🔒

Lecture Notes on Network Security Basics

Oct 25, 2024

Notes on Network Security Lecture

Introduction to Network Security

  • Importance of securing networks due to increasing frequency and complexity of network-based attacks.
  • Instructor: Chris, Chief Information Security Officer for Google Fiber with 20 years of experience in network security and engineering.
  • Course overview includes:
    • Basic structure of networks (network architecture)
    • Common network tools
    • Network operations
    • Basic network protocols
    • Common network attacks
    • Network intrusion tactics
    • Security hardening practices

Understanding Networks

Definition of a Network

  • A network is a group of connected devices (e.g., laptops, cell phones, smart devices).
  • Communication occurs over network cables or wireless connections.
  • Devices use unique addresses (IP and MAC addresses) to locate each other.

Types of Networks

  • Local Area Network (LAN): Spans a small area (e.g., home, office).
  • Wide Area Network (WAN): Spans large geographical areas (e.g., the Internet).

Common Network Devices

  1. Hubs: Broadcasts information to all devices on the network (less secure).
  2. Switches: Connects specific devices and passes data only to the intended recipient (more secure).
  3. Routers: Connects multiple networks and directs traffic between them.
  4. Modems: Connects the LAN to the internet.

Virtualization Tools

  • Software tools that perform network operations similar to physical devices.
  • Provide cost savings and scalability.

Cloud Networks

  • Cloud computing allows companies to use remote servers hosted on the Internet.
  • Benefits include cost savings and access to more network resources.
  • Importance of understanding cloud network security as organizations migrate to cloud services.

Data Communication and Performance

  • Communication involves data packets, which contain sender/receiver info and message content.
  • Bandwidth: Amount of data received every second.
  • Speed: Rate at which data packets are received/downloaded.
  • Packet Sniffing: Practice of capturing and inspecting data packets for investigation.

TCP/IP Model

  • Framework for network communication with four layers:
    1. Network Access Layer: Data packet creation and transmission.
    2. Internet Layer: IP addresses and network connectivity.
    3. Transport Layer: Traffic flow control and connection status.
    4. Application Layer: Interaction protocols with receiving devices.

IP Addresses

  • Unique identifiers for devices on the Internet.
  • Types: IPv4 (four segments) and IPv6 (32 characters).
  • Public IP: Assigned by ISP; Private IP: Used only within local networks.
  • MAC Address: Unique identifier for physical devices, used by switches for data packet routing.

Overview of Security Practices

Network Protocols

  • TCP: Establishes a connection and organizes data for transmission.
  • HTTPS: Secure communication protocol using SSL/TLS.
  • ARP & DNS: Help in identifying devices and translating domain names to IP addresses.

Firewalls

  • Monitor traffic to/from a network, blocking or allowing based on rules.
  • Types: Hardware, software, and cloud-based firewalls.
  • Stateful vs. Stateless firewalls: Stateful track connections, while stateless use predefined rules.
  • Next-Generation Firewalls (NGFW): Offer advanced security functions.

Virtual Private Networks (VPNs)

  • Encrypt data and change public IP to enhance privacy on the internet.
  • Use encapsulation to secure data packets, making them unreadable to potential eavesdroppers.

Security Zones

  • Segments of a network that protect internal data from external threats.
  • Demilitarized Zone (DMZ): Contains public-facing services, while internal network contains private data.

Proxy Servers

  • Act as intermediaries for requests from clients seeking resources from other servers.
  • Forward proxy: Restricts access to the internet; reverse proxy: protects internal servers.

Network Attacks

Common Types

  1. Denial of Service (DoS): Floods a network to disrupt operations.
  2. Distributed DoS (DDoS): Uses multiple devices to flood a target.
  3. Packet Sniffing: Unauthorized observation of data packets in transit.
  4. IP Spoofing: Impersonates a device to gain unauthorized access.

Security Hardening

Definition

  • Strengthening a system to reduce vulnerabilities and attack surfaces.
  • Comprises tasks like patch updates, backups, and software configuration.

Operating System (OS) Hardening

  • Regular updates, enforcing strong password policies, and configuring secure settings.

Network Hardening Practices

  • Firewall maintenance, log analysis, and port filtering.
  • Network segmentation and encryption for secure communication.

Cloud Network Hardening

  • Shared responsibility between organizations and cloud service providers.
  • Regular maintenance and configuration checks to secure cloud resources.

Conclusion

  • Importance of securing networks in a security analyst's role.
  • Upcoming course will cover computing basics for security analysts.

Full transcript