4.0 Network Security

[4.1] Explain common security concepts

Confidentiality, Integrity, Availability (CIA)

Threats

Vulnerabilities

Exploits

Least Privilege

Role-Based Access

Zero Trust

Defense in Depth

Network Access Control (NAC): Process of restricting unauthorized users and devices from gaining access to a corporate or private network

Authentication Methods

User Authentication (802.1x): IEEE standard for port-based network accession control (PNAC) - provides an authentication mechanism to devices wishing to attach to a LAN or WLAN

Switches can require users to authenticate themselves before gaining access to the network
Once authenticated, a key is generated and shared between the suppliant and the switch
Authentication server checks the suppliant's credentials and creates the key
Key is used to encrypt the traffic going between the client and switch

Management Access and Authentication for switches comes in two options:

SSH: Remote administrator program to connect to the switch over the network
Console port: Allows for local administration using a laptop and rollover cable (DB-9 to RJ-45)

Lightweight Directory Access Protocol (LDAP): Port 389, application protocol for accessing and maintaining distributed directory information services over an IP network

Kerberos: Computer network authentication protocol that uses tickets to prove node identity over a non-secure network

Challenge-Handshake Authentication Protocol (CHAP): Authentication protocol originally for PPP to validate users, used in RADIUS and Diameter

Risk Management

Security Information and Event Management (SIEM)

[4.2] Compare and contrast common types of attacks

Technology-Based

Human and Environmental

[4.3] Given a scenario, apply network hardening techniques

Best Practices

Port Security: Also known as persistent MAC learning or Sticky MAC, is a security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online

Prevents someone from connecting to a jack or switch port without permission

Wireless Security

MAC Filtering: Permits or denies traffic based on a device's MAC address to improve security

IoT Access Considerations

[4.4] Compare and contrast remote access methods and security implications

Site-to-Site VPN

Client-to-Site VPN

Remote Desktop Connection

Remote Desktop Gateway

SSH

Virtual Network Computing (VNC)

Virtual Desktop

Authentication and Authorization Considerations

In-Band vs. Out-of-Band Management

Out-of-Band (OOB): Involves keeping all network configuration devices on a separate network

[4.5] Explain the importance of physical security

Detection Methods

Prevention Methods

Asset Disposal

Previous3.0 Network Operations Next5.0 Network Troubleshooting

Last updated 2 years ago

hashtag[4.1] Explain common security concepts

hashtagConfidentiality, Integrity, Availability (CIA)

hashtagThreats

hashtagVulnerabilities

hashtagExploits

hashtagLeast Privilege

hashtagRole-Based Access

hashtagZero Trust

hashtagDefense in Depth

hashtagAuthentication Methods

hashtagRisk Management

hashtagSecurity Information and Event Management (SIEM)

hashtag[4.2] Compare and contrast common types of attacks

hashtagTechnology-Based

hashtagHuman and Environmental

hashtag[4.3] Given a scenario, apply network hardening techniques

hashtagBest Practices

hashtagWireless Security

hashtagIoT Access Considerations

hashtag[4.4] Compare and contrast remote access methods and security implications

hashtagSite-to-Site VPN

hashtagClient-to-Site VPN

hashtagRemote Desktop Connection

hashtagRemote Desktop Gateway

hashtagSSH

hashtagVirtual Network Computing (VNC)

hashtagVirtual Desktop

hashtagAuthentication and Authorization Considerations

hashtagIn-Band vs. Out-of-Band Management

hashtag[4.5] Explain the importance of physical security

hashtagDetection Methods

hashtagPrevention Methods

hashtagAsset Disposal