• Unit 6: Network Security

    This unit will discuss the security of networks, the mode for data in motion. As data is transferred across networks, it becomes another point of potential information insecurity. Networks can be designed to secure data in motion, and firewalls can improve security when placed appropriately in a network. Wireless networks are more insecure, but that insecurity can be mitigated via encryption and tunneling. In this unit, we will discuss several methods for protecting networks, including designing secure networks, using firewalls, protecting wireless networks, and other preventive methods like honeypots, network sniffers, and packet capturing.

    Completing this unit should take you approximately 5 hours.

    • 6.1: Network Security Design

      To understand network security, it is first important to understand the methods that are used to design secure networks. Network engineers will most likely design the system, but the security element of the design is the responsibility of the security professional. In this section, network security design is explained in greater detail, and the methods of segmentation, zoning, and redundancy are discussed. As you learned in an earlier section honeypots are sometimes placed in a segmented area to be isolated from the rest of the system. Zoning separates networks so that if one is breached there is no access to the other zone, and this protects for confidentiality. Redundancy provides for availability because if one segment goes down there is a duplicate that continues to run and data is preserved.

    • 6.2: Firewalls

      The first line of defense for a system is network security. Networks are the vehicle that provides access to the main components of a system, such as a system server. If all nefarious traffic can be blocked at the network level then the system is protected from external threats. Firewalls can be used to monitor network traffic and can block or allow traffic based on selected security rules. The placement of firewalls is important just as selecting the placement of doors is important in a building. This section will help you to understand how firewalls work, the appropriate placement of firewalls to protect a system, and some firewall techniques such as packet filtering, inbound and outbound packet processing, stateful packet inspection, deep packet inspection, and routers.

    • 6.3: Wireless Networks

      Wireless Internet connections are used by many home devices and computers today including common devices such as televisions, security cameras, and thermostats. During the 2020 pandemic even more people began working from home and connecting via wireless connections. Some schools and businesses allow students and employees to use their own devices to connect to their private network, and are pressured to find secure ways to advise their students and employees on how to connect securely. Securing wireless networks is somewhat more difficult than securing wired connections, and it is important for security professionals to have a basic knowledge of wireless networking and encryption with the current trend. This section will discuss methods of wireless network security, virtual private networking (VPN) or tunneling, and the risks that are associated with bring your own device (BYOD).

    • 6.4: Network Protection

      You learned about firewalls and how they are used to protect networks. In this section you will learn some system techniques that can be used to protect networks. One method discussed is honeypots, or decoys that bait an attacker to exploit a certain area of a system, and then information about the attacker is collected and analyzed. You will also learn about network and wireless sniffers that are used to detect intrusions, and tools such as tcpdump and Wireshark that can be used to analyze packets. System administrators will normally set up these types of protective systems, but the information security professional may advise or chose the type of protective system to install.

    • 6.5: Web Security

      When using the internet, you may see a uniform resource locator (URL) or web address that uses http or one that uses https. There is a difference between the two as one is secure and the other is not secure. In this section you will learn the difference between hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS), and why one is more secure than the other. Making a web address secure requires the use of a secure sockets layer (SSL), or transport layer security (TLS). Both of these terms are discussed as well as the relationship between them and the purpose of each one. This section concludes with a discussion on domain name system (DNS) and domain name security extensions (DNSSEC) and how DNS data can be forged.

    • Unit 6 Assessment

      • Receive a grade