you've learned about security domains in previous courses now we'll explore one of those domains further Networks it's important to secure networks because network-based attacks are growing in both frequency and complexity hi there my name is Chris and I'm the Chief Information Security Officer for Google Fiber I'm excited to be your instructor for this course I've been working in network security and Engineering for over 20 years and I'm looking forward to sharing some of my knowledge and experience with you this course will help you understand the basic structure of a network also referred to as a network architecture and commonly used Network Tools you'll also learn about network operations and explore some basic Network protocols next you'll learn about common Network attacks and how Network intrusion tactics can prevent a threat to a network finally the course will provide an overview of security hardening practices and how you might use them to help secure a network there's a lot to learn in securing networks and I'm excited to go on this journey with you ready to get started let's go before securing a network you need to understand the basic design of a network and how it functions in this section of the course you will learn about the structure of a network standard networking tools Cloud networks and the basic framework for organizing Communications across a network called the TCP model securing networks is a big part of a security analyst responsibilities so I'm excited to help you understand how to secure your organization's network from threats risks and vulnerabilities let's get going welcome before you can understand the importance of securing a network you need to know what a network is a network is a group of connected devices at home the device is connected to your network might be your laptop cell phones and smart devices like your refrigerator or air conditioner in an office devices like workstations printers and servers all connect to the network the devices on a network can communicate with each other over network cables or wireless connections networks in your home and office can communicate with networks in other locations and the devices on them devices need to find each other on a network to establish Communications these devices will use unique addresses or identifiers to locate each other the addresses will ensure that Communications happens with the right device these are called the IP and Mac addresses devices can communicate on two types of network a local area network also known as a lan and a wide area network also known as a Wan a local area network or Lan spans a small area like an office building a school or a home for example when a personal device like your cell phone or tablet connects to the Wi-Fi in your house they form a lan the land then connects to the internet a wide area network or Wan spans a large geographical area like a city state or country you can think of the internet as one big win an employee of a company in San Francisco can communicate and share resources with another employee in Dublin Ireland over the LAN now that you've learned about the structure and types of networks meet me in an upcoming video to learn about the devices that connect to them in this video you'll learn about the common devices that make up a network let's get started a hub is a network device that broadcasts information to every device on the network think of a hub like a radio tower that broadcasts a signal to any radio tuned to the correct frequency another Network device is a switch a switch makes connections between specific devices on a network by sending and receiving data between them a switch is more intelligent than a hub it only passes data to the intended destination this makes switches more secure than hubs and enables them to control the flow of traffic and improve Network performance another device that we'll discuss is a router a router is a network device that connects multiple networks together for example if a computer in one network wants to send information to a tablet on another Network then the information will be transferred as follows first the information travels from the computer to the router then the router reads the destination address and forwards the data to the intended networks router finally the receiving router to directs that information to the tablet finally let's discuss modems a modem is a device that connects your router to the internet and brings internet access to the LAN for example if a computer from one network wants to send information to a device on a network in a different geographic location it would be transferred as follows the computer would send information to the router the router would then transfer the information through the modem to the internet the intended recipients modem receives the information and transfers it to the router finally the recipient's router forwards that information to the destination device Network Tools such as hubs switches routers and modems are physical devices however many functions performed by these physical devices can be completed by virtualization tools virtualization tools are pieces of software that perform network operations virtualization tools carry out operations that would normally be completed by a hub switch router or modem and they are offered by cloud service providers these tools provide opportunities for cost savings and scalability you'll learn more about them later in the certificate program now you've explored some common devices that make up a network coming up you're going to learn more about cloud computing and how networks can be designed using cloud services companies have traditionally owned their network devices and kept them in their own Office Buildings but now a lot of companies are using third-party providers to manage their networks why well this model helps companies save money while giving them access to more network resources the growth of cloud computing is helping many companies reduce costs and streamline their network operations cloud computing is the practice of using remote servers applications and Network Services that are hosted on the internet instead of on local physical devices today the number of businesses that use cloud computing is increasing every year so it's important to understand how Cloud networks function and how to secure them Cloud providers offer an alternative to traditional on-premise networks and allow organizations to have the benefit of a traditional Network without storing the devices and managing the network on their own a cloud network is a collection of servers or computers that stores resources and data in a remote Data Center and can be accessed via the Internet because companies don't house the servers at their physical location these servers are referred to as being in the cloud traditional Network hosts web servers from a business in its physical location however Cloud networks are different from traditional networks because they use remote servers which allows online services and web applications to be used from any geographic location Cloud Security will become increasingly relevant to many Security Professionals as more organizations migrate to cloud services cloud service providers offer cloud computing to maintain applications for example they provide on-demand storage and processing power that their customers only pay as needed they also provide business and web analytics that organizations can use to monitor their web traffic and sales with a transition to Cloud networking I have witnessed an overlap of identity-based security on top of the more traditional network-based Solutions this meant that my focus needed to be on verifying both where the traffic is coming from and the identity that is coming with it more organizations moving their Network Services to the cloud to save money and simplify their operations as this trend has grown Cloud security has become a significant aspect of network security networks help organizations communicate and connect but communication makes Network attacks more likely because it gives a malicious actor an opportunity to take advantage