domain 4 : network security :

module 1 : understand computer networking :

*a network is simply two or more computers linked together to share , information

or resources
*network devices : - hub
-switch : same hub role but more intelligent
-router : control traffic flow
-firewall : filter traffic deployed between a private network
and the internet , filter traffic based on a deined set of rules
-server : a computer that provides information to other
computers or network .
-endpoint : are the ends of a network communication link
(phone , laptob , printer ...)
*device address : -MEDIA ACCESS CONTROL (MAC) : a unique identifier assigned to a
network interface controller
for use as a network adresses in
communications within a network segment.
-INTERNET PROTOCOL (IP) : identifies each computer using the ip
to communicate over a network
*network layer models : - OSI model ( 7 layers)
- TCP\IP model ( 4 layers )
*NAT (network adresse translate )
*wireless networking (wifi)
*nettwork attacks type : -active
-passive
*active attacks:-DOS\DDOS (denial of service attack) :overwhelming witha flood of
internet traffic from multiple source , making the server down
-Fragement (teardrop) attack : system is unable to put data packets
back together
-oversized packet attacks : sending a network packet that is larger
than exepted , causing the receiving system to fail unexpectedly
-spoofing attack : faking the sending address of a transmission to
gain illegal entry into a secure system
-man-in-the middle attack (MAITM): an attack where the attacker
positions himself in between the user and the system so that he can intercept
and alter data traveling between
them
*ports and protocols : -non secure -secure
FTP 21 SFTP 22
TELENET 23 SSH 22
SMTP 25 SMTP WITH tls 587
TIME 37 NTP 123
DNS 53 DNS over TLS 853
HTTP 80 HTTPS 443
*TCP : -connection-oriented
-verify delivery
-slow but reliable
-use three-way handchake
*UDP : -connectionless
-fast
*three-way handchake : method used in a TCP\IP network to create a connection
between a local host and server
step 1 : SYN
step 2 : SYN-ACK
step 3 : ACK
module 2 : understant network(cyber) threats and attacks :

*spoffing attack : faking the sender adress

*DOS \ DDOS : ddos uses boots
*on path attack : can intercept or modify the information AS MITM
*SIDE CHANNEL ATTACK : just observe the operation without having the ability to
modify the informations
*phishing : send fake emails to a lot of users to deceive them
*spear hishing : attack targets a specific individuals
*virus : a user has to click on a link or open a file
*worm : self-replicate and propagate themselves without requiring any human
intervention
*trojan : appering to be harmless
*ADVANCED PRESISTENT THREAT (APT) : high level of technical and operational
sophistication spanning months or even years
*ransomware : use criptoghraphy to "lock" the files on an affected computer and
require payments for the "unlock" code .

threats identification and prevention tools:

*system hardening: reducing surface of vulnerabilty : -disable unused services and
ports
-only install needed
applications
-system updates and patch
management
-system time-out
-password management
*security solutions : -Firewalls (host\network based)
-IDS\IPS (host\network based)
-DLP (host\network based)
*INTRUSION DETECTION SYSTEM (IDS) : device or software application for detect
malicious activity or policy violation (HIDS OR NIDS)
*INTRUSION PREVENTION SYSTEM IPS : detect and block
*Security Information and Event Management (SIEM) : collect , detect , analyze log
data , and responde to security threats befor they harm business operations
*Antivirus\Antimalware : detect and remove virsus and other kinds of malicious
software from your laptop
*scanners : zenmap (windows) is a GUI for Nmap (linux)
*FIREWALL : -traditional firewall (layer 2 to 4 , IDS AND IPS ARE SEPARATED)
-next-generation firewall ( layer 2 to 7 , SSL traffic can be decrypted
,IDS AND IPS ARE integrated)
*firwall as a service by cloud providers

module 3 : understand network security infrastructure :

*data center : provides shared access to applications and data using a complex
network , compute , and storage infrastructure
*on-permise data centers : servers that you own and controle in a physical location
that allows you to have full control of your infrastructure
*cloud data centers : a virtual infrastructure where an organization rents an
infrastructure manged by a cloud providers and access it by internet
*hybrid data centers : combines on-perm and cloud-based infrastructure and allows
data to be shared between them over the network
*data center compenets :-closets (network,servers,routers and switches)
-power(UPSs)
-HVAC system
-fire suppression
 -power(fuel generator)
-DC monitoring room
-CCTV
-Mantrap (room with two doors)
*minimize downtime and enhance BC and DR capabilities : - joint operating
agreements (JOA)
- memorandum of
understanding (MOU)
- memorandum of agreement
(MOA)
*service level agreement (SLA) : - guarantees a certain level of servie (five nines
= 99.999)
*cloud computing*
*managed service provider (MSP) : a company that manages information technology
assets for another company

*network segmation : controlling traffic among network devices

*microsegmation : a method of creating zones in data centers and cloud
environements to isolate workloads via security policies that limit user access
*demilitarized zone (DMZ) : as web and e-mails severs
*virtual local area network (VLAN) : a logical network created by switches that
groups together a subset of devices that share a physical LAN , isolating traffic
for each group without altering its physical topology
*ZERO TRUST : never trust ... always verify
*NETWORK ACCESS CONTROL (NAC) : a security solution that enforces policy on devices
that access networks to increase network visibility and reduce risk
*VIRTUAL PRIVATE NETWORK (VPN)