HxHippy

Network Security Fundamentals

Core network security principles, defense in depth, and security architecture.

Last updated: 2025-01-15

Network Security Fundamentals

Core principles for securing network infrastructure.

CIA Triad

        Confidentiality
             /\
            /  \
           /    \
          /      \
         /________\
    Integrity    Availability

Confidentiality

  • Encryption (TLS, IPsec)
  • Access controls
  • Data classification

Integrity

  • Hashing (SHA-256)
  • Digital signatures
  • File integrity monitoring

Availability

  • Redundancy
  • Load balancing
  • DDoS protection

Defense in Depth

Layer 1: Physical Security
    |
Layer 2: Network Perimeter (Firewall)
    |
Layer 3: Network Segmentation (VLANs)
    |
Layer 4: Host Security (OS Hardening)
    |
Layer 5: Application Security
    |
Layer 6: Data Security (Encryption)
    |
Layer 7: User Security (Training, Auth)

Zero Trust Model

Principles:

  1. Never trust, always verify
  2. Assume breach
  3. Least privilege access
  4. Micro-segmentation
Traditional:               Zero Trust:

  [Trusted]               [Verify]──[Verify]
  Internal ─── Firewall   Every    │  Every
  Network      ──── Internet  Request │  Access
                                    │
  Trust the network         Verify identity,
  perimeter                 device, and context

Network Security Controls

Preventive Controls

  • Firewalls
  • Access control lists
  • Encryption
  • Network segmentation

Detective Controls

  • Intrusion Detection Systems
  • Log monitoring
  • SIEM
  • Network monitoring

Corrective Controls

  • Incident response
  • Backup and recovery
  • Patch management
  • Configuration management

Common Attack Vectors

Layer 2 Attacks

  • ARP spoofing
  • MAC flooding
  • VLAN hopping

Layer 3-4 Attacks

  • IP spoofing
  • TCP SYN flood
  • ICMP attacks

Layer 7 Attacks

  • SQL injection
  • XSS
  • DNS attacks

Security Best Practices

Network Design

Internet
    |
[Firewall]
    |
    ├── DMZ (Web servers, Mail)
    |
[Internal Firewall]
    |
    ├── User VLAN
    ├── Server VLAN
    └── Management VLAN

Access Control

# Example: Allow only necessary traffic
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Encryption

  • TLS 1.3 for web traffic
  • IPsec or WireGuard for VPNs
  • SSH for remote access
  • Encrypt data at rest

Security Monitoring

Log Sources

  • Firewall logs
  • Authentication logs
  • DNS logs
  • Application logs

Key Metrics

  • Failed login attempts
  • Unusual traffic patterns
  • Port scans
  • Outbound connections

Compliance Frameworks

Framework Focus
PCI DSS Payment card data
HIPAA Healthcare data
SOC 2 Service organizations
ISO 27001 Information security
NIST Cybersecurity framework

Security Checklist

[ ] Firewall configured with default deny
[ ] Network segmentation implemented
[ ] Encryption for data in transit
[ ] Regular vulnerability scanning
[ ] Intrusion detection/prevention
[ ] Log collection and monitoring
[ ] Incident response plan
[ ] Regular security assessments
[ ] Employee security training
[ ] Patch management process

Best Practices

  1. Least privilege - Minimal access required
  2. Defense in depth - Multiple layers
  3. Regular updates - Patch everything
  4. Monitor continuously - Detect threats
  5. Test regularly - Validate controls
beginner Security Updated 2025-01-15
  • network security
  • defense in depth
  • security principles
  • cia triad
  • zero trust