of vulnerable devices and unprotected Networks communication over a network happens when data is transferred from one point to another pieces of data are typically referred to as data packets a data packet is a basic unit of information that travels from one device to another within a network when data is sent from one device to another across a network it is sent as a packet that contains information about where the packet is going where it's coming from and the content of the message think about data packets like a piece of physical mail imagine you want to send a letter to a friend the envelope will need to have the address where you want the letter to go and your return address inside the envelope is a letter that contains the message that you want your friend to read a data packet is very similar to a physical letter it contains a header that includes the Internet Protocol address the IP address and the media access control or Mac address of the destination device it also includes a protocol number that tells the receiving device what to do with the information in the packet then there's the body of the packet which contains the message that needs to be transmitted to the receiving device finally at the end of the packet there's a footer similar to a signature on a letter the footer signals to the receiving device that the packet is finished the movement of data packets across a network can provide an indication of how well the network is performing Network performance can be measured by bandwidth bandwidth refers to the amount of data a device receives every second you can calculate bandwidth by dividing the quantity of data by the time in seconds speed refers to the rate at which data packets are received or downloaded security Personnel are interested in network bandwidth and speed because if either irregular it can be an indication of an attack packet sniffing is the practice of capturing and inspecting data packets across the network communication on a network is important for sharing resources and data because it allows organizations to function effectively coming up you'll learn more about the protocols of support network communication hello again in this video you'll learn more about communication protocol the devices used to communicate with each other across the internet this is called the TCP IP model TCP stands for transmission control protocol and Internet Protocol tcpip is the standard model used for network communication let's take a closer look at this model by defining TCP and IP separately first TCP or transmission control protocol is an internet communication protocol that allows two devices to form a connection and stream data the protocol includes a set of instructions to organize data so it can be sent across a network it also establishes a connection between two devices and make sure the packet reaches the appropriate destination the IP and tcpip stands for Internet Protocol IP is a set of Standards used for routing and addressing data packets as they travel between devices on a network included in the Internet Protocol is the IP address that functions as an address for each private Network you'll learn more about IP addresses a bit later when data packets are sent and received across a network they are assigned a port within the operating system of a network device a port is a software-based location that organizes the sending and receiving of data between devices on a network ports divide Network traffic into segments based on the service they will perform between two devices the computer is sending and receiving these data segments knows how to prioritize and process these segments based on their port number this is like sending a letter to a friend who lives in an apartment building the mail delivery person not only knows how to find the building but they also know exactly where to go in the building to find the apartment number where your friend lives data packets include instructions that tell the receiving device what to do with the information these instructions come in the form of a port number port numbers allow computers to split the network traffic and prioritize the operations they will perform with the data some common port numbers are Port 25 which is used for email Port 443 which is used for secure internet communications and Port 20 for large file transfers as you've learned in this video a lot of information and instructions are contained in data packets as they travel across the network coming up you'll learn more about the tcpip model now that we've discussed the structure of a network and how Communications takes place it's important for you to know how the Security Professionals identify problems that might arise the tcpip model is a framework that is used to visualize how data is organized and transmitted across the network the TCP model has four layers the four layers are the network access layer the internet layer the transport layer and the application layer knowing how the TCP model organizes network activity allows Security Professionals to Monitor and secure against risks let's examine these layers one at a time layer 1 is the network access layer the network access layer deals with creation of data packets and their transmission across a network this includes Hardware devices connected to physical cables and switches that direct the data to its destination layer 2 is the internet layer the internet layer is where IP addresses are attached to data packets to indicate the location of the sender and receiver the internet layer also focuses on how networks connect to each other for example data packets containing information that determine whether they will stay on the land or be sent to a remote Network like the internet the transport layer includes protocols to control the flow of traffic across a network these protocols permit or deny communication with other devices and include information about a status of the connection activities of this layer include error control which ensures data is Flowing smoothly across the network finally at the application layer protocols determine how the data packets will interact with receiving devices functions that are organized at application layer include file transfers and email services now you have an understanding of the TCP model and its four layers meet you in the next video let's learn about how IP addresses are used to communicate over a network IP stands for Internet Protocol an Internet Protocol address or IP address is a unique string of characters that identifies the location of a device on the internet each device on the internet has a unique IP address just like every house on a street has its own mailing address there are two types of IP addresses ipv4 or ipv4 and IPv6 or IPv6 let's look at examples of an ipv4 address ipv4 addresses are written as four one two or three digit numbers separated by a decimal point in the early days of the internet IP addresses were all ipv4 but as the use of the internet grew all the ipv4 addresses started to get used up so IPv6 was developed IPv6 addresses are made up of 32 characters the length of the IPv6 address will allow for more devices to be connected to the internet without rounding out of addresses as quickly as ipv4 IP addresses can be either public or private your internet service provider assigns a public IP address that is connected to your geographic location when network communications goes out for your device on the internet they all have the same public facing address just like all the roommates in one home share the same mailing address all the devices on a network share the same public-facing IP address private IP addresses are only seen by other devices on the same local network this means that all the devices on your home network can communicate with each other using unique IP addresses that the rest of the internet can't see another kind of address used in network communications is called a MAC address a MAC address is a unique alphanumeric identifier that is assigned to each physical device on a network when a switch receives a data packet it reads the MAC address of the destination device and Maps