Certified in Cybersecurity Domain 4 Network Security Detailed Notes

---

Objective

This domain introduces the core concepts of networking and how security integrates within that structure. You’ll explore topics from basic network models and devices to secure communication protocols and common threats.

Purpose: To understand how to secure network infrastructures, ensure safe data transmission, and protect against unauthorized access, attacks, and misuse.

Why Network Security Matters

• Every organization uses networks to connect systems, people, and services—internally and externally.
• Attackers often target networks as a primary entry point to systems and data.
• Network security is the first line of defense for preserving confidentiality, integrity, and availability (CIA).

Key Concepts Covered:

1. Basic Networking Components
   • Routers, switches, firewalls, load balancers, access points
   • OSI & TCP/IP models: what each layer does
   • IP addressing, ports, and protocols (e.g., HTTP, HTTPS, FTP, DNS)
2. Network Topologies and Zones
   • LAN, WAN, WLAN
   • DMZ (Demilitarized Zone), intranet, extranet
   • Segmentation (e.g., VLANs)
3. Secure Communication Protocols
   • HTTPS, SSH, SFTP, VPNs
   • TLS/SSL and their role in encryption
4. Firewalls and Intrusion Detection/Prevention Systems
   • Packet filtering, stateful inspection
   • IDS vs. IPS: detection vs. prevention
5. Common Threats to Networks
   • Man-in-the-middle (MITM) attacks
   • DDoS (Distributed Denial-of-Service)
   • Spoofing, sniffing, session hijacking
6. Network Security Best Practices
   • Principle of least privilege (PoLP)
   • Network segmentation and isolation
   • Regular patching and updates
   • Monitoring and logging network traffic
7. Wireless Network Security
   • WPA3 vs. WPA2, encryption standards
   • MAC filtering, disabling SSID broadcast

4.1 Understand Computer Networking

Network Models

OSI Model – 7 Layers (top-down):

• Layer 7 – Application: Interface for end-user services (e.g., HTTP, FTP).
• Layer 6 – Presentation: Formats data (e.g., encryption, compression).
• Layer 5 – Session: Manages sessions between systems.
• Layer 4 – Transport: Ensures end-to-end communication (TCP/UDP).
• Layer 3 – Network: Handles routing and logical addressing (IP).
• Layer 2 – Data Link: Manages physical addressing (MAC) and frames.
• Layer 1 – Physical: Transmits raw data over hardware (cables, radio).

TCP/IP Model – 4 Layers:

• Application: Protocols like HTTP, FTP, DNS.
• Transport: Manages data transmission using TCP or UDP.
• Internet: Handles addressing and routing with IP.
• Network Access: Combines OSI’s Data Link + Physical layers.

IP Addressing

IPv4:

• 32-bit address (e.g., 192.168.1.1).
• Divided into four 8-bit octets.
• Uses subnet masks for network segmentation.
• Limited address space (approx. 4.3 billion).

IPv6:

• 128-bit address (e.g., 2001:0db8:85a3::8a2e:0370:7334).
• Larger space (2^128 addresses).
• Built-in security (IPsec).
• Needed due to IPv4 exhaustion.

Ports

Purpose: Identify specific applications or services on a host.

• Port 80: HTTP
• Port 443: HTTPS
• Port 22: SSH
• Port 21: FTP
• Port 25: SMTP (email sending)
• Port 53: DNS

Types of Ports:

• Well-Known (0–1023): Reserved for system services.
• Registered (1024–49151): Used by software/apps.
• Dynamic/Private (49152–65535): Temporary or private use.

Common Network Applications/Protocols

• HTTP/HTTPS: Web traffic (HTTPS = encrypted).
• FTP/SFTP: File transfers (SFTP is secure).
• DNS: Resolves domain names to IP addresses.
• SMTP/IMAP/POP3: Email protocols.
• SSH: Secure remote terminal access.
• DHCP: Automatically assigns IP addresses to devices.
• SNMP: Monitors and manages network devices.

Wi-Fi (Wireless Networking)

• Based on IEEE 802.11 standards (e.g., 802.11n, 802.11ac, 802.11ax).
• Operates on 2.4 GHz, 5 GHz, and 6 GHz frequency bands.
• Security Protocols:
  • WEP: Weak and outdated (not recommended).
  • WPA2: Secure and commonly used.
  • WPA3: Most secure, modern standard.
• Requires strong passwords and MAC filtering for access control.

Security Best Practices

• Use firewalls to block unnecessary ports.
• Enforce least privilege on network access.
• Regularly update software/firmware.
• Encrypt traffic using protocols like HTTPS and VPNs.
• Secure WiFi with WPA3, disable WPS, and hide SSIDs if needed.
• Segment internal networks with VLANs or subnetting.
• Monitor network traffic using IDS/IPS and logging tools.

