4.0 Network Security
802.1X
802.1X is a standard for network access control that provides port-based authentication. It is commonly used in wired and wireless networks to restrict access to network resources based on the user's credentials and the device's compliance with security policies. When a device connects to the network, 802.1X requires the device to authenticate before it is granted access to network resources. This helps prevent unauthorized access and ensures that only authenticated devices can connect to the network.
Distributed denial-of-service (DDoS)
A DDoS attack is a more advanced form of a DoS attack, involving multiple systems working together to flood the target with traffic. The goal of these attacks is to disrupt services and cause downtime. A DDoS (Distributed Denial-of-Service) attack involves multiple systems, often compromised computers called "bots," working together to flood the target with traffic. The coordinated effort of multiple systems in a DDoS attack makes it more powerful and challenging to mitigate compared to a DoS attack.
Denial-of-service (DoS)
A DoS attack is an attempt to make a network resource, such as a server or website, unavailable to its intended users by overwhelming it with excessive traffic or requests. A DoS (Denial-of-Service) attack typically involves a single system attempting to overwhelm a target, such as a server or website, with excessive traffic or requests.
MAC spoofing
A MAC spoofing attack involves an attacker changing their device's Media Access Control (MAC) address to impersonate another device on the network. This can allow the attacker to bypass security measures, such as MAC address filtering, and gain unauthorized access to network resources.
- Brute-force
A brute-force attack involves systematically attempting all possible combinations of passwords to gain unauthorized access to a system. This type of attack can be time-consuming and resource-intensive but can eventually crack a password if given enough time.
Captive portal
A captive portal is a web page that users must interact with before being granted access to a network, usually a public Wi-Fi network. Captive portals can require users to accept terms of service, enter login credentials, or provide personal information. They help improve network security by allowing network administrators to control and monitor user access.
Client-to-site VPN -
A client-to-site VPN, also known as a remote access VPN, establishes a secure connection between a user's device and a remote network, such as a corporate network. This type of VPN allows remote users to access network resources securely from anywhere with an internet connection. Client-to-site VPNs are typically used to allow individual remote users to securely access a corporate network. For example, if an employee needs to work from home or from a different location, they can use a client-to-site VPN to securely connect their device to the corporate network and access resources, such as files or applications, as if they were physically located in the office. In summary, client-to-site VPNs are used to provide secure access for individual users to a corporate network from remote locations.
- Clientless VPN
A clientless VPN allows users to access a remote network through a web browser without requiring the installation of a VPN client software. It uses technologies like SSL/TLS to provide secure access to web-based applications and resources.
- Dictionary attack
A dictionary attack uses a pre-compiled list of common or likely passwords, often derived from words in a dictionary or known leaked password databases. The attacker tries each of these passwords in an attempt to gain unauthorized access to a system. Dictionary attacks are generally faster than brute-force attacks but are less thorough.
Extensible Authentication Protocol (EAP)
A framework for authentication methods used in wireless networks and point-to-point connections. It provides a standard mechanism for supporting various authentication methods, such as passwords, tokens, or certificates, within a single protocol. It is often used in conjunction with 802.1X to provide secure authentication for wireless networks. EAP allows you to support various authentication methods, such as usernames and passwords, smart cards, or biometric factors, within a single protocol.
- Botnet/command and control
A group of computers under the control of one operator, used for malicious purposes. A botnet is a network of compromised computers, or "bots," controlled by an attacker through a command and control server. The attacker can use the botnet to perform various malicious activities, such as launching DDoS attacks, sending spam, or distributing malware. The main goal of a botnet is to expand its reach and perform large-scale, coordinated attacks.
Honeypot
A honeypot is a decoy system or network resource designed to attract and detect attackers. It mimics a real system or data but contains no actual sensitive information. By monitoring the activity on the honeypot, security teams can gain insight into attackers' methods, identify potential vulnerabilities, and track the source of an attack.
Preshared keys (PSKs)
A preshared key (PSK) is essentially a WiFi password that is shared between the wireless access point (like a WiFi router) and the devices that want to connect to it. It is used to encrypt and authenticate network traffic between the devices and the access point, just like a password is used to authenticate a user's identity.
Remote desktop connection
A remote desktop connection allows a user to access and control another computer or device over the network. This can be useful for remote administration, troubleshooting, or accessing resources on a remote machine. Remote desktop connections typically require authentication and can be encrypted for security.