it to a port it then keeps this information in a MAC address table think of the MAC address table like an address book that the switch uses to direct data packets to the appropriate device in this video you learned about ipv4 and IPv6 addresses you learned how IP and Mac addresses are used in network communication and the difference between a public and a private IP address hey you made it well done let's wrap up what you've learned in this section of the course we explored the structure of a network including wans and lands we also discuss standard networking tools like hubs switches routers and modems we briefly introduce Cloud networks and we discuss their benefits we also spent some time on the tcpip model as a reminder technicians and security analysts often use this framework when communicating where network problems have occurred that wraps up this section next you'll learn more about network operations and how data is transmitted over wireless networks congratulations on the progress you've made so far in this section you'll learn about how networks operate using tools and protocols these are the concepts that you'll use every day in your work as a security analyst the tools and protocols you'll learn in this section of the program will help you protect your organization's network from Attack did you know that malicious actors can take advantage of data moving from one device to another on a network thankfully there are tools and protocols to ensure the network stays protected against this type of threat as an example I once identified an attack based solely on the fact they were using the wrong protocol the network traffic volumes were right was coming from a trusted IP but it was on the wrong protocol which tipped us off enough to shut down the attack before they caused real damage first we'll discuss some common Network protocols then we'll discuss virtual private networks or vpns and finally we'll learn about firewalls security zones and proxy servers now that you have an idea of where we're headed let's get started networks benefit from having rules rules ensure that data sent over the network gets to the right place these rules are known as Network protocols Network Protocols are a set of rules used by two or more devices on a network to describe the order of delivery and the structure of the data let's use a scenario to demonstrate a few different types of network protocols and how they work together on a network say you want to access your favorite recipe website you go to the address bar of the top of your browser and type in the website's address for example www.yummyrecipesforme.org before you gain access to the website your device will establish Communications with a web server that communication uses a protocol called the transmission control protocol or TCP TCP is an internet communications protocol that allows two devices to form a connection and stream data TCP also verifies both devices before allowing any further Communications to take place this is often referred to as a handshake once communication is established using a TCP handshake a request is made to the network using our example we have requested data from the yummy recipe for me server their servers will respond to that request and send data packets back to your device so that you can view the web page as data packets move across the network they move between network devices such as routers the address resolution protocol or ARP is used to determine the MAC address of the next router or device in the path this ensures that the data gets the right place now the communication has been established and the destination device is known it's time to access the yummy recipe for me website the hypertext transfer protocol secure or https is a network protocol that provides a secure method of communication between client and website servers it allows your web browser to securely send a request for a web page to the yummy recipes for me server and receive a web page as a response next comes a protocol called the domain name system or DNS which is a network protocol that translates Internet domain names into IP addresses the DNS protocol sends the domain name and the web address to a DNS server that retrieves the IP address of the website you are trying to access in this case yummy recipes for me the IP address is included as a destination address for the data packets traveling to the yummy recipes for me web server so just by visiting one website the device on your networks are using four different protocols TCP ARP https and DNS these are just some of the protocols used in network communications to help you learn more about the different protocols we'll discuss them further in an upcoming course material but how do these protocols relate to security well in the yummy recipes for me website example we used https which is a secure protocol that requests a web page from a web server https encrypts data using the secure socket layer and transport layer security otherwise known as SSL TLS this helps keep the information secure from malicious actors who want to steal valuable information that's a lot of information and a lot of protocols to remember throughout your career as a security analyst you'll become more familiar with network protocols and use them in your daily activities so far you've learned about a variety of network protocols including Communications protocols like TCP now we're going to go more in depth into a class of communications protocols called the IEEE 802.11 IEEE 802.11 commonly known as Wi-Fi is a set of standards that Define Communications for wireless lands IEEE stands for The Institute of electrical and electronics Engineers which is an organization that maintains Wi-Fi standards an 802.11 is a suite of protocols used in Wireless Communications Wi-Fi protocols have adapted over the years to become more secure and reliable to provide the same level of security as a wired connection in 2004 a secure protocol called the Wi-Fi protected access or WPA was introduced WPA is a wireless security protocol for devices to connect to the internet since then WPA has evolved into newer versions like WPA2 and wpa3 which include further security improvements like more advanced encryption as a security analyst you might be responsible for making sure that the wireless connections in your organization are secure let's learn more about security measures in this video you'll learn about different types of firewalls these include Hardware software and cloud-based firewalls you'll also learn the difference between a stateless and stateful firewall and cover some of the basic operations that a firewall performs finally you'll explore how proxy servers are used to add a layer of security to the network a firewall is a network security device that monitors traffic to and from your network it either allows traffic or it blocks it based on a defined set of security rules firewall can use port filtering which blocks or allows certain port numbers to limit unwanted communication for example could have a rule that only allows Communications on Port 443 for https report 25 for email and blocks everything else these firewall settings will be determined by the organization's security policy let's talk about a few different kinds of firewalls a hardware firewall is considered the most basic way to defend against threats to a network Hardware firewall inspects each data packet before it's allowed to enter the network a software firewall performs the same functions as a hardware firewall but it's not a physical device instead it's a software program installed on a computer or on a server if the software firewall is installed on a computer it will analyze all the traffic received by that computer if the software firewall is installed on a server it will protect all the devices connected to the server a software firewall typically costs less than purchasing a separate physical device and it doesn't take up any extra space but because it is a software program it will add some processing burden to the individual devices organizations may choose to use a cloud-based firewall cloud service providers offer