(looking for unusual or unexpected activity), and behavioral-based detection (analyzing how

devices and systems are being used).

Overall, IDPS systems are an important part of an organization's network security strategy, as
they can help to protect against a wide range of cyber threats and attacks.

NAC
Network Access Control (NAC) is a security system that is designed to regulate the access of
devices to a network based on predetermined security policies. It is used to ensure that only
authorized devices are allowed to connect to the network and that they comply with the
organization's security policies.

Imagine NAC as a bouncer at the entrance of a network. It checks the credentials of each
device that tries to connect to the network and only allows those that meet the required
security standards to pass through.

NAC systems typically use a combination of hardware and software to enforce access controls
and security policies. This may include measures such as user authentication, device
identification and authentication, and compliance checks (to ensure that devices meet the
organization's security policies).

NAC systems can operate at different layers of the network stack and can be configured to
enforce different levels of access controls depending on the type of device, the user, and the
location.

Overall, NAC systems are an important part of an organization's network security strategy, as
they can help to ensure that only authorized devices are allowed to connect to the network
and that they comply with the organization's security policies. This helps to protect against
unauthorized access, malware, and other cyber threats.

Network Segmentation
Network segmentation is the practice of dividing a network into smaller, isolated segments,
in order to improve security and reduce the risk of attacks or breaches. Network segmentation

60
can be used to isolate different types of devices or network traffic, or to enforce different
security policies for different parts of the network.

There are several benefits to network segmentation:

• Improved security: By dividing the network into smaller segments, it is easier to apply
security measures and controls to specific parts of the network. This can help to
prevent attacks or breaches from spreading across the network.
• Enhanced visibility: Segmenting the network can make it easier to monitor and detect
unusual or suspicious activity, as it is easier to focus on specific parts of the network
rather than the entire network.
• Simplified management: Segmenting the network can make it easier to manage and
maintain different parts of the network, as different segments can be managed and
configured separately.
• Improved performance: Segmenting the network can help to improve the
performance of the network, as it can reduce congestion and allow different types of
traffic to be handled separately.

Overall, network segmentation is a useful technique for improving the security and
performance of a network and is an important part of any organization's network security
strategy.

Micro Segmentation
Micro segmentation is a security technique that involves dividing a network into very small,
isolated segments or "micro-segments," in order to improve security and reduce the risk of
attacks or breaches. Micro segmentation can be used to isolate specific devices, applications,
or services, or to enforce different security policies for different parts of the network.

Micro segmentation is similar to traditional network segmentation but takes the concept to a
much finer level of granularity. While traditional network segmentation typically involves
dividing the network into larger segments or "zones," micro segmentation involves dividing
the network into much smaller segments or "micro-zones."

Micro segmentation provides improved security: By dividing the network into very small
segments, it is easier to apply security measures and controls to specific devices, applications,
or services. This can help to prevent attacks or breaches from spreading across the network.

61
Secure Remote Access
Secure remote access is the ability to connect to an organization's network and resources from
a remote location in a secure manner. It allows employees, contractors, and other
stakeholders to access the organization's systems and data remotely, while ensuring that the
connection is secure, and that the data is protected from unauthorized access or tampering.

There are several ways that organizations can provide secure remote access, including:

• Virtual private networks (VPNs): VPNs allow users to securely connect to a network
from a remote location by creating an encrypted tunnel between their device and the
VPN server.
• Web-based applications: Many organizations provide secure remote access to web-
based applications and services, such as email, document sharing, and collaboration
tools.
• Two-factor authentication: Two-factor authentication (2FA) involves requiring users
to provide an additional form of authentication in addition to their username and
password, such as a security token or a one-time code sent to their phone.

Overall, secure remote access is an important aspect of an organization's security strategy, as

it enables employees and other stakeholders to work remotely while maintaining the security
and integrity of the organization's data and systems.

MPLS
MPLS (Multiprotocol Label Switching) is a type of network technology that is used to route
data packets through a network. It works by assigning each data packet a special label, which
is used to identify the packet and determine how it should be routed through the network.

MPLS is used to improve the performance and efficiency of networks by allowing data packets
to be forwarded based on the label rather than the destination address. This allows the
network to route packets more efficiently and reduce the amount of traffic on the network.

MPLS is often used in large enterprise networks and service provider networks, where it can
help to improve the speed and reliability of data transmission. It is also used in virtual private
networks (VPNs) to create secure, encrypted connections between remote devices.

