Network+ 10-009 Objective 4.1: Explain the Importance of Basic Network Security Concepts

Data in Transit Protection:

• Network Encryption: Encrypting data as it travels across networks
• Protocol Security: Using secure protocols like HTTPS, SSH, VPN
• End-to-End Encryption: Protecting data from source to destination
• Key Management: Secure distribution and management of encryption keys
• Perfect Forward Secrecy: Using unique keys for each session
• Certificate Validation: Verifying the authenticity of encryption certificates

Common Transit Encryption Methods:

• TLS/SSL: Transport Layer Security for web and email
• IPSec: Internet Protocol Security for VPNs
• SSH: Secure Shell for remote access
• WPA3: Wi-Fi Protected Access for wireless networks
• SRTP: Secure Real-time Transport Protocol for voice/video
• DNSSEC: DNS Security Extensions for DNS queries

Data at Rest Protection:

• Storage Encryption: Encrypting data stored on devices
• Database Encryption: Protecting database contents
• File System Encryption: Encrypting entire file systems
• Backup Encryption: Protecting backup data
• Key Escrow: Secure key recovery mechanisms
• Hardware Security Modules: Dedicated encryption hardware

Common At-Rest Encryption Methods:

• AES: Advanced Encryption Standard
• BitLocker: Microsoft disk encryption
• FileVault: Apple disk encryption
• LUKS: Linux Unified Key Setup
• Transparent Data Encryption: Database-level encryption
• Self-Encrypting Drives: Hardware-based encryption

PKI Components:

• Certificate Authority (CA): Issues and manages certificates
• Registration Authority (RA): Validates certificate requests
• Certificate Repository: Stores and distributes certificates
• Certificate Revocation List (CRL): Lists revoked certificates
• Online Certificate Status Protocol (OCSP): Real-time certificate validation
• Key Recovery: Mechanisms for key recovery

PKI Benefits:

• Identity Verification: Confirms entity identity
• Data Integrity: Ensures data hasn't been modified
• Non-Repudiation: Prevents denial of actions
• Secure Communications: Enables encrypted communications
• Digital Signatures: Provides authentication and integrity
• Trust Establishment: Creates trust relationships

Self-Signed Certificate Characteristics:

• Self-Issued: Created and signed by the entity itself
• No CA Validation: No third-party verification
• Cost Effective: No cost for certificate issuance
• Quick Deployment: Can be created immediately
• Trust Issues: Browsers may show security warnings
• Limited Use Cases: Suitable for internal or testing environments

Self-Signed Certificate Use Cases:

• Internal Networks: Private network communications
• Development/Testing: Development and testing environments
• Personal Use: Personal websites and services
• Emergency Situations: Quick temporary certificates
• Cost Constraints: When budget is limited
• Custom Applications: Applications with custom certificate validation

Authentication Methods:

• Something You Know: Passwords, PINs, security questions
• Something You Have: Smart cards, tokens, mobile devices
• Something You Are: Biometric authentication
• Somewhere You Are: Location-based authentication
• Something You Do: Behavioral authentication
• Contextual Factors: Time, device, network context

MFA Benefits:

• Enhanced Security: Multiple authentication factors required
• Reduced Risk: Significantly reduces account compromise risk
• Compliance: Meets many regulatory requirements
• User Confidence: Users feel more secure
• Attack Mitigation: Protects against various attack types
• Audit Trail: Better logging and monitoring

MFA Implementation:

• SMS Codes: Text message verification codes
• Authenticator Apps: Time-based one-time passwords
• Hardware Tokens: Physical authentication devices
• Biometric Factors: Fingerprint, facial recognition
• Push Notifications: Mobile app notifications
• Backup Codes: Recovery codes for account access

SSO Benefits:

• User Convenience: One login for multiple systems
• Reduced Password Fatigue: Fewer passwords to remember
• Centralized Management: Single point of access control
• Improved Security: Centralized authentication and monitoring
• Reduced Support: Fewer password reset requests
• Compliance: Easier to meet audit requirements