firewalls as a service or faas for organizations cloud-based firewalls are software firewalls hosted by a cloud service provider organizations can configure the firewall rules on the cloud service providers interface and the firewall will perform security operations on all incoming traffic before it reaches the organization's on-site Network cloud-based firewalls also protect any assets or processes then an organization might be using in the cloud all the firewalls we have discussed can be either stateful or stateless the term stateful and stateless refer to how the firewall operates stateful refers to a class of firewall that keeps track of information passing through it and proactively filters out threats a stateful firewall analyzes Network traffic for characteristics and behavior that appear suspicious and stops them from entering the network State less refers to a class of firewall that operates based on predefined rules and does not keep track of information from data packets a stateless firewall only acts according to pre-configured rules set by the firewall administrator the rules programmed by the firewall administrator tell the device what to accept and what to reject a stateless firewall doesn't store analyze information it also doesn't Discover suspicious trends like a stateful firewall does for this reason stateless firewalls are considered less secure than stateful firewalls a Next Generation firewall or ngfw provides even more security than a stateful firewall not only does an ngfw provide stateful inspection of incoming and outgoing traffic but it also performs more in-depth security functions like deep packet inspection and intrusion protection some ngfws connect to cloud-based threat intelligence services so they can quickly update to protect against emerging cyber threats now you have a basic understanding of firewalls and how they work we learned that firewalls can be Hardware or software we also discussed the difference between a stateless and stateful firewall and the security benefits of a stateful firewall finally we discussed Next Generation firewalls and the security benefits they provide coming up we'll learn more about virtual Networks in this video we're going to discuss how virtual private networks or vpns add security to your network when you connect to the internet your internet service provider receives your Network's requests and forwards it to the correct destination server but your internet requests include your private information that means if the traffic gets intercepted someone could potentially connect your internet activity with your physical location and your personal information this includes some information that you want to keep private like bank accounts and credit card numbers a virtual private Network also known as a VPN is a network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you're using a public network like the internet vpns also encrypt your data as it travels across the internet to preserve confidentiality a VPN service performs encapsulation on your data in transit encapsulation is a process performed by a VPN service that protects your data by wrapping sensitive data in other data packets previously you learned how the mac and IP address of the destination device is contained in the header and footer of a data packet this is a security threat because it shows the IP and virtual location of your private Network you could secure a data packet by encrypting it to make sure your information can't be deciphered but then Network routers won't be able to read the IP and Mac address to know where to send it to this means you won't be able to connect to the Internet site or the service that you want encapsulation solves this problem while still maintaining your privacy VPN Services encrypt your data packets and encapsulate them in other data packets that the routers can read this allows your network requests to reach their destination but still encrypts your personal data so it's unreadable while in transit a VPN also uses an encrypted tunnel between your device and the VPN server the encryption is unhackable without a cryptographic key so no one can access your data VPN services are simple and offer significant protection while you're on the internet with a VPN you have the added assurance that your data is encrypted your IP address and virtual location are unreadable to malicious actors in this section we'll discuss a type of network security feature called a security Zone security zones are a segment of a network that protects the internal network from the internet they are part of the security technique called Network segmentation it divides the network into segments each Network segment has its own access permissions and security rules security zones control who can access different segments of a network security Zones Act as a barrier to internal networks maintain privacy within corporate groups and prevent issues from spreading to the whole network one example of network segmentation is a hotel that offers free public Wi-Fi the unsecured guest network is kept separate from another encrypted Network used by the hotel staff additionally an organization's Network can be divided into sub networks or subnets to maintain privacy for each department and organization for instance at a university there may be a faculty subnet and a separate student subnet if there is contamination on the student subnet Network administrators can isolate it and keep the rest of the network free from contamination an organization's network is classified into two types of security zones first there's the uncontrolled Zone which is any network outside the organization's control like the internet then there's the controlled Zone which is a subnet that protects the internal network from the uncontrolled Zone there are several types of network within the controlled Zone on the outer layer is the demilitarized zone or DMZ which contains public-facing services that can access the internet this includes web servers proxy servers that host websites for the public and DNS servers that provide IP addresses for internet users it also includes email and file servers that handle external Communications the DMZ acts as a network perimeter to the internal Network the internal Network contains private servers and data that the organization needs to protect inside the internal network is another Zone called the restricted Zone the restricted Zone protects highly confidential information that is only accessible to employees with certain privileges now let's try to picture these security zones ideally the DMZ is situated between two firewalls one of them filters traffic outside the DMZ and one of them filters traffic entering the internal Network this protects the internal network with several lines of Defense if there's a restricted Zone that too would be protected with another firewall this way attacks that penetrate into the DMZ Network cannot spread to the internal Network and attacks that penetrate the internal Network cannot access the restricted Zone as a security analyst you may be responsible for regulating Access Control policies on these firewalls security teams can control traffic reaching the DMZ and the internal Network by restricting IPS and ports for example an analyst May ensure that only https traffic is allowed to access web servers in the DMZ security zones are an important part of securing networks especially at large organizations understanding how they are used is essential for all security analysts coming up we'll learn about securing internal Networks previously we discussed how firewalls vpns and security zones help to secure Networks next we'll cover how to secure internal networks with proxy servers proxy servers are another system that helps secure networks the definition of a proxy server is a server that fulfills the request of a client by forwarding them on to other servers the proxy server is a dedicated server that sits between the internet and the rest of the network want a request to connect to the network comes in from the internet the proxy server will determine if the connection request is safe the proxy