Unit 6: Network Security
This unit will discuss the security of networks, the mode for data in motion. As data is transferred across networks, it becomes another point of potential information insecurity. Networks can be designed to secure data in motion, and firewalls can improve security when placed appropriately in a network. Wireless networks are more insecure, but that insecurity can be mitigated via encryption and tunneling. In this unit, we will discuss several methods for protecting networks, including designing secure networks, using firewalls, protecting wireless networks, and other preventive methods like honeypots, network sniffers, and packet capturing.
Completing this unit should take you approximately 5 hours.
Upon successful completion of this unit, you will be able to:
- describe how network designs such as segmentation, zoning, and redundancy can protect networks;
- evaluate how firewalls filter or block traffic, the appropriate placement of firewalls in networks, and common firewall terminologies such as packet filtering, stateful packet inspection, and deep packet inspection;
- analyze wireless networking encryption types, tunneling, and the vulnerabilities associated with bring your own device (BYOD);
- assess how tools such as honeypots, network sniffers, and packet capturing are used to protect networks; and
- describe the methods used to secure the web such as https, TLS/SSL, and DNS/DNSSEC.
6.1: Network Security Design
To understand network security, it is first important to understand the methods that are used to design secure networks. Network engineers will most likely design the system, but the security element of the design is the responsibility of the security professional. In this section, network security design is explained in greater detail, and the methods of segmentation, zoning, and redundancy are discussed. As you learned in an earlier section honeypots are sometimes placed in a segmented area to be isolated from the rest of the system. Zoning separates networks so that if one is breached there is no access to the other zone, and this protects for confidentiality. Redundancy provides for availability because if one segment goes down there is a duplicate that continues to run and data is preserved.
This video discusses secure network components like demilitarized zones (DMZ), network address translation (NAT), network access control (NAC), virtualization, subnetting, and segmentation. You should learn the purpose of each component, how each component is set up, what hardware they require, if any. What are the security advantages of each of these components?
This video describes network segmentation, and how the networks can be segmented at the physical and data link layers. Networks can be segmented for many reasons: compliance, optimizing or improving performance, separating private communications from public, protecting legacy systems, creating testing environments, securing data flow, or creating honeynets. Pay attention to supervisory control and data acquisition (SCADA) systems and why they should be segmented. This video also discusses the Stuxnet virus. What type of system was it designed to attack?
You can think of network segmentation like compartments of a submarine. Each compartment is separated from the others, so if a flood happens in one compartment, it can be sealed off to protect the others. As with all secure methods, segmentation has drawbacks as well as benefits. In a network, how could a security team identify application flows to determine border placement, appropriate policies for segmentation, and how the segmentation scheme can be managed and maintained?
- Zoning is a tactic used to protect an organization's network by segmenting assets into groups (or zones) that have the same level of security requirements. These can include internet zones, internet DMZs, production network zones, intranet zones, and management network zones. Read this article for more on zoning and the different types of zones.
- Computer systems will fail and lose data, but data can be preserved if redundancy is in place. Think about this in relation to the three tenets of the CIA triad: if data is lost, then availability is lost, and CIA is not protected. What is redundancy? How is it accomplished in information systems? Pay attention to the concepts of paths, routing, scalability, redundancy, and fault tolerance.
This video explains redundancy and hardware that can be used to maintain redundancy. What physical devices provide for data and for hardware redundancy? What is the benefit of using RAID? Note the differences between hardware, software, and firmware-based RAID. How do load balancing and failovers work with redundancy?
6.2: Firewalls
The first line of defense for a system is network security. Networks are the vehicle that provides access to the main components of a system, such as a system server. If all nefarious traffic can be blocked at the network level then the system is protected from external threats. Firewalls can be used to monitor network traffic and can block or allow traffic based on selected security rules. The placement of firewalls is important just as selecting the placement of doors is important in a building. This section will help you to understand how firewalls work, the appropriate placement of firewalls to protect a system, and some firewall techniques such as packet filtering, inbound and outbound packet processing, stateful packet inspection, deep packet inspection, and routers.
Firewalls are an important part of network security. Firewalls act like filters and help protect against malicious network traffic. This article discusses three types of firewalls: stateless, stateful, and application. Firewalls use rules to accept, reject, and drop network traffic. Incoming and outgoing traffic have different firewall rules. This article covers some basic tools that you should be able to discuss, including IP tables, uncomplicated firewalls (UFW), FirewallD, and Fail2ban.
This video goes into detail about more types of firewalls, as well as firewall settings and techniques. You should be able to describe each type of firewall, and know what circumstances each type should be used for. What is the difference between stateless and stateful inspection firewalls? What is a virtual firewall? When discussing firewall settings and techniques, it is important that you can explain what an access control list (ACL) is. What should the last rule in an ACL be? Where should a stateful or a stateless firewall be placed? What is a demilitarized zone (DMZ), and where should a DMZ be placed?
This article explains packets, packet headers, and packet filtering. What can the option of allowing or disallowing packets be based on? What are the weaknesses and advantages of packet filtering? After you read, you should be able to describe packets and packet headers.
It can be difficult to understand how packet processing works. This video gives a visual explanation using decision tables on how all inbound and outbound packets are processed. See if you can follow the process. While you don't need to know the specifics, you should be able to explain the inbound and outbound process in general terms.
Stateful packet inspection is also known as dynamic packet filtering. What type of table does stateful packet inspection use for filtering? What are the attributes that are part of the state of the connection? How is stateful packet inspection different from static packet filters? How can stateful packet inspection improve network performance?
