4.0 Network Security

[4.1] Explain common security concepts

Confidentiality, Integrity, Availability (CIA)

Threats

Vulnerabilities

Exploits

Least Privilege

Role-Based Access

Zero Trust

Defense in Depth

Network Access Control (NAC): Process of restricting unauthorized users and devices from gaining access to a corporate or private network

Authentication Methods

User Authentication (802.1x): IEEE standard for port-based network accession control (PNAC) - provides an authentication mechanism to devices wishing to attach to a LAN or WLAN

  • Switches can require users to authenticate themselves before gaining access to the network

  • Once authenticated, a key is generated and shared between the suppliant and the switch

  • Authentication server checks the suppliant's credentials and creates the key

  • Key is used to encrypt the traffic going between the client and switch

Management Access and Authentication for switches comes in two options:

  1. SSH: Remote administrator program to connect to the switch over the network

  2. Console port: Allows for local administration using a laptop and rollover cable (DB-9 to RJ-45)

Lightweight Directory Access Protocol (LDAP): Port 389, application protocol for accessing and maintaining distributed directory information services over an IP network

Kerberos: Computer network authentication protocol that uses tickets to prove node identity over a non-secure network

Challenge-Handshake Authentication Protocol (CHAP): Authentication protocol originally for PPP to validate users, used in RADIUS and Diameter

Risk Management

Security Information and Event Management (SIEM)

[4.2] Compare and contrast common types of attacks

Technology-Based

Human and Environmental

[4.3] Given a scenario, apply network hardening techniques

Best Practices

Port Security: Also known as persistent MAC learning or Sticky MAC, is a security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online

  • Prevents someone from connecting to a jack or switch port without permission

Wireless Security

MAC Filtering: Permits or denies traffic based on a device's MAC address to improve security

IoT Access Considerations

[4.4] Compare and contrast remote access methods and security implications

Site-to-Site VPN

Client-to-Site VPN

Remote Desktop Connection

Remote Desktop Gateway

SSH

Virtual Network Computing (VNC)

Virtual Desktop

Authentication and Authorization Considerations

In-Band vs. Out-of-Band Management

Out-of-Band (OOB): Involves keeping all network configuration devices on a separate network

[4.5] Explain the importance of physical security

Detection Methods

Prevention Methods

Asset Disposal

Previous3.0 Network OperationsNext5.0 Network Troubleshooting

Last updated