server uses a public IP address that is different from the rest of the private Network this hides the private Network's IP address for malicious actors on the internet and adds a layer of security let's examine how this will work with an example when a client receives an https response they will notice a distorted IP address or no IP address rather than the real IP address of the organization's web server a proxy server can also be used to block unsafe websites that users aren't allowed to access on an organization's Network a proxy server uses temporary memory to store data that's regularly requested by external servers this way it doesn't have to fetch data from an organization's internal servers every time this enhances security by reducing contact with the internal server there are different types of proxy servers that support network security this is important for security analysts who monitor traffic from various proxy servers and may need to know what purpose they serve let's explore some different types of proxy servers a forward proxy server regulates and restricts a person with access to the internet the goal is to hide a user's IP address and approve all outgoing requests in the context of an organization a forward proxy server receives outgoing traffic from an employee approves it and then forwards it on to the destination on the internet a reverse proxy server regulates and restricts the internet's access to an internal server the goal is to accept traffic from external parties approve it and forward it to the internal servers this setup is useful for protecting internal web servers containing confidential data from exposing their IP address to external parties an email proxy server is another valuable security tool it filters spam email by verifying whether a sender's address was forged this reduced the risk of phishing attacks that impersonate people known to the organization let's talk about a real world example of an email proxy several years ago when I was working at a large U.S Broadband ISP we used a proxy server to implement multiple layers of anti-spam filtering before the message was allowed in for delivery it ended up tagging around 95 percent of messages as spam the proxy servers would allow us to filter and then scale those filters without impacting the underlying email platform proxy servers play an important part in network security by filtering incoming and outgoing traffic and staying alert to network attacks these devices add a layer of protection from unsecured public network that we call the internet you've learned a lot about some complex topics I want to congratulate you for coming this far in the program let's recap what we've covered in this section first we discuss common Network protocols like TCP ARP https and DNS and then we covered how virtual private networks or vpns can be used to maintain privacy on a public network finally we explored how firewalls security zones and proxy servers help to secure network infrastructure overall network operations is a vast topic involving various tools protocols and techniques that help networks run smoothly and securely feel free to come back and review these videos at any time you'll use this information in any type of role as a security analyst hey there welcome to this video about securing networks from attacks you've come a long way already in your understanding of networks and network security now you'll learn how to secure networks so that the valuable information they contain doesn't get into the wrong hands we're going to discuss how Network intrusion tactics can present a threat to networks and how a security analyst can protect against Network attacks let's get started let's start by answering the question why do we need a secure Networks as you've learned networks are constantly at risk of attack from malicious actors attackers can infiltrate networks via malware spoofing or packet sniffing network operations can also be disrupted by attacks such as packet flooding as we go along you're going to learn about these and other common Network intrusion attacks in more detail protecting a network from these types of attacks is important if even one of them happens it could be a catastrophic impact on an organization attacks can harm an organization by leaking valuable or confidential information they can also be damaging to an organization's reputation and impact customer retention mitigating attacks may also cost the organization money and time over the last few years there have been a number of examples of damage that cyber attacks can cause one notorious example was an attack against the American Home Improvement chain Home Depot in 2014. a group of hackers compromised an infected Home Depot servers with malware by the time Network administrators shut down the attack that hackers had already taken the credit and debit card information for over 56 million customers now you know why it's so important to secure a network but to keep a network secure you need to know what kinds of attacks to protect it from coming up you'll learn about some common Network attacks welcome back in this video we are going to discuss denial of service attacks a denial of service attack is an attack that targets a network or server and floods it with network traffic the objective of a denial of service attack or a Dos attack is to disrupt the normal business operations by overloading an organization's Network the goal of the attack is to send so much information to a networked device that it crashes or is unable to respond to legitimate users this means that the organization won't be able to conduct their normal business operations which can cost them money and time a network crash can also leave them vulnerable to other security threats and attacks a distributed denial of service attack or DDOS is a kind of Dos attack that uses multiple devices or servers in different locations to flood the target network with unwanted traffic use of numerous devices makes it more likely that the total amount of traffic sent will overwhelm the target server remember dos stands for denial of service so it doesn't matter what part of the network the attacker overloads if they overload anything they win an unfortunate example I've seen is an attacker who crafted a very careful packet that caused a router to spend extra time processing the request the overall traffic volume didn't overload the router the specifics within the packet did now we'll discuss Network level dos attacks the target Network bandwidth to slow traffic let's learn about three common Network level dos attacks the first is called a sin flood attack sin flood attack is a type of Dos attack that simulates the TCP connection and floods a server with send packets so let's break this definition down a bit more by taking a closer look at the handshake process that is used to establish a TCP connection between a device and a server the first step in the handshake is for the device to send a sin or synchronize request to the server then the server responds with a synac packet to acknowledge the receipt of the device's request and leaves a port open for the final step of the handshake once the server receives the Final Act packet from the device a TCP connection is established malicious actors can take advantage of the protocol by flooding a server with sin packet requests for the first part of the handshake but if the number of sin requests is larger than the number of available ports on the server then the server will be overwhelmed and become unable to function let's discuss two other common dos attacks that use another protocol called icmp icmp stands for internet control message protocol icmp is an Internet Protocol used by devices to tell each other about data transmission errors across the network think of icmp like a request for a status update from a device the device will return error messages if there is a network concern you can think of this like the icmp request checking in with the device to make sure that all is well and icmp flood attack is a type of Dos attack performed by an attacker repeatedly sending icmp packets to a network server this