Network Security Fundamentals
Master network defense with firewalls, IDS/IPS, and security best practices
🛡️ Defense in Depth Strategy
Effective network security requires multiple layers of protection, each providing redundancy if another layer fails.
1
Perimeter Security
Firewalls, DMZ, border routers with ACLs to control traffic entering and leaving the network
2
Network Segmentation
VLANs, subnets, and zones to isolate critical assets and limit lateral movement
3
Intrusion Detection/Prevention
IDS/IPS systems to detect and block malicious activities in real-time
4
Access Control
802.1X, NAC, RADIUS/TACACS+ for authentication and authorization
5
Endpoint Protection
Antivirus, EDR, host-based firewalls on individual devices
6
Data Encryption
VPN, TLS/SSL, IPSec for protecting data in transit and at rest
7
Monitoring & Logging
SIEM, syslog, NetFlow for continuous monitoring and incident response
⚠️ Common Network Threats
Malware
Viruses, worms, trojans, and ransomware that compromise systems
Mitigation: Antivirus, application whitelisting, regular patching, user training
Man-in-the-Middle
Intercepting communications between two parties
Mitigation: Use encryption (TLS/SSL), certificate pinning, VPNs
DDoS Attacks
Overwhelming resources with traffic to cause service disruption
Mitigation: Rate limiting, DDoS protection services, redundancy
Phishing
Social engineering to steal credentials or sensitive information
Mitigation: Email filtering, user training, MFA, domain monitoring
Brute Force
Attempting multiple passwords to gain unauthorized access
Mitigation: Account lockout policies, rate limiting, strong passwords
Zero-Day Exploits
Attacks targeting unknown vulnerabilities
Mitigation: IPS with behavioral analysis, regular updates, sandboxing
🔥 Firewall Configuration
Example firewall rules for common scenarios:
# Default deny all (implicit at the end)
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH from management network only
iptables -A INPUT -p tcp -s 192.168.30.0/24 --dport 22 -j ACCEPT
# Allow HTTP/HTTPS from anywhere
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Block common attack ports
iptables -A INPUT -p tcp --dport 135:139 -j DROP
iptables -A INPUT -p tcp --dport 445 -j DROP
iptables -A INPUT -p tcp --dport 1433:1434 -j DROP
# Rate limiting for SSH (prevent brute force)
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
# DDoS protection - SYN flood
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT
# Log dropped packets
iptables -A INPUT -j LOG --log-prefix "Firewall Dropped: " --log-level 4
🔍 IDS vs IPS Comparison
| Feature | IDS (Intrusion Detection) | IPS (Intrusion Prevention) |
|---|---|---|
| Deployment | Out-of-band (passive monitoring) | Inline (active filtering) |
| Action | Alerts only | Blocks threats automatically |
| Network Impact | None | Potential latency |
| False Positives | Less critical (alerts only) | Critical (can block legitimate traffic) |
| Response Time | After the fact | Real-time |
| Failure Mode | Network continues operating | Can cause network outage |
| Best For | Monitoring, forensics, compliance | Active threat prevention |
| Examples | Snort (IDS mode), Zeek, OSSEC | Snort (IPS mode), Suricata, Palo Alto |
🔐 Security Protocols
TLS/SSL
Transport Layer Security for encrypted communications
Port 443
HTTPS
Certificates
IPSec
Network layer encryption for VPNs and site-to-site connections
ESP/AH
IKEv2
Tunnel Mode
802.1X
Port-based network access control for authentication
EAP
RADIUS
NAC
WPA3
Latest Wi-Fi security protocol with enhanced encryption
SAE
PMF
192-bit
DKIM/SPF
Email authentication to prevent spoofing and phishing
DNS TXT
DMARC
Anti-spam
SSH
Secure Shell for encrypted remote access
Port 22
Key-based
SFTP
⚔️ Cyber Attack Lifecycle
Understanding the phases of an attack helps in implementing appropriate defenses:
1. Reconnaissance
Gathering information about the target through OSINT, scanning, and social engineering
2. Weaponization
Creating malicious payloads, exploits, or phishing campaigns
3. Delivery
Transmitting the weapon to the target via email, web, USB, etc.
4. Exploitation
Triggering the vulnerability to execute code on the victim's system
5. Installation
Installing malware or backdoors for persistent access
6. Command & Control
Establishing communication channels with compromised systems
7. Actions on Objectives
Data exfiltration, ransomware deployment, or system destruction
✅ Network Security Checklist
Essential Security Measures
✓
Implement firewall with default-deny policy
✓
Deploy IDS/IPS for threat detection and prevention
✓
Enable logging and centralized log management (SIEM)
✓
Implement network segmentation with VLANs
✓
Use strong authentication (MFA, 802.1X)
✓
Encrypt sensitive data in transit (VPN, TLS)
✓
Regular security updates and patch management
✓
Disable unnecessary services and ports
✓
Implement DDoS protection measures
✓
Regular security audits and penetration testing
✓
Incident response plan and disaster recovery
✓
Employee security awareness training