Network Security Fundamentals
Core principles for securing network infrastructure.
CIA Triad
Confidentiality
/\
/ \
/ \
/ \
/________\
Integrity AvailabilityConfidentiality
- Encryption (TLS, IPsec)
- Access controls
- Data classification
Integrity
- Hashing (SHA-256)
- Digital signatures
- File integrity monitoring
Availability
- Redundancy
- Load balancing
- DDoS protection
Defense in Depth
Layer 1: Physical Security
|
Layer 2: Network Perimeter (Firewall)
|
Layer 3: Network Segmentation (VLANs)
|
Layer 4: Host Security (OS Hardening)
|
Layer 5: Application Security
|
Layer 6: Data Security (Encryption)
|
Layer 7: User Security (Training, Auth)Zero Trust Model
Principles:
- Never trust, always verify
- Assume breach
- Least privilege access
- Micro-segmentation
Traditional: Zero Trust:
[Trusted] [Verify]──[Verify]
Internal ─── Firewall Every │ Every
Network ──── Internet Request │ Access
│
Trust the network Verify identity,
perimeter device, and contextNetwork Security Controls
Preventive Controls
- Firewalls
- Access control lists
- Encryption
- Network segmentation
Detective Controls
- Intrusion Detection Systems
- Log monitoring
- SIEM
- Network monitoring
Corrective Controls
- Incident response
- Backup and recovery
- Patch management
- Configuration management
Common Attack Vectors
Layer 2 Attacks
- ARP spoofing
- MAC flooding
- VLAN hopping
Layer 3-4 Attacks
- IP spoofing
- TCP SYN flood
- ICMP attacks
Layer 7 Attacks
- SQL injection
- XSS
- DNS attacks
Security Best Practices
Network Design
Internet
|
[Firewall]
|
├── DMZ (Web servers, Mail)
|
[Internal Firewall]
|
├── User VLAN
├── Server VLAN
└── Management VLANAccess Control
# Example: Allow only necessary traffic
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPTEncryption
- TLS 1.3 for web traffic
- IPsec or WireGuard for VPNs
- SSH for remote access
- Encrypt data at rest
Security Monitoring
Log Sources
- Firewall logs
- Authentication logs
- DNS logs
- Application logs
Key Metrics
- Failed login attempts
- Unusual traffic patterns
- Port scans
- Outbound connections
Compliance Frameworks
| Framework | Focus |
|---|---|
| PCI DSS | Payment card data |
| HIPAA | Healthcare data |
| SOC 2 | Service organizations |
| ISO 27001 | Information security |
| NIST | Cybersecurity framework |
Security Checklist
[ ] Firewall configured with default deny
[ ] Network segmentation implemented
[ ] Encryption for data in transit
[ ] Regular vulnerability scanning
[ ] Intrusion detection/prevention
[ ] Log collection and monitoring
[ ] Incident response plan
[ ] Regular security assessments
[ ] Employee security training
[ ] Patch management processBest Practices
- Least privilege - Minimal access required
- Defense in depth - Multiple layers
- Regular updates - Patch everything
- Monitor continuously - Detect threats
- Test regularly - Validate controls
- network security
- defense in depth
- security principles
- cia triad
- zero trust