forces the server to send an icmp packet this eventually uses up all the bandwidth for incoming and outgoing traffic and causes the server to crash both of the attacks we've discussed so far sin flood and icmp flood take advantage of communication protocols by sending an overwhelming number of requests there are also attacks that can overwhelm a server with one big request one example that we'll discuss is called the Ping of death a ping of death attack is a type of Dos attack that is caused when a hacker pings a system by sending in an oversized icmp packet that is bigger than 64 kilobytes the maximum size for a correctly formed icmp packet pinging a vulnerable Network server with an oversized icmp packet will overload the system and cause it to crash think of this like dropping a rock on a small ant hill each individual ant can carry a certain amount of weight while transporting food to and from the anthill but if a large rock is dropped on the ant hill then many ants will be crushed and the colony is unable to function until it rebuilds its operations elsewhere now that's it for Doss and DDOS attacks coming up we'll continue to discuss common Network attacks in this video we'll discuss packet sniffing with a focus on how threat actors may use this technique to gain unauthorized access to information previously you learned about the information and data packets that travel across the network packets include a header which contains the senders and receiver's IP addresses packets also contain a body which may contain valuable information like names date of birth personal messages financial information credit card numbers packet sniffing is the practice of using software tools to observe data as it moves across a network as a security analyst you may use packet sniffing to analyze and capture packets when investigating ongoing incidents or debugging network issues later in this certificate program you'll gain Hands-On practice with some packet sniffing software however malicious actors may also use packet sipping to look at data that has not been sent to them this is a little bit like opening somebody else's mail it's important for you to learn about how threat actors use packet sniffing with harmful intent so you can be prepared to protect against these malicious Acts malicious actors May insert themselves in the middle of an authorized connection between two devices then they can use packet sniffing to spy on every data packet as it comes across their device the goal is to find valuable information in the data packets that they can then use in their advantage attackers can use software applications or a hardware device to look into Data packets malicious actors can access a network packet with a packet sniffer and make changes to the data they may change the information in the body of the packet like altering a recipient's bank account number packet sniffing can be passive or active passive packet sniffing is a type of attack where data packets are read in transit since all the traffic on a network is visible to any host on the Hub malicious actors can view all the information going in and out of the device they are targeting thinking back to the example of a letter being delivered we can compare a passive packet sniffing attack to a postal delivery person maliciously reading somebody's mail the postal worker or packet sniffer has the right to deliver the mail but not the right to read the information inside active packet sniffing is a type of attack where data packets are manipulated in transit this may include injecting internet protocols to redirect the packets to an unintended port or changing the information the packet contains an active packet sniffing attack would be like a neighbor telling the delivery person I'll deliver that mail for you and then reading the mail or changing the letter before putting it in your mailbox even though your neighbor knows you and even if they deliver it to the correct house they are actively going out of their way to engage in malicious behavior the good news is that malicious packet sniffing can be prevented let's look at a few ways the network security professional can prevent these attacks one way to protect against malicious packet sniffing is to use a VPN to encrypt and protect data as it travels across the network if you don't remember how vpns work you can revisit the video about this topic in the previous section of the program when you use a VPN hackers might interfere with your traffic but they won't be able to decode it to read it and read your private information another way to add a layer of protection against packet sniffing is to make sure the websites you have use https at the beginning of the domain address previously we discussed how https uses SSL TLS to encrypt data and prevent eavesdropping when malicious actors spy on network Transmissions one final way to help protect yourself against malicious packet sniffing is to avoid using unprotected Wi-Fi you usually find unprotected Wi-Fi in public places like coffee shops restaurants or airports these networks don't use encryption this means that anyone on the network can access all of the data traveling to and from your device one precaution you can take is avoiding free public Wi-Fi unless you have a VPN service already installed on your device okay now you know how threat actors may use packet sniffing and how to protect a network from these attacks let's move on to discuss other network intrusions next let's learn about another kind of network attack called IP spoofing IP spoofing is a network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network in this kind of attack the hacker is pretending to be someone they are not so they can communicate over the network with the target computer and get past firewall rules that may prevent outside traffic some common IP smoothing attacks are on path attacks replay attacks and Smurf attacks let's discuss these one at a time and on path attack is an attack where the malicious actor places themselves in the middle of an authorized connection and intercepts or Alters the data in transit on-pass attackers gain access to the network and put themselves between two devices like a web browser and a web server then they sniff the packet information to learn the IP and Mac addresses of the two devices that are communicating with each other after they have this information they can pretend to be either of these devices another type of attack is a replay attack a replay attack is a network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time a delayed packet can cause connection issues between Target computers or a malicious actor may take a network transmission that was sent by an authorized user and repeated at a later time to impersonate the authorized user a Smurf attack is a combination of a DDOS attack and an IP spoofing attack the attacker sniffs and authorized user's IP address and floods it with packets this overwhelms the target computer and can bring down a server or the entire network now that you've learned about different kinds of Ip spoofing let's talk about how you can protect a network from this kind of attack as you previously learned encryption should always be implemented so that the data in your network transfers can't be read by malicious actors firewalls can be configured to protect against IP spoofing IP spoofing makes it seem like the malicious actor is an authorized user by changing the sender's address of the data packet to match the target Network's address so if a firewall receives a data packet from the internet where the sender's IP address is the same as the private Network then the firewall will deny the transmission since all the devices with that IP address should already be on the local network you can make sure that your firewall is configured correctly by creating a rule to reject all incoming traffic that has the same IP address as the local network that's it for IP spoofing you've learned how IP spoofing is used in some common attacks like on path attacks replay attacks and Smurf attacks nice job finishing this section let's review what you've learned so far we discussed how to