Key Takeaways

• Know OSI vs TCP/IP model differences and layer functions.
• Memorize common ports and their services (e.g., 80 = HTTP).
• Understand IPv4 vs IPv6 structure and benefits.
• Identify secure vs insecure protocols.
• Know wireless networking basics and its security implications.
• Be familiar with network-based security controls.

4.2  Understand Network Threats and Attacks

1. Types of Threats

Distributed Denial-of-Service (DDoS)

• Definition: A DDoS attack aims to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
• Source: Usually executed using botnets—a network of infected machines controlled by an attacker.
• Impact:
  • Service unavailability (websites down)
  • Degraded performance
  • Possible financial or reputational damage
• Mitigation: Load balancing, rate limiting, traffic filtering, cloud-based DDoS protection (e.g., Cloudflare, AWS Shield).

Virus

• Definition: Malicious code that attaches itself to legitimate programs and replicates only when the host program is executed.
• Behavior: Infects executable files, spreads via infected storage or email attachments.
• Effect: Corrupts files, slows down systems, deletes data.
• Prevention: Updated antivirus software, email scanning, endpoint protection platforms (EPP).

Worm

• Definition: A self-replicating malicious program that spreads independently without user interaction.
• Spread: Uses network vulnerabilities or weak passwords.
• Impact: Network congestion, resource exhaustion, mass replication.
• Prevention: Patch management, strong authentication, network segmentation.

Trojan Horse (Trojan)

• Definition: Malware disguised as legitimate software. It misleads users of its true intent.
• Functions: Remote access, data theft, keylogging, downloading additional malware.
• Example: Fake “free game” that installs spyware.
• Prevention: Application allowlisting, sandbox testing, user awareness.

Man-in-the-Middle (MITM) Attack

• Definition: The attacker secretly intercepts or alters communication between two parties.
• Scenarios:
  • Eavesdropping on unencrypted Wi-Fi
  • Session hijacking
  • DNS spoofing
• Prevention: Use of HTTPS, VPNs, mutual TLS, public key infrastructure (PKI).

Side-Channel Attack

• Definition: Exploits physical characteristics (e.g., timing, power consumption, electromagnetic leaks) of cryptographic operations.
• Focus: Extracting private keys or sensitive data.
• Common on: Smartcards, IoT devices, secure enclaves.
• Defense: Constant-time algorithms, shielding, hardware countermeasures.

2. Identification of Threats

Intrusion Detection System (IDS)

• Definition: A monitoring system that detects suspicious activities and generates alerts but does not block traffic.

Types:

• Host-based IDS (HIDS):
  • Installed on individual machines
  • Monitors system logs, file integrity, and active processes
  • Alerts on anomalies or policy violations at the host level
• Network-based IDS (NIDS):
  • Monitors network traffic at strategic points
  • Detects scanning, packet flooding, and protocol anomalies
  • Uses signature or anomaly-based detection
• Limitations:
  • Can’t stop attacks directly (only alert)
  • May produce false positives/negatives

3. Prevention of Threats

Antivirus/Antimalware

• Function: Detects, quarantines, and removes known malware using signature and heuristic techniques.
• Capabilities:
  • Scheduled scanning
  • Real-time monitoring
  • Behavior-based threat detection

Scans

• Vulnerability Scanners:
  • Detect unpatched software, misconfigurations, and security weaknesses
  • Examples: Nessus, OpenVAS
• Best Practices:
  • Perform regular internal and external scans
  • Prioritize based on risk severity

Firewalls

• Purpose: Enforce security policies by controlling incoming and outgoing network traffic.
• Types:
  • Packet-filtering firewalls: Based on IP, port, protocol
  • Stateful inspection: Tracks connection state
  • Next-gen firewalls (NGFW): Deep packet inspection, threat intelligence
• Placement: Perimeter of network, between zones (e.g., DMZ)

Intrusion Prevention System (IPS)

• Definition: An advanced security tool that actively blocks or drops malicious traffic.
• Functions:
  • Detect and stop exploits in real-time
  • Reset connections, block IPs, reconfigure firewalls
  • Often integrated with IDS as IDPS
• Deployment: Inline with network traffic (vs IDS which is passive)

Key Takeaways

• Focus on understanding how each threat works, how to identify signs of compromise, and which control mitigates it.
• Memorize the difference between IDS and IPS and when each is used.
• Understand the relationship between prevention, detection, and response.

4.3 Understand Network Security Infrastructure

This domain focuses on how network infrastructure is secured, covering on-premises, network design, and cloud-based infrastructure. It builds your foundational understanding of architectural components, physical environments, segmentation strategies, and service models in cloud computing.

