Network Security

Networking Overview

  • A network is defined as two or more computers connected to share data, information, or resources.

  • Local Area Network (LAN): Typically spans a single floor or building, covering a limited geographical area.

  • Wide Area Network (WAN): Refers to long-distance connections that bridge geographically remote networks.

Types of Networking Devices

Hubs

  • Connect multiple devices within a network.

  • Less commonly used in businesses compared to home networks.

  • Operate as wired devices and lack intelligence compared to switches or routers.

Switches

  • Also wired devices; intelligent hubs that recognize the addresses of connected devices.

  • Route traffic directly to the specific port/device instead of broadcasting to all devices.

  • Enhance overall data throughput and efficiency by reducing collision domains.

  • Capable of creating separate broadcast domains when configured for VLANs.

Routers

  • Control traffic flow across networks.

  • Used to connect similar networks while managing traffic between them.

  • Can be wired or wireless, and connect multiple switches, determining the most efficient route for data.

Firewalls

  • Critical for managing network traffic and protecting networks by filtering data.

  • Deployed between private networks and the internet, or among departments within an organization.

  • Operate based on predefined rules or filters known as access control lists (ACLs).

Servers

  • Computers providing information/services to other networked computers (clients).

  • Common types include web servers, email servers, print servers, database servers, and file servers.

  • Typically secured differently than regular workstations to protect the sensitive information they hold.

Endpoints

  • The devices at either end of a network communication link, such as servers or client devices (desktops, laptops, mobile phones).

Media Access Control (MAC) Address

  • A unique identifier assigned to every network interface; example: 00-13-02-1F-58-F5.

  • The first 3 bytes indicate the vendor/manufacturer of the network interface.

  • No duplicate MAC addresses can exist on the same local network to avoid conflicts.

Internet Protocol (IP) Address

  • Assists in identifying devices within a network; examples include 192.168.1.1 and 2001:db8::f:0:1.

  • While MAC addresses are physical, IP addresses represent logical identities of devices, facilitating communication during equipment swaps.

Secure Data Communications

  • Exploring various technologies involved in data communication includes hardware, software, protocols, and encryption.

Network Diagrams

  • Diagrams can represent both business and home networks, indicating different components like routers, switches, and firewalls.

  • A typical home network may feature a combined device serving as a router, firewall, and switch.

Wireless Networking

  • Wi-Fi: A widely utilized mode of connectivity due to its ease and cost-effective deployment.

  • Features a range suitable for most homes and small offices, with potential for extended coverage using range extenders.

  • Wireless Vulnerabilities: Require physical access to wired networks for intrusions, while wireless networks can be attacked remotely.

Microsegmentation

  • A security method to protect against threats by providing granular restrictions within IT infrastructure.

  • Allows for detailed control of traffic based on IP address, time, service, and credentials.

  • More effective in environments like the cloud, where multiple users share physical resources.

  • Essential for enforcing the principle of least privilege, limiting data access strictly to those who need it.

Security Tools

  • Intrusion Detection System (IDS): Monitors and analyzes traffic to detect possible breaches, generating alerts when suspicious activities are identified.

  • Types: Host-Based IDS (HIDS) focuses on individual hosts, while Network-Based IDS (NIDS) analyzes threat patterns on wider network traffic.

Prevention Strategies

  • Maintaining updated systems and applications through patch management.

  • Using firewalls to filter unauthorized traffic.

  • Disabling unneeded services to reduce potential threats.

  • Regular vulnerability assessment and port scanning to ensure security controls are functioning properly.

Firewalls

  • Types of Firewalls: Include network-based (protects networks), host-based (protects individual devices), traditional, and next-generation firewalls.

  • Firewalls operate at various OSI layers for controlling data and traffic management.

Demilitarized Zone (DMZ)

  • A system design for security architecture that separates public-facing hosts from internal networks, enhancing security for sensitive data.

Virtual Private Networks (VPNs)

  • Create secure connections over the internet, allowing remote users access to organizational resources without compromising security.

  • Can employ various models for securely transmitting information, balancing convenience and security needs.

Cloud Computing

  • Defined as a model enabling on-demand access to a shared pool of configurable computing resources, demonstrating scalability and flexibility.

  • Cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS).

  • Each model has varying responsibilities for security and upkeep between the provider and the consumer.

Service-Level Agreements (SLA)

  • Contracts outlining expectations between customers and providers regarding service delivery, uptime, security, and responsibilities.

  • Essential for defining the minimum quality and service standards expected from cloud services, and for providing remedies for service failures.