secure networks we also learned about Network intrusion tactics like malicious packet sniffing and IP spoofing finally we discussed how a security analyst can protect against these kind of attacks you've learned about dos and DDOS attacks like icmp flooding cinetax and the Ping of death which try to overwhelm a network by flooding it with unwanted data packets well just think about everything you know already about Network attacks what you've learned in these videos will be essential in your work as a security analyst coming up you'll learn about how security analysts can protect a network using various security hardening techniques I want to take a moment to congratulate you on your progress so far first you learned about network operations then you learned about the tools and protocols that help network systems function next you learned how vulnerabilities and networks expose them to various security intrusions now we'll discuss security hardening then we'll learn about OS hardening explore Network hardening practices and discuss Cloud hardening practices security hardening can be implemented in devices networks applications and Cloud infrastructure security analysts May perform tasks such as patch updates and backups as part of security hardening we'll discuss these tasks as you progress through the course as a security analyst hardening will play a major role in your day-to-day tasks which is why it's important for you to understand how it works I'm excited to accompany you in this journey meet you in the next video security analysts and the organizations they work with have to be proactive about protecting systems from Attack this is where security hardening comes in security hardening is the process of strengthening a system to reduce its vulnerability and attack surface all the potential vulnerabilities that a threat actor could exploit are referred to as a systems attack surface let's use an example that compares a network to a house the attack surface would be all the doors and windows that a robber could use to gain access to that house just like putting locks on all the doors and windows in a house security hardening involves minimizing the attack surface or potential vulnerabilities and keeping a network as secure as possible as part of security hardening security analysts perform regular maintenance procedures to keep a network device and systems functioning securely and optimally security hardening can be conducted on any device or system that can be compromised such as Hardware operating systems applications computer networks and databases physical security is also a part of security hardening this may include securing a physical space with security cameras and security guards some common types of hardening procedures include software updates also called patches and device or application configuration changes these updates and changes are done to increase security and fix security vulnerabilities on a network an example of a security configuration change would be requiring longer passwords or more frequent password changes this makes it harder for a malicious actor to gain login credentials an example of configuration check is updating the encryption standards for data that is stored in a database keeping encryption up to date makes it harder for malicious actors to access the database other examples of security hardening include removing or disabling unused applications and services disabling unused ports and reducing access permissions across devices and network minimizing the number of applications devices ports and access permissions makes Network and device monitoring more efficient and reduces the overall attack surface which is one of the best ways to secure an organization another important strategy for security hardening is to conduct regular penetration testing penetration test also called a pen test is a simulated attack that helps identify vulnerabilities in a system Network website application and process penetration testers document their findings in a report depending on where the test fails security teams can determine the type of security vulnerabilities that require fixing organizations can then review these vulnerabilities and come up with a plan to fix them coming up you'll learn more about how security hardening is an essential aspect of securing networks it's a foundational part of network security that strengthens a network in order to reduce the number of successful attacks hi there in this video we'll discuss operating system or Os hardening and why it's essential to keep the entire network secure the operating system is the interface between computer hardware and the user the OS is the first program loaded when a computer turns on the OS acts as an intermediary between software applications and the computer hardware it's important to secure the OS in each system because of one secure OS can lead to the whole network being compromised there are many types of operating systems and they all share similar security hardening practices let's talk about some of those security hardening practices that are recommended secure an OS some OS hardening tasks are performed at regular intervals like updates backups and keeping an up-to-date list of devices and authorized users other tasks are performed only once as part of preliminary safety measures one example would be configuring a device setting to fit a secure encryption standard let's begin with OS hardening tasks that are performed at a regular interval such as patch installation also known as patch updates a patch update is a software and operating system or OS update that addresses security vulnerabilities within a program or product now we'll discuss patch updates provided to the company by the OS software vendor with patch updates the OS should be upgraded to its latest software version sometimes patches are released to fix a security vulnerability in the software as soon as OS vendors publish a patch and the vulnerability fix malicious actors know exactly where the vulnerability is in the system running the out-of-date OS this is why it's important for organizations to run patch updates as soon as they are released for example my team had to perform an emergency patch to address a recent vulnerability found in a commonly used programming Library the library is used almost everywhere so we had to quickly patch most of our servers and applications to fix the vulnerability the newly updated OS should be added to the Baseline configuration also called the Baseline image a baseline configuration is a documented set of specifications within a system that is used as a basis for future builds releases and updates for example a baseline may contain a firewall rule with a list of allowed and disallowed Network ports if a security team suspects unusual activity affecting the OS they can compare the current configuration to the Baseline and make sure that nothing has been changed another hardening task performed regularly is hardware and software disposal this ensures that all old Hardware is properly wiped and disposed of it's also a good idea to delete any unused software applications since some popular programming languages have known vulnerabilities removing unused software makes sure that there aren't any unnecessary vulnerabilities connected with the programs that the software uses the final OS hardening technique that we'll discuss is implementing a strong password policy strong password policies require that passwords follow specific rules for example an organization May set a password policy that requires a minimum of eight characters a capital letter a number and a symbol to discourage malicious actors a password policy usually states that a user will lose access to the network after entering the wrong password a certain number of times in a row some systems also require multi-factor authentication or MFA MFA is a security measure which requires a user to verify their identity in two or more ways to access a system or Network ways of identifying yourself include something you know like a password something you have like an ID card or something unique about you like your