On-Premises Infrastructure

1. Power

• Continuous power is crucial to maintain system uptime and prevent data loss.
• Includes:
  • UPS (Uninterruptible Power Supply): Offers short-term backup power to critical systems.
  • Backup Generators: Provide extended power during prolonged outages.
  • Redundant circuits: Ensure availability if one power path fails.

2. Data Centers and Network Closets

• Central locations where servers, networking hardware, and storage are housed.
• Security measures:
  • Restricted physical access (smart cards, biometrics).
  • Fire-resistant rooms.
  • Raised floors for cabling and cooling.
  • Tamper-proof racks and locking cabinets.

3. HVAC (Heating, Ventilation, and Air Conditioning)

• Essential to maintain the correct temperature and humidity.
• Prevents overheating and electrostatic discharge.
• Includes:
  • Redundant cooling units.
  • Monitoring for anomalies.

4. Environmental Controls

• Devices and systems to monitor and alert staff of hazards.
  • Smoke detectors
  • Humidity sensors
  • Motion sensors
  • Water leak detectors

5. Fire Suppression

• Automated systems that detect and suppress fires.
  • Dry agents like FM-200 or CO₂, which do not damage electronics.
  • Pre-action sprinkler systems that require two triggers to avoid false discharge.

6. Redundancy

• Adds fault tolerance to systems.
• Examples:
  • RAID arrays for storage.
  • Dual power supplies, internet connections, network paths.
  • Prevents single points of failure.

7. MOU and MOA (Memorandum of Understanding / Agreement)

• Used during disaster recovery planning or vendor/service collaboration.
  • MOU: Non-binding statement of understanding.
  • MOA: Binding document detailing shared services, roles, and expectations.

B. Network Design

Design strategies that secure network architecture from internal and external threats.

1. Network Segmentation

Divides a network into zones to restrict access and reduce exposure.

a. DMZ (Demilitarized Zone)

• Isolated zone between internal network and external (Internet).
• Hosts services that need public access (e.g., web servers).
• Limits lateral movement to internal assets.

b. VLAN (Virtual LAN)

• Logically separates devices on the same physical network.
• Improves traffic control and security.
• Example: Isolate user traffic from HR or Finance systems.

c. VPN (Virtual Private Network)

• Encrypts data over public or untrusted networks.
• Secures remote access to internal systems.
• Can use IPSec or SSL protocols.

d. Micro-Segmentation

• More granular control than VLANs.
• Applied at the workload or application level.
• Often used in virtualized or cloud environments.
• Prevents an attacker from moving between virtual machines.

2. Defense in Depth

• Layered defense strategy.
• Multiple controls at each level:
  • Physical (locked rooms)
  • Network (firewalls)
  • Host (endpoint protection)
  • Application (input validation)
  • Data (encryption)
• If one layer fails, others remain active.

3. Network Access Control (NAC)

• Controls who and what can access the network.
• Devices are scanned for compliance:
  • Antivirus
  • Patch levels
  • OS version
• Particularly useful for:
  • IoT devices (limited native protection)
  • Embedded systems (difficult to patch)

C. Cloud Infrastructure

Covers the various models and security considerations for cloud-based environments.

1. SLA (Service-Level Agreement)

• Defines availability, performance, and response times for cloud services.
• May include:
  • Uptime guarantee (e.g., 99.9%)
  • Data backup and recovery timelines
  • Security responsibilities

2. Managed Service Provider (MSP)

• External vendors that manage IT/network infrastructure.
• Examples:
  • Email filtering
  • Firewalls
  • Remote monitoring
• Must have clear contracts, strong security controls, and data handling rules.

3. Cloud Service Models

Each model determines how security responsibilities are shared between the provider and customer.

a. SaaS (Software as a Service)

• Entire stack (hardware, OS, app) managed by the vendor.
• Examples: Gmail, Dropbox, Microsoft 365
• Customer responsible only for data and user access management.

b. PaaS (Platform as a Service)

• Vendor manages hardware + OS, provides platform for app development.
• Examples: Google App Engine, Heroku
• Customer responsible for applications and data security.

c. IaaS (Infrastructure as a Service)

• Vendor provides virtualized resources (compute, storage, network).
• Examples: AWS EC2, Azure VMs
• Customer must manage:
  • OS configuration
  • Security patches
  • Firewall rules

4. Hybrid Cloud

• Combines private (on-prem) and public cloud components.
• Offers:
  • Flexibility
  • Cost-efficiency
  • Data control
• Example: Store sensitive data on-prem, while using public cloud for backups or scalability.

Key Takeaways

• Focus on differences between segmentation types (VLAN vs DMZ vs micro-segmentation).
• Be clear on SaaS vs PaaS vs IaaS responsibilities.
• Understand why NAC is critical in IoT/embedded systems.
• Know what physical controls support uptime and safety (redundancy, fire suppression).