Remote desktop gateway
A remote desktop gateway is a server that allows remote users to securely access internal network resources, such as remote desktop servers, through an encrypted connection. It acts as a proxy, providing remote access without requiring a VPN connection. A remote desktop gateway, is a specialized server that provides secure remote access to specific network resources, such as remote desktop servers or internal web applications. It's typically used by remote workers who need to access these specific resources while away from the office. The focus is on providing secure remote access to specific resources rather than general-purpose remote control of a computer.
Rogue DHCP
A rogue DHCP server is an unauthorized DHCP server set up by an attacker on a network. It responds to DHCP requests from clients, potentially providing them with incorrect IP address information or directing them to malicious websites, enabling eavesdropping or man-in-the-middle attacks.
Rogue access point (AP)
A rogue access point is an unauthorized Wi-Fi access point set up on a network without the knowledge of the network administrator. It can be used by an attacker to intercept sensitive data or gain unauthorized access to network resources.
Screened subnet [previously known as demilitarized zone (DMZ)]
A screened subnet or DMZ is a separate network segment that sits between the internal network and the public internet. It contains publicly accessible services and servers, such as email servers and web servers. By isolating these systems from the internal network, organizations can limit exposure and reduce the risk of an attacker gaining access to sensitive internal resources.
Zombie
A single computer under the control of an operator that is used in a botnet attack.
4.4 Site-to-site VPN
A site-to-site VPN creates a secure connection between two networks, typically across the internet. This type of VPN allows multiple devices at each site to communicate securely with devices at the other site. Site-to-site VPNs are commonly used to connect branch offices to the main office or to connect multiple remote networks together. For example, if a company has a headquarters in one city and branch offices in other cities, a site-to-site VPN can be used to connect all of these offices together into a single, secure network. This allows employees at each site to access resources on the other sites securely and share data between them. In summary, site-to-site VPNs are used to connect entire networks together.
Zero-day
A zero-day vulnerability is a previously unknown flaw that has not yet been patched by the vendor or software developer. Attackers can exploit zero-day vulnerabilities before they become publicly known or before a patch is available, making them particularly dangerous and challenging to defend against.
Access control list
ACLs are used to control and restrict access to network resources. They define which users, groups, or devices are allowed or denied access to specific resources, helping to prevent unauthorized access and maintain network security.
ARP spoofing
ARP (Address Resolution Protocol) spoofing, also known as ARP poisoning, is an attack where an attacker sends falsified ARP messages to a network, associating their MAC address with the IP address of a legitimate network device. This allows the attacker to intercept, modify, or block traffic between network devices, effectively enabling a man-in-the-middle attack.
Power levels
Adjusting the power levels of wireless access points can help control the range of the wireless signal, reducing the risk of unauthorized access from outside the intended coverage area.
Evil twin
An evil twin is a malicious Wi-Fi access point that appears to be legitimate, often mimicking the SSID and appearance of a genuine access point. Users who connect to an evil twin may unknowingly expose sensitive information or fall victim to man-in-the-middle attacks.
- Explicit deny
An explicit deny rule is a firewall rule that specifically denies traffic that matches the defined criteria. This rule is used to block known harmful traffic or traffic that should not be allowed under any circumstances.
- Implicit deny
An implicit deny rule is a default behavior of a firewall that denies any traffic not explicitly allowed by other rules. This ensures that only traffic that is explicitly permitted will be allowed to pass through the firewall.
- Vendor assessment
Assessing third-party vendors and partners to ensure they meet an organization's security requirements, and managing risks associated with their access to sensitive data and systems.
Local authentication
Authenticating a user account against a password database stored on the system itself (as opposed to on a remote authentication server). Local authentication involves verifying user credentials directly on the device or system being accessed, rather than relying on a centralized authentication server. This method can be used when centralized authentication is not available or practical. For example, when a user logs into their computer using a local account, the computer checks the provided credentials against its local user database.
Authentication methods -
Authentication methods help ensure that only authorized users can access network resources and systems.
Common vulnerabilities and exposures (CVE)
CVE is a publicly accessible database that provides standardized identifiers and descriptions for known security vulnerabilities. It helps security professionals track, prioritize, and address vulnerabilities in their systems.
4.1 Confidentiality, integrity, availability (CIA)
Confidentiality, Integrity, Availability (CIA): The CIA triad is a widely-used model for guiding information security policies and practices. Confidentiality: Ensuring that sensitive data is only accessible by authorized users and kept secret from unauthorized individuals. Integrity: Ensuring that data is accurate, consistent, and unaltered during storage, processing, and transmission. Availability: Ensuring that data and systems are accessible and usable by authorized users when needed.
