Unit 3.1 Security Controls

Technical Controls

hardware/software mechanisms such as firewalls, ACLs, and encryption

Managerial Controls

policies, procedures, training, and audits

Physical Controls

environmental safeguards like locks, cameras, and restricted access

Preventive Controls

stop security events before they happen, such as access control

Detective Controls

identify and alert when security events occur, such as IDS and logs

Corrective Controls

respond to and recover from security events, such as backups and patches

Technical Controls Purpose

implemented through network devices and software to defend traffic and systems

Firewalls

filter traffic between trusted and untrusted zones

VLANs

segment LAN traffic to isolate users and devices and limit broadcast domains

IDS (Intrusion Detection System)

monitors network traffic and alerts administrators of suspicious behavior

IPS (Intrusion Prevention System)

actively blocks or prevents detected intrusions

IDS/IPS Deployment Models

inline for active blocking or passive for monitoring

SIEM (Security Information and Event Management)

collects and correlates logs to identify patterns and trigger alerts

NAC (Network Access Control)

ensures only authorized and compliant devices connect to the LAN

802.1X Authentication

verifies devices attempting to connect to the network

Endpoint Protection/EDR

monitors and protects endpoint devices like PCs, servers, and IoT

Patching

regular updates to mitigate known vulnerabilities

External Physical Security

lighting, fencing, security guards, and cameras

Internal Physical Security

server room locks, keycard access, and secured cable paths

Environmental Controls

UPS, fire suppression, and temperature control

Security Controls Key Idea

controls mitigate risk and increase LAN resilience

Integrated Security Approach

uses technical, managerial, and physical measures together

Ongoing Monitoring and Maintenance

continuous responsibility to ensure security effectiveness