1.

Network Security Basics

Fundamentals of Network Security
• Network Security refers to the policies,
procedures, and practices designed to protect
network infrastructure, data, and devices
from unauthorized access, misuse, or harm.
• Confidentiality, Integrity, and Availability
(CIA Triad) are the three core principles of
network security:
o Confidentiality: Ensuring that sensitive
data is only accessible to authorized
users.
o Integrity: Protecting data from
unauthorized alterations to ensure
accuracy and reliability.
 o Availability: Ensuring that network
resources and services are available to
users when needed.
Types of Network Attacks
1. DoS/DDoS (Denial of Service/Distributed
Denial of Service):
o DoS: An attack that overwhelms a
network or service with traffic, making it
unavailable to users.
o DDoS: A more advanced form of DoS
where the attack is carried out by
multiple compromised systems, often
part of a botnet, to increase the scale of
the attack.
2. Man-in-the-Middle (MitM):
o An attack where a malicious actor
intercepts and possibly alters the
communication between two parties
without their knowledge.
 o Commonly used to steal sensitive data,
such as login credentials or financial
information.
3. Packet Sniffing:
o A technique used to capture and analyze
data packets traveling over a network.
o Can be used legitimately for network
troubleshooting or maliciously to capture
sensitive information, such as passwords.
2.Network Security Protocols
Secure Communication Protocols
1. SSL/TLS (Secure Sockets Layer/Transport
Layer Security):
o Protocols used to establish a secure and
encrypted connection between a client
and a server.
o TLS is the successor to SSL and is more
secure, widely used in HTTPS to protect
data transmitted over the web.
2. IPSec (Internet Protocol Security):
o A suite of protocols designed to secure
Internet Protocol (IP) communications by
authenticating and encrypting each IP
packet in a communication session.
o Commonly used in VPNs (Virtual Private
Networks) to ensure secure
communication over the Internet.
Wireless Security Protocols
1. WEP (Wired Equivalent Privacy):
o An outdated and insecure protocol used
to secure wireless networks.
o Vulnerable to attacks due to weak
encryption algorithms.
2. WPA (Wi-Fi Protected Access):
o An improvement over WEP, providing
better encryption and security.
o Introduced TKIP (Temporal Key Integrity
Protocol) to enhance data encryption.
 3. WPA2 (Wi-Fi Protected Access 2):
o The most widely used wireless security
protocol today.
o Uses AES (Advanced Encryption Standard)
for stronger security and CCMP (Counter
Mode with Cipher Block Chaining
Message Authentication Code Protocol)
for data integrity.
3.Firewalls and Intrusion Detection Systems (IDS)
Types of Firewalls
1. Packet Filtering Firewalls:
o Inspects incoming and outgoing packets
based on predetermined rules (e.g., IP
addresses, ports).
o Operates at the network layer and is the
most basic type of firewall.
2. Stateful Inspection Firewalls:
o Tracks the state of active connections and
makes decisions based on the context of
 the traffic, rather than just filtering
packets.
o Offers more security than packet filtering
firewalls by monitoring the entire session.
3. Proxy Firewalls:
o Acts as an intermediary between users
and the internet, masking the internal
network's IP addresses.
o Can inspect the content of traffic at the
application layer, providing more granular
security.
IDS and IPS (Intrusion Prevention Systems)
1. Intrusion Detection Systems (IDS):
o Monitors network traffic for suspicious
activity and potential threats.
o Types of IDS:
▪ Network-based IDS (NIDS): Monitors
traffic on an entire network.
 ▪ Host-based IDS (HIDS): Monitors
traffic on individual devices or hosts.
o IDS are passive systems that alert
administrators of potential threats.
2. Intrusion Prevention Systems (IPS):
o Similar to IDS but with the ability to
actively block or prevent detected
threats.
o Can drop malicious packets, terminate
connections, or reconfigure firewall rules
in response to an attack.
Network Monitoring and Logging
• Network Monitoring:
o Continuous observation of network traffic
and performance to detect and respond
to anomalies.
o Tools like Wireshark, SolarWinds, and
Nagios are used for network monitoring.
• Logging:
o The process of recording events and
activities on a network to create an audit
trail.
o Logs are crucial for diagnosing issues,
investigating security incidents, and
ensuring compliance with regulations.