62
In summary, MPLS is a network technology that is used to improve the efficiency and
performance of data transmission by routing data packets based on labels rather than
addresses. It is widely used in large enterprise and service provider networks, as well as in
VPNs to create secure connections between devices.

VPN
A virtual private network (VPN) is a private network that is created over a public network (such
as the internet). It allows users to securely connect to a network from a remote location, as if
they were directly connected to the network.

Imagine a VPN as a tunnel that is created between a user's device and a VPN server. The tunnel
is encrypted, which means that any data transmitted through it is converted into a coded form
that can only be read by someone with the correct decryption key. This helps to protect the
data from being intercepted or accessed by unauthorized parties.

VPNs are often used by organizations to allow employees to securely access the organization's
network and resources from a remote location, such as when working from home or while
traveling. They can also be used by individuals to protect their online activity and privacy when
using public Wi-Fi networks or accessing the internet from a location where internet access is
restricted or censored.

Overall, VPNs are a useful tool for securely connecting to a network from a remote location
and protecting the privacy of online activity.

Site to Site VPN

A site-to-site VPN (virtual private network) is a type of VPN that allows two or more separate
networks to be connected over the internet. It is often used to create a secure connection
between two networks that are physically separated, such as a corporate network and a
remote branch office, or between a company's network and a partner's network.

Site-to-site VPNs use encryption to secure the data transmitted between the networks and to
protect against unauthorized access. They typically use either Internet Protocol Security
(IPSec) or SSL/TLS (Secure Sockets Layer/Transport Layer Security) to encrypt the data.

63
Site-to-site VPNs can be used to connect networks over long distances, allowing users on one
network to access resources on the other network as if they were local. This can be useful for
allowing remote employees to access corporate resources, sharing data between networks,
or connecting networks in different locations to create a larger, virtual network.

Site-to-site VPNs are often used in situations where it is not practical or cost-effective to
establish a dedicated physical connection between the networks, such as when the networks
are in different countries or when the data needs to be transmitted over a public network,
such as the internet.

IPSEC
IPSec (Internet Protocol Security) is a set of protocols used to secure data transmitted over
the internet or other networks. It is commonly used to establish a secure, encrypted
connection between two devices, such as a client's computer and a server.

IPSec works by adding a layer of security to the data transmitted over a network. It uses a
combination of encryption, authentication, and other security measures to protect the data
against unauthorized access and tampering.

IPSec can be used in two different modes: transport mode and tunnel mode. In transport
mode, IPSec encrypts and authenticates only the data payload of each packet, leaving the
header information unencrypted. In tunnel mode, IPSec encrypts and authenticates the entire
packet, including the header information. Tunnel mode is typically used to create a secure,
encrypted connection between two networks, such as a corporate network and a remote
branch office.

IPSec is widely used to secure data transmitted over the internet and is an important tool in
the field of computer security. It is often used in conjunction with other security protocols,
such as SSL/TLS (Secure Sockets Layer/Transport Layer Security), to provide a strong, multi-
layered defense against cyber-attacks.

64
MFA
MFA stands for "Multi-Factor Authentication." It is a security process that requires more than
one method of authentication from independent categories of authentication methods to
verify the user's identity for a login or other transaction.

In simpler terms, MFA is a way to make sure that a person trying to access a particular account
or system is who they claim to be. Instead of just relying on a password, MFA requires the use
of multiple forms of authentication, such as a code sent to a phone, a fingerprint scan, or a
security token. This makes it much harder for someone to gain unauthorized access to an
account or system, as they would need to not only know the password, but also have access
to one of the other forms of authentication.

MFA is becoming increasingly common as a security measure, as it provides an additional layer

of protection beyond just a password. It is especially important for sensitive accounts or
systems, such as financial accounts or corporate networks.

Zero-Trust Access
Zero trust access is a security concept that involves implementing strict access controls and
continuously verifying the identity of users and devices attempting to access a network or
system.

In a traditional network security model, access is granted based on the location of the user or
device. For example, a user on the corporate network might be granted access to certain
resources, while a user on the internet would be denied access.

In contrast, the zero-trust model assumes that all users and devices, regardless of their
location, are untrusted until they can be verified. This means that even users or devices within
the corporate network must be authenticated and authorized before they are granted access
to resources.

The goal of zero trust access is to minimize the risk of a data breach or unauthorized access
by continuously verifying the identity of users and devices and only granting access to
resources when it is absolutely necessary. This can involve implementing a range of security
measures, such as multi-factor authentication, device verification, and access controls based
on user roles and permissions.

