Chapter 4 - section 4.1 - Explain the importance of basic network security concepts.

section 4.1

Objective – Logical and Physical Security

• Logical security
▸ Encryption
▸ Data in transit
▸ Data at rest
▸ Certificates
▸ Public key infrastructure (PKI)
▸ Self-signed
▸ Identity and access management (IAM)
▸ Authentication
▸ Multifactor authentication (MFA)
▸ Single sign-on (SSO)
▸ Remote Authentication Dial-in User Service (RADIUS)
▸ LDAP
▸ Security Assertion Markup Language (SAML)
▸ Terminal Access Controller Access Control System Plus (TACACS+)
▸ Time-based authentication
▸ Authorization
▸ Least privilege
▸ Role-based access control
▸ Geofencing
• Physical security
▸ Camera
▸ Locks
• Deception technologies
▸ Honeypot
▸ Honeynet
• Common security terminology
▸ Risk
▸ Vulnerability
▸ Exploit
▸ Threat
▸ Confidentiality, Integrity, and Availability (CIA) triad
• Audits and regulatory compliance
▸ Data locality
▸ Payment Card Industry Data Security Standards (PCI DSS)
▸ General Data Protection Regulation (GDPR)
• Network segmentation enforcement
▸ Internet of Things (IoT) and Industrial Internet of Things (IIoT)
▸ Supervisory control and data acquisition (SCADA), industrial control system (ICS), operational technology (OT)
▸ Guest
▸ Bring your own device (BYOD)

Logical Security – Encryption

• Protects data from unauthorized access
• Uses cryptographic algorithms
• Ensures confidentiality
• Exam focus: where encryption is applied

Encryption – Data in Transit

• Protects data while moving across network
• Uses TLS, IPsec, HTTPS
• Prevents eavesdropping and MITM attacks
• Exam critical

Encryption – Data at Rest

• Protects stored data
• Used on disks, databases, backups
• Prevents data theft if device is stolen
• Often uses full-disk encryption

Certificates

• Used to verify identity and enable encryption
• Common in HTTPS and VPNs
• Based on asymmetric cryptography

Certificates – Public Key Infrastructure (PKI)

• Framework for managing certificates
• Uses certificate authorities (CA)
• Supports trust chains
• Exam-critical security concept

Certificates – Self-Signed

• Certificate signed by itself
• No trusted CA involved
• Used for testing or internal systems
• Not trusted by default

Identity and Access Management (IAM)

• Controls user identity and permissions
• Centralized authentication and authorization
• Reduces account sprawl
• Core security control

IAM – Authentication

• Verifies user identity
• Uses passwords, biometrics, tokens
• First step in access control

IAM – Multifactor Authentication (MFA)

• Uses two or more authentication factors
• Something you know, have, or are
• Strongly improves security
• Exam critical

IAM – Single Sign-On (SSO)

• One login for multiple systems
• Improves usability
• Reduces password fatigue
• Uses federation protocols

IAM – RADIUS

• Centralized authentication service
• Common for network access
• Uses UDP ports 1812/1813
• Supports MFA

IAM – LDAP

• Directory-based authentication
• Used with Active Directory
• Stores users and groups
• TCP port 389 (636 secure)

IAM – SAML

• XML-based federation protocol
• Used for SSO
• Common in cloud environments
• Exam focus: authentication federation

IAM – TACACS+

• Authentication for network devices
• Separates authentication, authorization, accounting
• Uses TCP port 49
• More granular than RADIUS

IAM – Time-Based Authentication

• Uses time-limited codes
• Common with authenticator apps
• Protects against replay attacks

IAM – Authorization

• Determines what a user can access
• Happens after authentication
• Based on roles and policies

IAM – Least Privilege

• Users get minimum required access
• Reduces attack surface
• Core security principle

IAM – Role-Based Access Control

• Permissions based on job role
• Simplifies management
• Common in enterprises

Logical Security – Geofencing

• Restricts access by geographic location
• Uses IP or GPS data
• Prevents access from unauthorized regions

Physical Security

• Protects hardware and facilities
• Prevents unauthorized physical access
• Complements logical security

Physical Security – Camera

• Monitors physical access
• Provides visual evidence
• Acts as deterrent

Physical Security – Locks

• Prevents unauthorized entry
• Can be mechanical or electronic
• First layer of defense

Deception Technology – Honeypot

• Decoy system to attract attackers
• Detects malicious activity
• No production data

Deception Technology – Honeynet

• Network of honeypots
• Simulates real environment
• Used for threat research

Security Term – Risk

• Likelihood of threat exploiting vulnerability
• Combination of probability and impact

Security Term – Vulnerability

• Weakness in system or process
• Can be exploited by threats

Security Term – Exploit

• Method used to take advantage of vulnerability
• Often delivered via malware

Security Term – Threat

• Potential cause of harm
• Can be internal or external

Security Model – CIA Triad

• Confidentiality: protect data privacy
• Integrity: protect data accuracy
• Availability: ensure system uptime
• Exam critical model

Compliance – Data Locality

• Data stored in specific geographic region
• Required by some laws
• Important for cloud services

Compliance – PCI DSS

• Security standard for card payments
• Required for handling credit card data
• Exam compliance topic

Compliance – GDPR

• EU data protection regulation
• Protects personal data
• Applies globally if EU data involved

Network Segmentation Enforcement

• Separates network traffic
• Limits lateral movement
• Improves security

Segmentation – IoT and IIoT

• Isolates low-security devices
• Prevents compromise of core network
• Exam focus area

Segmentation – SCADA / ICS / OT

• Protects industrial systems
• Requires strict isolation
• High availability required

Segmentation – Guest

• Separates visitor traffic
• Prevents access to internal network
• Common in enterprises

Segmentation – BYOD

• Separates personal devices
• Reduces risk from unmanaged endpoints
• Often combined with NAC

N10-009 Sample Questions – Security

• Q: Which principle grants minimum required access?
▸ A: Least privilege
• Q: Which protocol provides device administration with granular control?
▸ A: TACACS+
• Q: Which model represents confidentiality, integrity, and availability?
▸ A: CIA triad
• Q: Which technology uses decoys to detect attackers?
▸ A: Honeypot