CS406: Information Security

This video discusses secure network components like demilitarized zones (DMZ), network address translation (NAT), network access control (NAC), virtualization, subnetting, and segmentation. You should learn the purpose of each component, how each component is set up, what hardware they require, if any. What are the security advantages of each of these components?

This video describes network segmentation, and how the networks can be segmented at the physical and data link layers. Networks can be segmented for many reasons: compliance, optimizing or improving performance, separating private communications from public, protecting legacy systems, creating testing environments, securing data flow, or creating honeynets. Pay attention to supervisory control and data acquisition (SCADA) systems and why they should be segmented. This video also discusses the Stuxnet virus. What type of system was it designed to attack?

You can think of network segmentation like compartments of a submarine. Each compartment is separated from the others, so if a flood happens in one compartment, it can be sealed off to protect the others. As with all secure methods, segmentation has drawbacks as well as benefits. In a network, how could a security team identify application flows to determine border placement, appropriate policies for segmentation, and how the segmentation scheme can be managed and maintained?

This video explains redundancy and hardware that can be used to maintain redundancy. What physical devices provide for data and for hardware redundancy? What is the benefit of using RAID? Note the differences between hardware, software, and firmware-based RAID. How do load balancing and failovers work with redundancy?

Firewalls are an important part of network security. Firewalls act like filters and help protect against malicious network traffic. This article discusses three types of firewalls: stateless, stateful, and application. Firewalls use rules to accept, reject, and drop network traffic. Incoming and outgoing traffic have different firewall rules. This article covers some basic tools that you should be able to discuss, including IP tables, uncomplicated firewalls (UFW), FirewallD, and Fail2ban.

This video goes into detail about more types of firewalls, as well as firewall settings and techniques. You should be able to describe each type of firewall, and know what circumstances each type should be used for. What is the difference between stateless and stateful inspection firewalls? What is a virtual firewall? When discussing firewall settings and techniques, it is important that you can explain what an access control list (ACL) is. What should the last rule in an ACL be? Where should a stateful or a stateless firewall be placed? What is a demilitarized zone (DMZ), and where should a DMZ be placed?

It can be difficult to understand how packet processing works. This video gives a visual explanation using decision tables on how all inbound and outbound packets are processed. See if you can follow the process. While you don't need to know the specifics, you should be able to explain the inbound and outbound process in general terms.

Stateful packet inspection is also known as dynamic packet filtering. What type of table does stateful packet inspection use for filtering? What are the attributes that are part of the state of the connection? How is stateful packet inspection different from static packet filters? How can stateful packet inspection improve network performance?

This section discusses wireless networking, encryption, and the 802.11 wireless network standards. Wireless networking is advantageous, since it removes the cost of installing cables and doesn't require systems to use a wired connection. What does the term half-duplex mean? What are the most common RF bands used in the United States, and why they are used? Why is it important to encrypt wireless networks? You might remember advanced encryption standard (AES) from the unit on encryption. Which encryption standard for 802.11 networks uses AES? Why should wired equivalent privacy (WEP) and Wi-Fi protected access (WPA) no longer be used for encrypting wireless networks?

This video discusses six names for wireless Internet connections, and how to view the wireless connection manager program on a device to determine if the connection is encrypted. Why is it important to know if the connection is encrypted? How close does a wireless eavesdropper have to be to intercept a signal between a computer and a router?

Tunneling is a way to connect networks through a secure connection across a public network. The secure connection is called a virtual private network (VPN). Watch this video for more on tunneling and the mechanism of a VPN. What are encapsulation, tunneling, and authentication? Why is encryption important when sending data via a tunnel? What is the purpose of a split tunnel?

Honeypots are decoys used attract network attackers. Read pages 10 through 12 in this article to understand how honeypots are used to protect networks. When would you prefer to use a honeypot instead of an intrusion detection system (IDS)?

Read this brief article to understand how a honeynet is configured. What is the difference between a honeypot and a honeynet? What is the purpose of a honeynet?

Read this article to learn about network sniffers and the reasons sniffers are used. How are network sniffers detected? What are two common network sniffers?

Recall that you learned about the perils of unencrypted wireless connections in a previous section. Watch this video to learn how a hacker can use a sniffer to intercept unencrypted traffic.

A packet analyzer can be used to capture packets containing data. This video shows how simple it is to capture packets using the packet analyzer tcpdump and then view the data using Wireshark. Be sure to watch both videos. You only need to understand what is happening here; you will not be asked to capture packets using tcpdump or Wireshark.

When watching this video you will learn the difference between http and https. How is text transmitted across the Internet using http and how is it transmitted using https? Which one is more secure?

This video describes secure sockets layer (SSL) and transport layer security (TLS). After watching you should be able to desribe SSL and TLS and the purpose of each. What type of encryption is used? What is the relationship between SSL and TLS? What is the name of a well-known attack on TLS?

As you watch this video, pay attention to the descriptions of domain name system (DNS) and domain name system security extensions (DNSSEC). Why do we use domain names instead of internet protocol (IP) addresses? What is a fully qualified domain name (FQDN)? How does DNSSEC protect from forged DNS data, and what is used to provide this protection?