Connect and Protect: Networks and Network Security
Areas in the controlled zone
-Demilitarized Zone (DMZ) -internal network (private servers & Data -restricted zone-highly confidential information
Where security hardening occurs:
-Devices -Networks -Applications -Cloud infrastructure -Security analysts responsibilities -patch updates -Backups
Security hardening is conducted on
-Hardware -Operating systems -Applications -Computer networks -Databases
Network security hardening
-Port filtering -Network access privilege -Encryption (over networks)
Categories of multi-factor identification
-Something you know (password) -Something you have (ID card) -Something unique about you (fingerprint)
IP version 4
19.117.63.126
IP version 6 (IPv6)
684D. 1111:222:3333:4444:5555:6:77
data packet
A basic unit of information that travels from one device to another within a network
Stateful
A class of firewall that keeps track of information passing through it and proactively filters out threats
Stateless
A class of firewall that operates based on predefined rules and that does not keep track of information from data packets
Cloud network
A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet
Modem
A device that connects your router to the internet and brings internet access to the LAN
Baseline configuration (baseline image)
A documented set of specifications within a system that is used as a basis for future builds, releases, and updates
port filtering
A firewall function that blocks or allows certain port numbers to limit unwanted communication
TCP/IP Model
A framework used to visualize how data is organized and transmitted across a network
network
A group of connected devices
Replay Attack
A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time
IP spoofing
A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network
Smurf Attack
A network attack performed when an attacker sniffs an authorized user's IP address and floods it with ICMP packets
hub
A network device that broadcasts information to every device on the network
Router
A network device that connects multiple networks together
Hyper Text Transfer Protocol (HTTP)
A network protocol that provides a secure method of communication between clients and website servers.
Address Resolution Protocol (ARP)
A network protocol used to determine the MAC address of the next router or device on the path
Firewall
A network security device that monitors traffic to and from your network
Virtual Private Network (VPN)
A network security service that changes your public IP address and masks your virtual location so that you can keep your data private when you are using a public network like the internet
Wide Area Network (WAN)
A network that spans a large geographic area like a city, state, or country
Local Area Network (LAN)
A network that spans small areas like an office building, a school, or a home
Domain Name System (DNS)
A networking protocol that translates internet domain names into IP addresses
Encapsulation
A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets
Multi-factor authentication
A security measures which requires a user to verify their identity in two or more ways to access a system or network
Network Segmentation
A security technique that divides the network into segments
security zone
A segment of a company's network that protects the internal network from the internet
proxy server
A server that fulfills the requests of its clients by forwarding them to other servers
Network Protocols
A set of rules used by two or more devices on a network to describe the order of delivery of data and the structure of data
IEEE 802.11
A set of standards that define communication for wireless LANs
Internet Protocol (IP)
A set of standards used for routing and addressing data packets as they travel between devices on a network
penetration test (pen test)
A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes
Patch update
A software and operating system update that addresses security vulnerabilities within a program or product
port
A software-based location that organizes the sending and receiving of data between devices on a network
Controlled zone
A subnet that protects the internal network from the uncontrolled zone
Network protocol analyzer (packet sniffer)
A tool designed to capture and analyze data traffic within a network
Synchronize flood attack
A type of DOS attack that simulates a TCP connection and floods a server with SYN packets
Ping of Death
A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB
Internet Control Message Protocol (ICMP) flood
A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server
Active packet sniffing
A type of attack where data packets are manipulated in transit
Passive packet sniffing
A type of attack where data packets are read in transit
distributed denial-of-service (DDoS) attack
A type of denial of service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic
MAC address
A unique alphanumeric identifier that is assigned to each physical device on a network
Internet Protocol (IP) address
A unique string of characters that identifies the location of a device on the internet
WiFi Protected Access (WPA)
A wireless security protocol for devices to connect to the internet
attack surface
All the potential vulnerabilities that a threat actor could exploit
Security Information and Event Management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
denial of service attack
An attack that targets a network or server and floods it with network traffic
On-path attack
An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit
Transmission Control Protocol (TCP)
An internet communication protocol that allows two devices to form a connection and stream data
Internet Control Message Protocol (ICMP)
An internet protocol used by devices to tell each other about data transmission errors across the network
Uncontrolled zone
Any network outside of the organization's control
The Three C's
Command, control & Communications
Benefits of Next Generation Firewalls
Deep packet inspection, Intrusion protection, & Threat intelligence
Tasks performed
Firewall rules maintenance, Network log analysis, patch updates, & server backups
Security Protocols
HTTPS & SSL/TLS
IP address
IP version 4(IPv4), IP version 6(IPv6)
denial of service attack
Is a class of attacks where the attacker prevents the compromised system from performing legitimate activity or responding to legitimate traffic
chronicle
Is a cloud-native tool designed to retain, analyze, and search
Botnet
Is a collection of computers infected by malware that are under the control of a single threat actor, known as the "bot-herder."
tcpdump
Is a command-line network protocol analyzer
Open Systems Interconnection (OSI) model
Is a standardized concept that describes the seven layers computers used to communicate and sent data over the network
Intrusion Prevention System (IPS)
Is an application that monitors system activity for intrusive actively and takes action to stop the activity
DoS attack
Is an attack that targets a network or server and floods it with network traffic
Backdoor Attack
Is another type of attack you will need to be aware of as an security analyst
Subnetting
Is the subdivision of a network into logical groups called subnets
User Datagram Protocol (UDP)
Is used by application that are not concerned with the reliable of the transmission. Data sent over UDP is not tracked as extensively as data sent using TCP
Network access
It deals with data package
Internet Control Message Protocol (ICMP)
It shares error information and status updates of data packets. This is useful for detecting and trouble-shooting network errors. The ICMP reports information about packets that were dropped or that disappeared in transit issues with network connectivity, and packets redirected to the other routers.
Port 20
Large file transfers
Attacks can harm an organization by
Leaking valuable or confidential information, Damaging an organization's reputation, Impacting customer retention & costing money and time
Cloud service providers offer
On-demand storage, processing power, & analytics
Common IP spoofing attacks
On-path attack Replay attack Smurf attack
Application Layer
Protocols determine how the data packets would interact with receiving devices
Forward Proxy Server
Regulates and restricts a person's access to the internet.
Reverse Proxy Server
Regulates and restricts the internet's access to an internal server
Port 443
Secure internet communication
Cloud-based firewalls
Software firewalls that are hosted by the cloud service provider
Bandwidth
The amount of data a device receives every second
Operating System (OS)
The interface between computer hardware and the user
Packet Sniffing
The practice of capturing and inspecting data packets across a network
Cloud Computing
The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices
Network log analysis
The process of examining network logs to identify events of interest
Security hardening
The process of strengthening a system to reduce its vulnerabilities and attack surface
Speed
The rate at which data packets are received or downloaded
Two types of security zones
Uncontrolled & Controlled zone
Layers of the TCP/IP Model
application, transport, internet, network access
Transport Layer
controlling data flow - splitting data into packets
Port 25
Firewall
is a network security device that monitors traffic to or from your network
brute force attack
is a trial-and-error process of discovering private information
Packet Sniffing
is the practice of capturing and inspecting data packets across the network
Internet Layer
responsible for addressing, packaging, and routing messages on the Internet