4. Network Security - Multi-Stage Attacks & Defense Strategies | Terminology Set

How sophisticated attacks progress through multiple phases (initial access, lateral movement, privilege escalation) and comprehensive defensive approaches including network segmentation, access control, and monitoring.

Network Access Control (NAC)

A security approach that controls access to a network based on device authentication and policy compliance.

Zero Trust Security Model

A framework that assumes no user or device should be automatically trusted, requiring verification for everyone regardless of location.

WIDS (Wireless Intrusion Detection System)

Technology that monitors wireless traffic to detect unauthorized access points and suspicious activity.

WIPS (Wireless Intrusion Prevention System)

Advanced version of WIDS that can actively prevent wireless attacks by blocking rogue devices.

802.1X Authentication

A port-based network access control protocol that requires clients to authenticate before accessing network resources.

OWE (Opportunistic Wireless Encryption)

A WPA3 feature that provides encryption for open Wi-Fi networks without requiring a password.

Segmentation

Dividing a network into separate segments (like VLANs) to limit the spread of attacks and restrict access.

DHCP Snooping Binding Table

A database of trusted IP-to-MAC bindings used to validate ARP packets and prevent spoofing.

Sticky MAC Learning

A security feature that dynamically learns MAC addresses and binds them to specific ports.

MAC Filtering

A security method that allows or denies network access based on device MAC addresses.

VPN (Virtual Private Network)

A technology that creates an encrypted tunnel for secure communication over untrusted networks.

Network Segregation

The practice of isolating different parts of a network based on security requirements and trust levels.