This article describes how deep packet inspection (DPI) is different from other types of packet processing. Most packet processing is done via the IP header, but deep packet processing inspects the packet contents. How does DPI help to secure a network? What are the different approaches to DPI? Make sure you can explain the three techniques used in DPI and name some of the tools used for packet analysis.
- Deep packet inspection is expensive, because the router unpacks the packet and looks at its contents, which slows down the routing process. Watch this video for an in-depth explanation of deep pack inspection. Why is deep packet inspection less common, and what are some situations where you might want to use it despite its drawbacks?
6.3: Wireless Networks
Wireless Internet connections are used by many home devices and computers today including common devices such as televisions, security cameras, and thermostats. During the 2020 pandemic even more people began working from home and connecting via wireless connections. Some schools and businesses allow students and employees to use their own devices to connect to their private network, and are pressured to find secure ways to advise their students and employees on how to connect securely. Securing wireless networks is somewhat more difficult than securing wired connections, and it is important for security professionals to have a basic knowledge of wireless networking and encryption with the current trend. This section will discuss methods of wireless network security, virtual private networking (VPN) or tunneling, and the risks that are associated with bring your own device (BYOD).
This section discusses wireless networking, encryption, and the 802.11 wireless network standards. Wireless networking is advantageous, since it removes the cost of installing cables and doesn't require systems to use a wired connection. What does the term half-duplex mean? What are the most common RF bands used in the United States, and why they are used? Why is it important to encrypt wireless networks? You might remember advanced encryption standard (AES) from the unit on encryption. Which encryption standard for 802.11 networks uses AES? Why should wired equivalent privacy (WEP) and Wi-Fi protected access (WPA) no longer be used for encrypting wireless networks?
This video discusses six names for wireless Internet connections, and how to view the wireless connection manager program on a device to determine if the connection is encrypted. Why is it important to know if the connection is encrypted? How close does a wireless eavesdropper have to be to intercept a signal between a computer and a router?
This article explains the types of wireless signal. What makes these signals different? What is the difference between a transmitter and a receiver? What do you call a device that both transmits and receives? Make sure you can name two types of antennas and the reason for choosing each type.
Tunneling is a way to connect networks through a secure connection across a public network. The secure connection is called a virtual private network (VPN). Watch this video for more on tunneling and the mechanism of a VPN. What are encapsulation, tunneling, and authentication? Why is encryption important when sending data via a tunnel? What is the purpose of a split tunnel?
A "bring your own device (BYOD)" policy is when an organization allows employees to use their own devices on the company network. While this can save the organization money and allow for more employee freedom, there are security risks associated with it. This article explains the principles of BYOD, some benefits of BYOD for an organization, and the many ways that BYOD can increase the risk to a company's data and information systems.
6.4: Network Protection
You learned about firewalls and how they are used to protect networks. In this section you will learn some system techniques that can be used to protect networks. One method discussed is honeypots, or decoys that bait an attacker to exploit a certain area of a system, and then information about the attacker is collected and analyzed. You will also learn about network and wireless sniffers that are used to detect intrusions, and tools such as tcpdump and Wireshark that can be used to analyze packets. System administrators will normally set up these types of protective systems, but the information security professional may advise or chose the type of protective system to install.
Honeypots are decoys used attract network attackers. Read pages 10 through 12 in this article to understand how honeypots are used to protect networks. When would you prefer to use a honeypot instead of an intrusion detection system (IDS)?
Read this brief article to understand how a honeynet is configured. What is the difference between a honeypot and a honeynet? What is the purpose of a honeynet?
This article discusses the legality of the data collected by honeypots and honeynets, and how they relate to liability and entrapment in US and EU law. After you read, you should be able to describe the four core elements of a honeynet and the issues associated with honeynets. How are honeypots classified according to their level of interaction and their purpose?
Read this article to learn about network sniffers and the reasons sniffers are used. How are network sniffers detected? What are two common network sniffers?
Recall that you learned about the perils of unencrypted wireless connections in a previous section. Watch this video to learn how a hacker can use a sniffer to intercept unencrypted traffic.
A packet analyzer can be used to capture packets containing data. This video shows how simple it is to capture packets using the packet analyzer tcpdump and then view the data using Wireshark. Be sure to watch both videos. You only need to understand what is happening here; you will not be asked to capture packets using tcpdump or Wireshark.
6.5: Web Security
When using the internet, you may see a uniform resource locator (URL) or web address that uses http or one that uses https. There is a difference between the two as one is secure and the other is not secure. In this section you will learn the difference between hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS), and why one is more secure than the other. Making a web address secure requires the use of a secure sockets layer (SSL), or transport layer security (TLS). Both of these terms are discussed as well as the relationship between them and the purpose of each one. This section concludes with a discussion on domain name system (DNS) and domain name security extensions (DNSSEC) and how DNS data can be forged.
When watching this video you will learn the difference between http and https. How is text transmitted across the Internet using http and how is it transmitted using https? Which one is more secure?
This video describes secure sockets layer (SSL) and transport layer security (TLS). After watching you should be able to desribe SSL and TLS and the purpose of each. What type of encryption is used? What is the relationship between SSL and TLS? What is the name of a well-known attack on TLS?
As you watch this video, pay attention to the descriptions of domain name system (DNS) and domain name system security extensions (DNSSEC). Why do we use domain names instead of internet protocol (IP) addresses? What is a fully qualified domain name (FQDN)? How does DNSSEC protect from forged DNS data, and what is used to provide this protection?
Unit 6 Assessment
- Receive a grade
Take this assessment to see how well you understood this unit.
- This assessment does not count towards your grade. It is just for practice!
- You will see the correct answers when you submit your answers. Use this to help you study for the final exam!
- You can take this assessment as many times as you want, whenever you want.