Guest network isolation
Creating a separate guest network with restricted access to internal network resources helps protect the main network from potential threats posed by guest devices. Guest network isolation prevents guests from accessing sensitive data or resources and limits their access to the internet.
Enable DHCP snooping
DHCP snooping is a security feature that helps prevent rogue DHCP servers from providing false IP addresses to network clients. It monitors DHCP traffic and filters out unauthorized DHCP messages, thus protecting the network from man-in-the-middle attacks and other security risks.
DNS poisoning
DNS poisoning, also known as DNS cache poisoning, is an attack that exploits vulnerabilities in the Domain Name System (DNS) to redirect users to malicious websites. The attacker provides false DNS information, causing users' requests for legitimate websites to be redirected to malicious ones, potentially stealing sensitive information or distributing malware.
Deauthentication attack
Deauth attack A deauthentication attack is a type of wireless network attack where the attacker sends deauthentication frames to one or more devices connected to an access point, forcing them to disconnect from the network. This can be used to create a denial-of-service condition, capture authentication credentials during the reconnection process, or facilitate other types of attacks, such as creating an evil twin access point.
Change default VLAN
Default VLANs are often targeted by attackers as they know devices on default VLANs are usually not configured with proper security measures. Changing the default VLAN and ensuring proper security policies are applied to all VLANs can reduce the risk of attacks.
Change default passwords
Default passwords are often well-known and can be easily found online. Changing default passwords on network devices helps prevent unauthorized access by attackers who might try to use these known credentials.
Defense in depth -
Defense in depth is a layered security approach that uses multiple security measures at different levels to protect a network or system. By implementing security controls across various layers (e.g., physical, network, application), organizations can minimize the risk of a single point of failure and increase the likelihood of detecting and stopping an attack.
Disable unneeded network services
Disabling unneeded or unused network services on devices reduces the attack surface and potential vulnerabilities. This practice involves turning off unnecessary services or protocols, such as Telnet or unsecured FTP, and using more secure alternatives when needed.
Disable unneeded switchports
Disabling unused switchports is a best practice that minimizes the attack surface by preventing unauthorized devices from connecting to the network through those ports.
Dynamic ARP inspection
Dynamic Address Resolution Protocol (ARP) inspection is a security feature that intercepts and validates ARP requests and replies, ensuring they are legitimate and preventing ARP spoofing attacks.
EAP
EAP supports multiple authentication methods that provide more robust and secure authentication mechanisms, such as digital certificates, smart cards, or one-time passwords. With EAP, each client can have a unique identity and authentication credentials, which are verified by the network access point during the authentication process. This provides more granular control over access to the network, and makes it more difficult for unauthorized users to gain access to the network.
- Posture assessment
Evaluating an organization's overall network security posture, including the effectiveness of policies, procedures, and controls, to ensure they align with security objectives and industry best practices.
- Process assessment
Evaluating business processes and procedures to identify potential risks and areas for improvement in terms of security, compliance, and efficiency.
Exploits
Exploits are tools, techniques, or methods used by attackers to take advantage of vulnerabilities in a network, system, or application. They enable attackers to gain unauthorized access, disrupt operations, or steal sensitive information.
Firewall rules -
Firewall rules define what types of network traffic are allowed or denied based on specific criteria such as IP addresses, ports, or protocols. They help protect the network by controlling inbound and outbound traffic, preventing unauthorized access, and minimizing the risk of attacks.
Geofencing
Geofencing is a technique that uses GPS or other location-based technologies to create virtual boundaries around a specific geographic area. In the context of network security, geofencing can be used to restrict access to network resources based on a user's or device's location, preventing unauthorized access from outside the defined area.
- Threat assessment
Identifying and evaluating potential threats to network security, such as malicious hackers, insiders, or natural disasters, to determine the likelihood and potential impact of those threats.
- Split tunnel vs. full tunnel
In a split tunnel VPN, only traffic destined for the remote network is sent through the VPN, while other traffic (such as internet browsing) goes directly through the user's local network. In a full tunnel VPN, all network traffic from the user's device is sent through the VPN, including internet traffic. Split tunneling can provide faster internet access but may expose the user to potential security risks, while full tunneling offers greater security but may consume more bandwidth and increase latency.
IP spoofing
In an IP spoofing attack, the attacker sends packets with a forged source IP address, making it appear as if the packets are coming from a trusted or legitimate device. This can be used to bypass security measures, conduct man-in-the-middle attacks, or launch DDoS attacks using reflection/amplification techniques.