RADIUS Characteristics:

• Centralized Authentication: Single authentication server
• Network Access Control: Controls network access
• Accounting: Tracks user sessions and usage
• Authorization: Determines what users can access
• UDP Protocol: Uses UDP for communication
• Widely Supported: Supported by most network devices

LDAP Benefits:

• Directory Services: Centralized directory of users and resources
• Hierarchical Structure: Organized directory tree structure
• Standard Protocol: Industry-standard protocol
• Scalability: Handles large numbers of objects
• Integration: Integrates with many applications
• Replication: Supports directory replication

SAML Characteristics:

• XML-Based: Uses XML for assertions
• Federated Identity: Enables identity federation
• Web SSO: Primarily for web-based single sign-on
• Cross-Domain: Works across different domains
• Standardized: OASIS standard
• Cloud Integration: Widely used in cloud environments

TACACS+ Benefits:

• TCP Protocol: Uses reliable TCP transport
• Command Authorization: Granular command-level authorization
• Encryption: Encrypts entire packet contents
• Separate Functions: Separates authentication, authorization, and accounting
• Network Device Focus: Designed for network device management
• Cisco Proprietary: Cisco-developed protocol

Time-Based Authentication Features:

• Time Windows: Access only during specific time periods
• Session Timeouts: Automatic session termination
• Business Hours: Restrict access to business hours
• Geographic Time Zones: Time zone-based restrictions
• Emergency Override: Emergency access procedures
• Audit Logging: Log all time-based access attempts

Authorization Principles:

• Access Control Lists: Define what users can access
• Role-Based Access: Access based on user roles
• Attribute-Based Access: Access based on user attributes
• Policy-Based Access: Access based on defined policies
• Dynamic Authorization: Real-time authorization decisions
• Context-Aware Access: Authorization based on context

Least Privilege Benefits:

• Minimal Access: Users get only necessary permissions
• Risk Reduction: Reduces potential damage from compromised accounts
• Compliance: Meets many security standards
• Audit Simplicity: Easier to audit and monitor
• Change Management: Easier to manage permission changes
• Incident Containment: Limits damage from security incidents

RBAC Components:

• Users: Individuals who need access
• Roles: Collections of permissions
• Permissions: Specific access rights
• Resources: Objects that can be accessed
• Role Assignment: Assigning users to roles
• Permission Inheritance: Roles can inherit from other roles

Geofencing Benefits:

• Location-Based Access: Access control based on geographic location
• Mobile Security: Enhanced security for mobile devices
• Compliance: Meet location-based regulatory requirements
• Risk Management: Restrict access from high-risk locations
• User Experience: Seamless access within allowed areas
• Audit Trail: Track access by location

Security Camera Benefits:

• Surveillance: Continuous monitoring of network areas
• Deterrence: Deters unauthorized access attempts
• Evidence Collection: Provides evidence of security incidents
• Remote Monitoring: Remote access to camera feeds
• Motion Detection: Automated alerts for suspicious activity
• Integration: Integration with other security systems

Physical Lock Types:

• Mechanical Locks: Traditional key-based locks
• Electronic Locks: Keypad or card-based access
• Biometric Locks: Fingerprint or other biometric access
• Smart Locks: Internet-connected locks with remote control
• Access Control Systems: Centralized lock management
• Audit Trails: Logging of lock access events

Honeypot Types:

• Low-Interaction: Simulated services with limited functionality
• High-Interaction: Real systems with extensive logging
• Production: Integrated with production systems
• Research: Used for security research and analysis
• Database Honeypots: Fake databases to detect attacks
• Web Honeypots: Fake websites to detect web attacks

Honeypot Benefits:

• Early Detection: Early warning of security threats
• Attack Analysis: Understanding of attack methods
• Threat Intelligence: Information about attackers
• Distraction: Diverts attackers from real systems
• Research: Security research and development
• Compliance: Meets some regulatory requirements

Honeynet Characteristics:

