Network Security Concepts

Network security protects data integrity, confidentiality, and availability across network infrastructure. Security operates on multiple layers - defense in depth - because no single security measure is bulletproof.

Core Security Principles (CIA Triad)

Confidentiality: Only authorized users access data (encryption, access controls)
Integrity: Data remains unaltered during transmission/storage (hashing, digital signatures)
Availability: Resources remain accessible when needed (redundancy, DDoS protection)

Common Network Threats

Malware: Viruses, worms, trojans that compromise systems
DoS/DDoS: Overwhelming resources to deny legitimate access
Man-in-the-Middle (MITM): Intercepting communications between two parties
Social Engineering: Manipulating humans to divulge information (weakest link in security chain)
Reconnaissance: Information gathering before launching attacks (port scans, network mapping)

Access Control Methods

Method	Description	Use Case
MAC (Mandatory)	System enforces access based on classifications	Military/government environments
DAC (Discretionary)	Resource owner controls access	Standard business networks
RBAC (Role-Based)	Access based on user roles/job functions	Enterprise environments

Authentication Methods

Something you know: Passwords, PINs (weakest form - easily compromised)
Something you have: Smart cards, tokens, certificates
Something you are: Biometrics (fingerprints, retina scans)
Multi-factor authentication (MFA) combines multiple methods for stronger security

Network Security Devices

Firewalls

Firewalls filter traffic based on predetermined rules - think of them as network bouncers checking IDs.

Stateless Firewalls (Packet Filters):

Examine each packet individually without context
Filter based on source/destination IP, ports, protocols
Fast but limited (can’t track connection state)
Example: Block all traffic from 192.168.1.100 to port 80

Stateful Firewalls:

Track connection state and context (connection tables)
Remember outbound requests and allow related return traffic
More secure but higher processing overhead
Example: Allow return HTTP traffic only if outbound request was made

Application Layer Firewalls (Proxy):

Inspect actual application data (Layer 7)
Can block specific websites, file types, or application commands
Highest security but significant performance impact

Intrusion Detection/Prevention Systems

Type	Function	Deployment	Response
IDS	Detects and alerts	Out-of-band (monitoring)	Passive notification
IPS	Detects and blocks	In-line (active path)	Active blocking

Signature-based: Matches known attack patterns (like antivirus definitions)
Anomaly-based: Detects deviations from normal behavior baselines
IPS must be deployed in-line - traffic flows through device for real-time blocking

VPN Technologies

VPNs create secure tunnels over untrusted networks (like sending classified documents in a locked briefcase).

IPSec VPN

Encryption Protocols:
- AES (Advanced Encryption Standard) - current gold standard
- 3DES (Triple DES) - legacy, being phased out
Hashing: SHA-1 (weak), SHA-256 (recommended)
Key Exchange: Diffie-Hellman groups (higher numbers = stronger security)

IPSec Modes:

Transport Mode: Encrypts payload only (host-to-host)
Tunnel Mode: Encrypts entire packet (site-to-site VPNs)

SSL/TLS VPN

Browser-based access (no client software required)
Uses SSL/TLS encryption (same as HTTPS websites)
Clientless operation makes deployment easier for remote users
Lower performance than IPSec but more flexible for BYOD environments

Wireless Security

Wireless networks broadcast signals that anyone can intercept - security is critical.

Standard	Encryption	Key Length	Status
WEP	RC4	64/128-bit	Broken (crackable in minutes)
WPA	TKIP	128-bit	Deprecated
WPA2	AES-CCMP	128-bit	Current standard
WPA3	AES-GCMP	192-bit	Next generation

WPA2 Authentication Modes

Personal (PSK): Pre-shared key for small networks (home/SOHO)
Enterprise (802.1X): RADIUS authentication for corporate environments
Enterprise mode provides individual user credentials vs. shared passwords

Network Access Control (NAC)

NAC systems verify device compliance before granting network access.

802.1X Components:

Supplicant: Client requesting access (laptop, phone)
Authenticator: Network device controlling access (switch, wireless controller)
Authentication Server: RADIUS server validating credentials

Process Flow:

Client connects to network port/SSID
Switch/AP blocks traffic except authentication
Client provides credentials to RADIUS server
RADIUS responds with accept/reject + VLAN assignment
Switch/AP grants appropriate network access

Vocabulary

DMZ (Demilitarized Zone): Network segment between internal LAN and external internet, containing public-facing servers

RADIUS: Remote Authentication Dial-In User Service - centralized authentication protocol

TACACS+: Terminal Access Controller Access-Control System Plus - Cisco’s enhanced authentication protocol

AAA: Authentication (who are you?), Authorization (what can you do?), Accounting (what did you do?)

VLAN Hopping: Attack technique jumping between VLANs to access unauthorized network segments

Evil Twin: Rogue wireless access point mimicking legitimate hotspot to steal credentials

Notes

Default deny policy: Block everything by default, explicitly allow only required traffic
Security policies are only as strong as their weakest implementation - users often circumvent inconvenient security measures
Regular security assessments and penetration testing reveal vulnerabilities before attackers do
Keep firmware and software updated - most breaches exploit known vulnerabilities with available patches
Physical security is fundamental - if attackers have physical access, assume compromise
Document security incidents for pattern analysis and compliance requirements
Test backup and disaster recovery procedures regularly - security incidents will happen
Consider compliance requirements (PCI-DSS, HIPAA, SOX) when designing security architecture