Risk Management -
In the context of network security, risk management involves identifying, assessing, and prioritizing potential risks to an organization's network infrastructure and data, followed by implementing appropriate measures to minimize or mitigate those risks.
Kerberos vs. SSO vs. RADIUS vs. TACACS+
Kerberos, SSO, RADIUS, and TACACS+ are all authentication and access control protocols, but they serve different purposes and are used in different scenarios. Kerberos is primarily used in enterprise environments to authenticate users and services across a network. It provides secure authentication and authorization using encrypted tickets and can be used to provide single sign-on (SSO) capabilities. SSO is a user authentication process that allows a user to log in once and gain access to multiple systems or applications without the need to re-enter their credentials. SSO solutions can use various protocols, including Kerberos, but they are not limited to it. RADIUS and TACACS+ are primarily used for centralized authentication, authorization, and accounting (AAA) services in network environments. RADIUS is typically used for remote access scenarios, such as authenticating users who connect to a network through a VPN. TACACS+ is used for authentication and access control for network devices, such as routers and switches. In general, the choice of protocol depends on the specific requirements of the environment and the resources that need to be protected. For example, if the primary concern is authenticating remote users, RADIUS may be the best option. If the concern is securing access to network devices, TACACS+ may be the best option. If the concern is providing seamless access to multiple systems or applications, SSO may be the best option. If the concern is securing authentication across an enterprise network, Kerberos may be the best option.
Kerberos
Kerberos: Kerberos is a network authentication protocol that uses encrypted tickets to authenticate users and services in a secure manner. It helps prevent eavesdropping and replay attacks while ensuring the integrity and confidentiality of authentication data. Imagine you are an employee in a large organization with access to sensitive information. When you log in to your computer, you enter your username and password. Your computer then sends a request to the Kerberos authentication server, asking for a ticket. The server verifies your credentials and issues a ticket that contains your identity information and a secret key. When you try to access a network resource, such as a shared folder or a printer, your computer presents the ticket to the resource server. The server verifies the ticket's authenticity by decrypting it using the secret key, which only you and the authentication server know. If the ticket is valid, the server grants you access to the resource. Kerberos helps prevent attacks such as eavesdropping or replay attacks, where an attacker intercepts and tries to use an old authentication request to gain access to a network resource. With Kerberos, the authentication data is encrypted and the ticket is time-limited, so it can't be reused after it expires.
LDAP
LDAP is a protocol that allows applications to access and manage directory services, such as user accounts and group memberships, over a network. It provides a standardized method for storing and retrieving information from a directory. LDAP can be used for authentication and authorization by verifying user credentials against a central directory. Active Directory is a directory service that can be accessed and managed using LDAP, and it provides a centralized location for storing and managing resources in a networked environment. LDAP can also be used to access other directory services that support the protocol. For example, many email systems use LDAP to store and manage user email addresses and contact information. Additionally, LDAP can be used to manage other resources, such as printers and file systems.
Remote Authentication Dial- in User Service (RADIUS)
Like TACACS+, RADIUS is a protocol for controlling access to network devices. However, RADIUS combines authentication and authorization into a single process, while TACACS+ separates them. RADIUS is often used by internet service providers and enterprises to manage access to a network or the internet.
MAC filtering
MAC filtering is a security technique that restricts access to a wireless network based on the MAC addresses of devices. By allowing only specific MAC addresses to connect, unauthorized devices are prevented from accessing the network.
Malware
Malware (short for malicious software) is any software designed to cause harm or unauthorized actions on a computer or network. Malware includes viruses, worms, Trojans, ransomware, and spyware, among others. Attackers use malware to gain unauthorized access, steal sensitive data, or disrupt network operations.
Multifactor
Multifactor authentication (MFA) requires users to provide two or more forms of identification, such as a password, a hardware token, or a biometric identifier (e.g., fingerprint), to prove their identity. MFA adds an extra layer of security by making it more difficult for attackers to gain unauthorized access.
Network access control (NAC)
NAC is a security solution that controls who can access a network and what resources they can access. It does this by checking the identity and security status of devices and users before granting access to the network. For example, imagine a company has a wireless network that employees use to access company resources. With NAC, before an employee can connect to the network, their device must be checked to make sure it has the latest antivirus software and security patches. If the device doesn't meet the security requirements, it will be denied access to the network. NAC can also help protect against unauthorized access to the network. For instance, if a new device connects to the network, it must first go through the authentication and authorization process before it can access any network resources. NAC operates at the network layer and controls access to the network as a whole.
