Security Networking Theory

Network Security Concepts

Foundational network security principles including CIA triad, authentication methods, and security devices

Network Security Concepts

Network security protects data integrity, confidentiality, and availability across network infrastructure. Security operates on multiple layers - defense in depth - because no single security measure is bulletproof.

Core Security Principles (CIA Triad)

  • Confidentiality: Only authorized users access data (encryption, access controls)
  • Integrity: Data remains unaltered during transmission/storage (hashing, digital signatures)
  • Availability: Resources remain accessible when needed (redundancy, DDoS protection)

Common Network Threats

  • Malware: Viruses, worms, trojans that compromise systems
  • DoS/DDoS: Overwhelming resources to deny legitimate access
  • Man-in-the-Middle (MITM): Intercepting communications between two parties
  • Social Engineering: Manipulating humans to divulge information (weakest link in security chain)
  • Reconnaissance: Information gathering before launching attacks (port scans, network mapping)

Access Control Methods

Method Description Use Case
MAC (Mandatory) System enforces access based on classifications Military/government environments
DAC (Discretionary) Resource owner controls access Standard business networks
RBAC (Role-Based) Access based on user roles/job functions Enterprise environments

Authentication Methods

  • Something you know: Passwords, PINs (weakest form - easily compromised)
  • Something you have: Smart cards, tokens, certificates
  • Something you are: Biometrics (fingerprints, retina scans)
  • Multi-factor authentication (MFA) combines multiple methods for stronger security

Network Security Devices

Firewalls

Firewalls filter traffic based on predetermined rules - think of them as network bouncers checking IDs.

Stateless Firewalls (Packet Filters):

  • Examine each packet individually without context
  • Filter based on source/destination IP, ports, protocols
  • Fast but limited (can’t track connection state)
  • Example: Block all traffic from 192.168.1.100 to port 80

Stateful Firewalls:

  • Track connection state and context (connection tables)
  • Remember outbound requests and allow related return traffic
  • More secure but higher processing overhead
  • Example: Allow return HTTP traffic only if outbound request was made

Application Layer Firewalls (Proxy):

  • Inspect actual application data (Layer 7)
  • Can block specific websites, file types, or application commands
  • Highest security but significant performance impact

Intrusion Detection/Prevention Systems

Type Function Deployment Response
IDS Detects and alerts Out-of-band (monitoring) Passive notification
IPS Detects and blocks In-line (active path) Active blocking
  • Signature-based: Matches known attack patterns (like antivirus definitions)
  • Anomaly-based: Detects deviations from normal behavior baselines
  • IPS must be deployed in-line - traffic flows through device for real-time blocking

VPN Technologies

VPNs create secure tunnels over untrusted networks (like sending classified documents in a locked briefcase).

IPSec VPN

  • Encryption Protocols:
    • AES (Advanced Encryption Standard) - current gold standard
    • 3DES (Triple DES) - legacy, being phased out
  • Hashing: SHA-1 (weak), SHA-256 (recommended)
  • Key Exchange: Diffie-Hellman groups (higher numbers = stronger security)

IPSec Modes:

  • Transport Mode: Encrypts payload only (host-to-host)
  • Tunnel Mode: Encrypts entire packet (site-to-site VPNs)

SSL/TLS VPN

  • Browser-based access (no client software required)
  • Uses SSL/TLS encryption (same as HTTPS websites)
  • Clientless operation makes deployment easier for remote users
  • Lower performance than IPSec but more flexible for BYOD environments

Wireless Security

Wireless networks broadcast signals that anyone can intercept - security is critical.

Standard Encryption Key Length Status
WEP RC4 64/128-bit Broken (crackable in minutes)
WPA TKIP 128-bit Deprecated
WPA2 AES-CCMP 128-bit Current standard
WPA3 AES-GCMP 192-bit Next generation

WPA2 Authentication Modes

  • Personal (PSK): Pre-shared key for small networks (home/SOHO)
  • Enterprise (802.1X): RADIUS authentication for corporate environments
  • Enterprise mode provides individual user credentials vs. shared passwords

Network Access Control (NAC)

NAC systems verify device compliance before granting network access.

802.1X Components:

  • Supplicant: Client requesting access (laptop, phone)
  • Authenticator: Network device controlling access (switch, wireless controller)
  • Authentication Server: RADIUS server validating credentials

Process Flow:

  1. Client connects to network port/SSID
  2. Switch/AP blocks traffic except authentication
  3. Client provides credentials to RADIUS server
  4. RADIUS responds with accept/reject + VLAN assignment
  5. Switch/AP grants appropriate network access

Vocabulary

DMZ (Demilitarized Zone): Network segment between internal LAN and external internet, containing public-facing servers

RADIUS: Remote Authentication Dial-In User Service - centralized authentication protocol

TACACS+: Terminal Access Controller Access-Control System Plus - Cisco’s enhanced authentication protocol

AAA: Authentication (who are you?), Authorization (what can you do?), Accounting (what did you do?)

VLAN Hopping: Attack technique jumping between VLANs to access unauthorized network segments

Evil Twin: Rogue wireless access point mimicking legitimate hotspot to steal credentials

Notes

  • Default deny policy: Block everything by default, explicitly allow only required traffic
  • Security policies are only as strong as their weakest implementation - users often circumvent inconvenient security measures
  • Regular security assessments and penetration testing reveal vulnerabilities before attackers do
  • Keep firmware and software updated - most breaches exploit known vulnerabilities with available patches
  • Physical security is fundamental - if attackers have physical access, assume compromise
  • Document security incidents for pattern analysis and compliance requirements
  • Test backup and disaster recovery procedures regularly - security incidents will happen
  • Consider compliance requirements (PCI-DSS, HIPAA, SOX) when designing security architecture