software
patches) before granting network
access.
- Helps enforce security policies
across devices.
Public Key
A framework for managing
Infrastructure (PKI) digital keys and certificates for
secure communications,
including email and web
traffic.
- Uses a pair of cryptographic
keys: public (shared) and private
(secret).
- Relies on trusted third-party
Certificate Authorities (CAs) to
validate certificates.
Security Policies
Formalized rules and
guidelines that outline the
expected behavior and
security measures for users,
devices, and systems.
- Define password requirements,
acceptable use, incident
response procedures, and more.
- Ensure uniform security
practices across the
organization.
Network
Monitoring
The continuous observation of
network traffic to detect and
respond to performance
issues or security incidents.
- Tools like Wireshark,
SolarWinds, and Nagios can help
monitor network health and
security.
- Helps identify vulnerabilities,
suspicious activity, and abnormal
traffic patterns.
Zero Trust
Architecture
A security model where trust
is never assumed, and every
- Requires continuous verification
of users, devices, and
applications.
- Limits lateral movement in case
access request is verified,
regardless of the origin.
of a breach by enforcing strict
access controls.
Why Network Security is Important:
•
Protects Sensitive Data: Ensures personal, financial, and business data is kept
safe from unauthorized access, theft, or alteration.
•
Prevents Unauthorized Access: Prevents cybercriminals from exploiting
weaknesses in network infrastructure to gain unauthorized access.
•
Maintains Network Integrity: Helps ensure network operations run smoothly and
without disruption from attacks like DDoS, malware, or internal threats.
•
Meets Regulatory Requirements: Many industries must comply with regulations
like GDPR, HIPAA, or PCI DSS, which require robust network security measures.
•
Reduces Financial Losses: Prevents the high costs associated with data breaches,
fines, legal action, and lost business opportunities.
0