Network segmentation enforcement
Network segmentation divides a network into smaller, separate segments to limit the scope of an attack and reduce potential damage. By separating critical systems and data from other network resources, organizations can control access and minimize the risk of unauthorized access or data breaches.
On-path attack (previously known as man-in-the-middle attack)
On-path attack (previously known as man-in-the-middle attack): An on-path attack occurs when an attacker intercepts the communication between two parties, typically by inserting themselves into the network path. The attacker can then eavesdrop on the communication, manipulate data, or impersonate one of the parties to gain unauthorized access to sensitive information. The goal of this attack is to steal data or compromise the integrity of the communication. can you give an example of this?
- Phishing
Phishing is a type of social engineering attack where an attacker sends fraudulent emails, text messages, or websites that appear to be from a legitimate source, with the intent of tricking recipients into revealing sensitive information, such as login credentials or financial data.
- Piggybacking
Piggybacking is another term for tailgating. It refers to the same physical security breach where an unauthorized person gains entry into a secure area by following closely behind an authorized individual.
Port security
Port security is a feature that limits the number of devices that can connect to a switchport, preventing unauthorized devices from accessing the network. It can also be used to associate specific Media Access Control (MAC) addresses with a switchport to ensure only authorized devices can connect.
Private VLANs
Private VLANs (PVLANs) are an extension of the VLAN concept that provides isolation between devices within the same VLAN, preventing direct communication between them. This can be useful for segmenting devices with sensitive data or controlling access within a shared network environment.
Antenna placement
Proper antenna placement can help optimize wireless signal coverage and reduce the risk of unauthorized access by minimizing signal leakage outside the intended coverage area.
Router Advertisement (RA) Guard
RA Guard is a security feature that filters router advertisement messages in IPv6 networks, preventing rogue devices from sending false router advertisements and disrupting network connectivity.
Ransomware
Ransomware is a type of malicious software (malware) that encrypts the victim's data, rendering it inaccessible. The attacker then demands a ransom, typically in the form of cryptocurrency, in exchange for the decryption key to restore the data. Ransomware attacks can be highly disruptive and costly for individuals, organizations, and businesses.
Patch and firmware management
Regularly updating and patching network devices helps protect against known vulnerabilities and security flaws. By staying up to date with the latest firmware and patches, you can minimize the risk of attackers exploiting known vulnerabilities.
Role-based access
Role-based access control (RBAC) is a security model that assigns access rights and permissions based on predefined roles. Users are assigned roles based on their job responsibilities, which in turn determine what resources and actions they can access within a system. RBAC simplifies access management and helps maintain the principle of least privilege.
Role-based access
Role-based access control is a method of restricting access to network resources based on the roles of individual users within an organization. Users are granted permissions and access based on their roles, ensuring that they have the minimum necessary privileges to perform their job functions, thus reducing the risk of unauthorized access or misuse of sensitive information.
Security information and event management (SIEM)
SIEM is a technology solution that collects, analyzes, and correlates security event data from various sources within an organization's network. It helps detect and respond to security incidents in real-time, as well as provides valuable insights for improving security measures. SIEM systems can identify patterns, detect potential threats, and support forensic investigations.
Single sign-on (SSO)
SSO allows users to authenticate once and gain access to multiple related systems or applications without the need to re-enter their credentials. SSO simplifies the login process for users and can reduce the risk of unauthorized access due to weak or reused passwords. 1. Email systems 2. Customer relationship management (CRM) systems 3. Enterprise resource planning (ERP) systems 4. Human resources (HR) management systems 5. Document management systems
Separation of duties
Separation of duties is a security principle that divides critical tasks and responsibilities among multiple individuals to prevent any single person from having too much control or access to sensitive information. This approach reduces the risk of fraud, data breaches, or misuse of resources. One example is a server room that requires at least two employees to be badged in at any given time.
- Shoulder surfing
Shoulder surfing is a type of attack where an attacker observes someone entering sensitive information, such as a password or PIN, by looking over their shoulder or using surveillance equipment. This method is often used in public places, like ATMs or public transport, where people are less likely to notice they are being watched.
Secure SNMP
Simple Network Management Protocol (SNMP) is used for monitoring and managing network devices. Secure SNMP refers to using SNMPv3, which provides encryption and authentication features, to protect SNMP traffic from being intercepted or manipulated by unauthorized users.
- Penetration testing
Simulating real-world attacks on a network to identify vulnerabilities, validate security controls, and provide insights for improving security.