• Network of Honeypots: Multiple interconnected honeypots
• Realistic Environment: Mimics real network environments
• Comprehensive Monitoring: Extensive logging and monitoring
• Attack Interaction: Allows attackers to interact with systems
• Data Collection: Collects detailed attack information
• Research Focus: Primarily used for security research

Risk:

• Definition: Potential for loss or damage
• Components: Threat, vulnerability, and impact
• Assessment: Process of identifying and evaluating risks
• Management: Process of mitigating or accepting risks
• Quantification: Measuring risk in financial terms
• Acceptance: Decision to accept certain risks

Vulnerability:

• Definition: Weakness that can be exploited
• Types: Software, hardware, configuration, process
• Discovery: Vulnerability scanning and assessment
• Management: Vulnerability management lifecycle
• Scoring: CVSS scores for vulnerability severity
• Remediation: Patching and mitigation strategies

Exploit:

• Definition: Method of taking advantage of vulnerabilities
• Types: Remote, local, client-side, web-based
• Development: Creating exploits for vulnerabilities
• Weaponization: Making exploits ready for use
• Detection: Identifying exploit attempts
• Prevention: Blocking exploit attempts

Threat:

• Definition: Potential source of harm
• Types: Natural, human, environmental
• Actors: Hackers, insiders, nation-states
• Motivation: Financial, political, personal
• Capability: Technical and resource capabilities
• Intelligence: Threat intelligence and analysis

CIA Triad Components:

• Confidentiality: Protecting information from unauthorized access
• Integrity: Ensuring information accuracy and completeness
• Availability: Ensuring information is accessible when needed
• Balance: Balancing all three components
• Trade-offs: Sometimes one component affects others
• Implementation: Implementing controls for each component

Data Locality Considerations:

• Geographic Restrictions: Data must stay within specific regions
• Regulatory Requirements: Legal requirements for data location
• Cloud Services: Cloud provider data center locations
• Data Sovereignty: National laws governing data
• Cross-Border Transfers: Restrictions on international data transfer
• Compliance Monitoring: Ensuring data stays in allowed locations

PCI DSS Requirements:

• Build and Maintain: Secure networks and systems
• Protect Cardholder Data: Protect stored cardholder data
• Vulnerability Management: Maintain vulnerability management programs
• Access Control: Implement strong access control measures
• Network Monitoring: Regularly monitor and test networks
• Information Security Policy: Maintain information security policies

GDPR Key Principles:

• Lawfulness: Processing must be lawful
• Fairness: Processing must be fair and transparent
• Transparency: Clear information about processing
• Purpose Limitation: Processing for specific purposes
• Data Minimization: Collect only necessary data
• Accuracy: Keep data accurate and up-to-date
• Storage Limitation: Keep data only as long as necessary
• Security: Appropriate security measures

IoT/IIoT Security Considerations:

• Device Diversity: Wide variety of device types and capabilities
• Limited Security: Many devices have minimal security features
• Network Isolation: Separate IoT devices from critical systems
• Access Control: Strict access controls for IoT devices
• Monitoring: Continuous monitoring of IoT device behavior
• Updates: Regular security updates and patches

SCADA/ICS/OT Security:

• Critical Infrastructure: Essential for industrial operations
• Legacy Systems: Often use older, less secure technology
• Air Gap: Physical isolation from internet
• Network Segmentation: Strict network isolation
• Access Control: Limited and controlled access
• Monitoring: Specialized monitoring for industrial systems

Guest Network Security:

• Network Isolation: Separate from internal networks
• Internet-Only Access: Limited to internet access only
• Captive Portal: Authentication and terms acceptance
• Time Limits: Session time restrictions
• Bandwidth Limits: Speed and usage restrictions
• Monitoring: Monitor guest network activity

BYOD Security Measures:

• Device Management: Mobile device management (MDM)
• Containerization: Separate work and personal data
• Access Control: Strict access controls for personal devices
• Encryption: Encrypt work data on personal devices
• Remote Wipe: Ability to remotely wipe work data
• Policy Enforcement: Enforce security policies on personal devices