fingerprint to review OS hardening is a set of procedures that maintains OS security and improves it security measures like access Privileges and password policies frequently undergo regular Security checks as part of os hardening coming up we'll discuss Network hardening practices earlier you learned that OS hardening focuses on device safety and uses patch updates secure configuration and account access policies now we'll focus on network hardening Network hardening focuses on network related security hardening like Port filtering network access Privileges and encryption over Networks certain Network hardening tasks are performed regularly While others are performed once and then updated as needed some tasks that are regularly performed are firewall rule maintenance Network log analysis patch updates and server backups earlier you learned that a log is a record of events that occurs within an organization's systems Network log analysis is the process of examining Network logs to identify events of Interest security teams use a log analyzer tool or a security information and event management tool also known as a Sim to conduct Network log analysis a Sim tool is an application that collects and analyzes log data to monitor critical activities in an organization it gathers security data from a network and presents that data on a single dashboard the dashboard interface is sometimes called a single pane of glass a Sim helps analysts to inspect analyze and react to security events across the network based on their priority reports from the Sim provide a list of new or ongoing Network vulnerabilities and list them on a scale of priority from high to low or high priority vulnerabilities have a much shorter deadline for mitigation now that we've covered tasks that are performed regularly let's examine tasks that are performed once these tasks include Port filtering on firewalls network access Privileges and encryption for communication among many things let's start with Port filtering Port filtering can be formed over the network Port filtering is a firewall function that blocks or allows certain port numbers to limit unwanted communication a basic principle is the only ports that are needed are the ones that are allowed any port that isn't being used by the normal network operations should be disallowed this protects against Port vulnerabilities networks should be set up with the most up-to-date Wireless protocols available and older Wireless protocols should be disabled security analysts also use Network segmentation to create isolated subnets for different departments in an organization for example they might make one for the marketing department and one for the finance department this is done so that issues in each subnet don't spread across the whole company and only specified users are given access to the part of the network that they are required for their role Network segmentation may also be used to separate different security zones any restricted Zone on a network containing highly classified or confidential data should be separate from the rest of the network lastly all network communication should be encrypted using the latest encryption standards encryption standards are rules or methods used to conceal outgoing data and uncover or decrypt incoming data data in restricted zones should have a much higher encryption standards which makes them more difficult to access you've learned about the most common hardening practices this knowledge will be useful as you complete the certificate program and it's essential to your career as a security analyst in recent years many organizations are using Network Services in the cloud so in addition to securing on-premise networks a security analyst will need to secure Cloud networks in a previous video you learned that a cloud network is a collection of servers or computers that stores resources and data in a remote data center that can be accessed via the Internet they can host company data and applications using cloud computing to provide on-demand storage processing power and data analytics just like regular web servers Cloud servers also require proper maintenance done through various security hardening procedures although Cloud servers are hosted by a cloud service provider these providers cannot prevent intrusions in the cloud especially intrusions from malicious actors both internal and external to an organization one distinction between Cloud Network hardening and traditional Network hardening is the use of a server Baseline image for all server instances stored in the cloud this allows you to compare data in the cloud servers to the Baseline image to make sure there haven't been any unverified changes an unverified change could come from an intrusion in the cloud Network similar to OS hardening data and applications on a cloud Network are cats separate depending on their service category for example older applications should be kept separate from newer applications and software that deals with internal functions should be kept separate from front-end applications seen by users even though the cloud service provider has a shared responsibility with the organization using their services there are still security measures that need to be taken by the organization to make sure their Cloud network is safe just like traditional networks operations in the cloud need to be secured you're doing great meet you in the next video great work on learning about security hardening let's take a few minutes to wrap up what you've learned you learned about security hardening and its importance to an organization's infrastructure first we discussed how security hardening strengthens systems and networks to reduce the likelihood of an attack next we covered the importance of os hardening including patch updates Baseline configurations and hardware and software disposal then we explored Network hardening practices such as Network log analysis and firewall rule maintenance finally we examine Cloud Network hardening and the responsibilities of both organizations and cloud service providers in maintaining security as a security analyst you'll be working with operating systems on-premise networks and Cloud networks you'll be using all the knowledge that we learn in this section in your career as a security analyst wow we have covered a lot in this course let's review everything we've discussed you learned about networks Network architecture and the best practices used by Security Professionals to secure a network against security breaches as we bring this course to a close let's review what you've learned about security networks so far first we explored the structure of a network a security analyst must understand how a network is designed to be able to identify parts of a network that present vulnerabilities and need to be secured next we learned about network operations and how they affect the communication of Data Network protocols determine how the data is transmitted over the network as communication takes place over the network malicious actors may use tactics such as denial of service attacks packet sniffing and IP spoofing security analysts employ tools and measures such as firewall rules to protect against these attacks we also discussed security hardening security hardening is used to reduce the attack area of a network this means the attack does not disable an entire network security hardening can be done at the hardware level the software level or the network level securing networks is an essential part of a security analyst duties knowledge of a network and its operations and security practices will ensure that you are successful in your career as a security analyst and that brings us to the topic of our next course which will cover Computing basics for security analysts in that course you'll learn how to use the Linux command line to authenticate and authorize users on a network and to use SQL otherwise known as SQL to communicate with databases great we're getting here all the concepts you've learned in this section will be essential for success in your role as a security analyst now you can move on to the next course enjoy