Social engineering -
Social engineering is the practice of manipulating people into revealing confidential information or performing actions that compromise security. It exploits human psychology, trust, and social norms rather than targeting technical vulnerabilities.
- Vulnerability assessment
Systematically identifying and evaluating weaknesses in network infrastructure, applications, and processes that could be exploited by threats.
Terminal Access Controller Access- Control System Plus (TACACS+)
TACACS+ is a protocol that provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers. It's typically used in large organizations for controlling access to network devices.
- Tailgating
Tailgating, also known as "piggybacking," is a physical security breach where an unauthorized individual follows an authorized person into a secure area, typically by walking closely behind them as they enter. This type of attack relies on the targeted person's courtesy or inattention to security protocols.
4.2 Technology-based
Technology-based attacks focus on exploiting vulnerabilities in network systems or protocols to compromise security or disrupt services.
IoT access considerations
The Internet of Things (IoT) includes a wide range of devices, such as smart appliances, sensors, and wearables, that connect to the internet. IoT devices can pose unique security challenges due to their diverse nature and potential vulnerabilities. When securing IoT devices, consider factors like updating device firmware, using strong authentication mechanisms, segmenting IoT devices from other network resources, and monitoring network traffic for unusual behavior.
Control plane policing
The control plane of a network device is responsible for managing and maintaining the device's configuration, routing tables, and other important functions. It is critical for the proper operation of the device and must be protected from potential attacks that could disrupt its functioning. Control plane policing (CoPP) is a security feature that allows network administrators to limit the rate of incoming traffic that is destined for the control plane. By setting specific thresholds for the amount of traffic that is allowed, CoPP can prevent Denial-of-Service (DoS) attacks that are specifically targeting the control plane of a device. For example, an attacker could flood a device with a large amount of traffic to overwhelm its control plane, making it unable to perform critical functions. CoPP can prevent this type of attack by dropping traffic that exceeds the set thresholds for the control plane traffic.
Least privilege
The principle of least privilege dictates that users, applications, and systems should only have the minimum access and permissions necessary to perform their tasks. This approach reduces the potential damage caused by unauthorized access or exploitation, as attackers are limited in what they can do with compromised credentials or systems.
Security risk assessments -
These are systematic processes for identifying, analyzing, and evaluating risks associated with an organization's network security. The goal is to understand the potential threats, vulnerabilities, and weaknesses in the network infrastructure, applications, and processes, and to implement appropriate measures to minimize or mitigate those risks.
Business risk assessments -
These assessments focus on identifying and evaluating risks that arise from an organization's business processes, procedures, and relationships with third-party vendors and partners. The goal is to ensure that potential risks related to security, compliance, and efficiency are properly managed and mitigated, and that the organization's security requirements are met by all involved parties.
External
These threats come from outside the organization, such as hackers, cybercriminals, or nation-state actors. Examples include cyberattacks, phishing, or malware infections.
Internal
These threats originate from within an organization, such as employees, contractors, or partners who have authorized access to network resources. Examples include insider attacks, unauthorized data access, or accidental data leakage.
Threats -
Threats are potential dangers that can exploit vulnerabilities in a network or system, causing harm or damage. Threats can be classified as internal or external:
Password complexity/length
Using complex and long passwords makes it more difficult for attackers to guess or crack them. A combination of uppercase and lowercase letters, numbers, and special characters helps create a strong password that is harder to breach.
VLAN hopping
VLAN hopping is an attack method that allows an attacker to bypass network segmentation enforced by VLANs (Virtual Local Area Networks). The attacker sends specially crafted packets that enable them to "hop" from one VLAN to another, potentially gaining unauthorized access to network resources and sensitive data.
Vulnerabilities
Vulnerabilities are weaknesses or flaws in a network, system, or application that can be exploited by threats to cause harm. They can arise from software bugs, misconfigurations, or outdated components.
Wireless client isolation
Wireless client isolation is a feature that prevents wireless devices connected to the same access point from communicating directly with each other. This helps protect sensitive data and prevents unauthorized access to other devices on the network.
Wireless security -
Wireless security refers to the measures taken to protect wireless networks from unauthorized access and attacks. Implementing proper wireless security helps maintain the confidentiality, integrity, and availability of network resources.
Zero Trust
Zero Trust is a security model that assumes no user, device, or system can be trusted by default, regardless of whether it is inside or outside the organization's network. Access is granted based on strict verification and authentication, and policies are enforced to limit access to the minimum necessary for each user, device, or application.
