Network + 3.5 - Network Access and Management Methods + 4.1 Basic Network Security Concepts

Site-to-Site VPN

Securely connects entire networks over the internet.

Client-to-Site VPN

Allows remote users to securely access a corporate network.

Clientless VPN

Provides VPN access through a web browser without client software.

Split Tunnel VPN

Only corporate traffic goes through the VPN.

Full Tunnel VPN

All traffic is routed through the VPN.

Secure Shell (SSH)

Encrypted protocol for secure remote device management.

Graphical User Interface (GUI)

Visual interface for managing systems using point-and-click.

API (Application Programming Interface)

Enables programmatic and automated interaction with network devices.

Console Connection

Direct physical access used for setup and recovery.

Jump Box/Host

Secure intermediary system used to access sensitive network zones.

In-Band Management

Device management using the production network.

Out-of-Band Management

Management through a separate, dedicated network.

Logical Security

Software-based controls protecting data, systems, and network access.

Encryption

Converts readable data into unreadable ciphertext without a decryption key.

Data in Transit Encryption

Protects data moving across networks using HTTPS, TLS, or VPNs.

Data at Rest Encryption

Protects stored data using full disk or file-level encryption.

Certificates in Network Security

Binds a public key to an identity using cryptography.

Public Key Infrastructure (PKI)

Framework for creating, managing, and revoking digital certificates.

Self-Signed Certificates

Certificate signed by its own creator and not inherently trusted.

Identity and Access Management (IAM)

Manages digital identities and controls access to resources.

Authentication in IAM

Verifies a user’s identity before granting access.

Least Privilege

Grants only the minimum access needed to perform tasks.

Role Based Access Control (RBAC)

Assigns permissions based on job roles.

Geofencing

Restricts or triggers actions based on physical location.

Physical Security

Protects facilities, equipment, and personnel from physical threats.

Security Cameras

Monitor and record activity for deterrence and evidence.

Locks

Control physical access to buildings and sensitive areas.

Deception Technology

Uses fake assets to lure and study attackers.

Honeypot

Decoy system designed to attract attackers.

Honeynet

Network of honeypots simulating a real environment.

Risk

Likelihood and impact of a threat exploiting a vulnerability.

Vulnerability

Weakness that can be exploited by a threat.

Exploit

Method used to take advantage of a vulnerability.

Threat

Potential cause of harm to a system or data.

Confidentiality

Prevents unauthorized access to information.

Integrity

Ensures data is accurate and unaltered.

Availability

Ensures systems and data are accessible when needed.

Audit and Regulatory Compliance

Formal review to ensure security and regulatory compliance.

Data Locality

Requirement that data be stored in specific geographic regions.

PCI DSS

Security standard for protecting credit card data.

General Data Protection Regulation (GDPR)

• EU regulation protecting personal data and privacy.

Network Segmentation

Divides networks to reduce attack surface.

Internet of Things & Industrial internetw of Things (IoT/IIoT Segmentation)

Isolates IoT devices to limit security risks.

Security Control and Data Acquistion , Industrial Control System, and Operational Technology (SCADA/ICS/OT SegmentationZ)

Separates industrial systems from IT networks.

Guest Network Segmentation

Isolates guest access from internal resources.

BYOD Segmentation

BYOD Segmentation