65
SDN
SDN stands for "Software-Defined Networking." It is a technology that allows network
administrators to use software to control and manage network devices, such as switches and
routers, rather than relying on proprietary hardware and protocols.

In an SDN system, a central controller is used to manage the flow of traffic across the network.
The controller uses software to define the rules for how traffic should be handled and to
communicate those rules to the network devices. This allows network administrators to easily
make changes to the network configuration and optimize traffic flow, without the need to
physically access the hardware.

Some of the benefits of SDN include:

• Improved agility: By using software to control the network, administrators can more
easily make changes to the network configuration, allowing them to respond more
quickly to changing business needs.
• Enhanced visibility: The central controller in an SDN system provides a single point of
visibility into the entire network, making it easier for administrators to monitor and
troubleshoot network issues.
• Reduced costs: SDN can help organizations save money by reducing the need for
specialized hardware and by simplifying the process of managing and maintaining the
network.

Overall, SDN is a useful tool for organizations looking to improve the performance and
flexibility of their networks, while also reducing costs and improving visibility.

SD-WAN
SD-WAN (Software-Defined Wide Area Network) is a technology that allows businesses to use
software to manage and optimize the network connections between their various locations,
such as offices, branches, and data centers.

Traditionally, wide area networks (WANs) were built using dedicated hardware and
specialized protocols, which made them complex and expensive to manage. SD-WAN

66
simplifies the process by using software to define and manage the network connections,
allowing businesses to control and optimize their WANs more easily.

Some of the benefits of SD-WAN include:

• Improved network performance: By using software to optimize network traffic, SD-

WAN can improve the performance of business-critical applications, such as voice and
video.
• Reduced costs: SD-WAN can reduce the need for expensive dedicated hardware and
can also help businesses save money on their WAN infrastructure by using lower-cost
internet connections.
• Enhanced security: SD-WAN can include security features, such as encryption and
firewall capabilities, to help protect against network attacks.
• Improved flexibility: SD-WAN allows businesses to easily add or remove locations
from their network, making it easier to scale their network as their needs change.

Overall, SD-WAN is a useful tool for businesses looking to improve the performance and
security of their WANs, while also reducing costs and increasing flexibility.

SDP
SDP stands for "Software-Defined Perimeter." It is a security architecture that uses software-
defined networking (SDN) principles to create a secure network connection between two or
more devices.

In an SDP system, a secure connection is established between devices using a series of

software-defined "gateways." These gateways are used to verify the identity of the devices
and ensure that they are authorized to communicate with each other. Once the devices are
authenticated, the gateways create a secure, encrypted connection between them, allowing
them to communicate without the risk of being intercepted by unauthorized parties.

SDP is often used to secure communications between devices in remote locations, such as
branch offices or telecommuting employees. It can also be used to secure communication
between devices in the same location, such as between servers in a data center.

67
Overall, SDP is a useful tool for organizations looking to improve the security of their network
communications, particularly in situations where traditional perimeter security measures may
not be sufficient.

68
Endpoint Security
Endpoint security is a type of security measure that is designed to protect the devices that are
connected to a network from cyber threats. These devices, which are also known as
"endpoints," can include computers, laptops, smartphones, tablets, and other types of devices
that are used to access the network.

Endpoint security typically involves implementing a variety of security controls on each

endpoint device, such as antivirus software, firewalls, and other types of security software.
These controls are designed to detect and prevent cyber threats from entering the device or
the network, and to protect against data breaches and other types of attacks.

In simpler terms, endpoint security is a way to protect the devices that are used to access a
network from cyber threats. By implementing security controls on these devices,
organizations can help protect against data breaches and other types of attacks and ensure
that their networks and resources remain secure.

Secure Internet Access

Secure internet access refers to the use of security measures to protect a device or network
when accessing the internet. This can involve a variety of measures, such as using secure
protocols (such as HTTPS), implementing firewall protection, and using antivirus software to
protect against malware.

The goal of secure internet access is to protect devices and networks from cyber threats and
vulnerabilities when they are connected to the internet. This is important because the internet
is a potential source of numerous types of threats, such as malware, phishing attacks, and
other types of cyber-attacks. By implementing secure internet access measures, organizations
can help protect their devices and networks from these threats and ensure that their online
activity is safe and secure.

There are a variety of ways that organizations can ensure secure internet access for their
devices and networks. Some common measures include:

• Using a virtual private network (VPN) to encrypt internet traffic and protect it from
interception
• Implementing firewalls to block unwanted traffic and protect against network attacks

69