Network Security Fundamentals

Master network defense with firewalls, IDS/IPS, and security best practices

🛡️ Defense in Depth Strategy

Effective network security requires multiple layers of protection, each providing redundancy if another layer fails.

1
Perimeter Security
Firewalls, DMZ, border routers with ACLs to control traffic entering and leaving the network
2
Network Segmentation
VLANs, subnets, and zones to isolate critical assets and limit lateral movement
3
Intrusion Detection/Prevention
IDS/IPS systems to detect and block malicious activities in real-time
4
Access Control
802.1X, NAC, RADIUS/TACACS+ for authentication and authorization
5
Endpoint Protection
Antivirus, EDR, host-based firewalls on individual devices
6
Data Encryption
VPN, TLS/SSL, IPSec for protecting data in transit and at rest
7
Monitoring & Logging
SIEM, syslog, NetFlow for continuous monitoring and incident response

⚠️ Common Network Threats

Malware
Viruses, worms, trojans, and ransomware that compromise systems
Mitigation: Antivirus, application whitelisting, regular patching, user training
Man-in-the-Middle
Intercepting communications between two parties
Mitigation: Use encryption (TLS/SSL), certificate pinning, VPNs
DDoS Attacks
Overwhelming resources with traffic to cause service disruption
Mitigation: Rate limiting, DDoS protection services, redundancy
Phishing
Social engineering to steal credentials or sensitive information
Mitigation: Email filtering, user training, MFA, domain monitoring
Brute Force
Attempting multiple passwords to gain unauthorized access
Mitigation: Account lockout policies, rate limiting, strong passwords
Zero-Day Exploits
Attacks targeting unknown vulnerabilities
Mitigation: IPS with behavioral analysis, regular updates, sandboxing

🔥 Firewall Configuration

Example firewall rules for common scenarios:

# Default deny all (implicit at the end) iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Allow established connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow SSH from management network only iptables -A INPUT -p tcp -s 192.168.30.0/24 --dport 22 -j ACCEPT # Allow HTTP/HTTPS from anywhere iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Block common attack ports iptables -A INPUT -p tcp --dport 135:139 -j DROP iptables -A INPUT -p tcp --dport 445 -j DROP iptables -A INPUT -p tcp --dport 1433:1434 -j DROP # Rate limiting for SSH (prevent brute force) iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP # DDoS protection - SYN flood iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT # Log dropped packets iptables -A INPUT -j LOG --log-prefix "Firewall Dropped: " --log-level 4

🔍 IDS vs IPS Comparison

Feature IDS (Intrusion Detection) IPS (Intrusion Prevention)
Deployment Out-of-band (passive monitoring) Inline (active filtering)
Action Alerts only Blocks threats automatically
Network Impact None Potential latency
False Positives Less critical (alerts only) Critical (can block legitimate traffic)
Response Time After the fact Real-time
Failure Mode Network continues operating Can cause network outage
Best For Monitoring, forensics, compliance Active threat prevention
Examples Snort (IDS mode), Zeek, OSSEC Snort (IPS mode), Suricata, Palo Alto

🔐 Security Protocols

🔒
TLS/SSL
Transport Layer Security for encrypted communications
Port 443 HTTPS Certificates
🔑
IPSec
Network layer encryption for VPNs and site-to-site connections
ESP/AH IKEv2 Tunnel Mode
🎫
802.1X
Port-based network access control for authentication
EAP RADIUS NAC
🛡️
WPA3
Latest Wi-Fi security protocol with enhanced encryption
SAE PMF 192-bit
📧
DKIM/SPF
Email authentication to prevent spoofing and phishing
DNS TXT DMARC Anti-spam
🔐
SSH
Secure Shell for encrypted remote access
Port 22 Key-based SFTP

⚔️ Cyber Attack Lifecycle

Understanding the phases of an attack helps in implementing appropriate defenses:

1. Reconnaissance
Gathering information about the target through OSINT, scanning, and social engineering
2. Weaponization
Creating malicious payloads, exploits, or phishing campaigns
3. Delivery
Transmitting the weapon to the target via email, web, USB, etc.
4. Exploitation
Triggering the vulnerability to execute code on the victim's system
5. Installation
Installing malware or backdoors for persistent access
6. Command & Control
Establishing communication channels with compromised systems
7. Actions on Objectives
Data exfiltration, ransomware deployment, or system destruction

✅ Network Security Checklist

Essential Security Measures
Implement firewall with default-deny policy
Deploy IDS/IPS for threat detection and prevention
Enable logging and centralized log management (SIEM)
Implement network segmentation with VLANs
Use strong authentication (MFA, 802.1X)
Encrypt sensitive data in transit (VPN, TLS)
Regular security updates and patch management
Disable unnecessary services and ports
Implement DDoS protection measures
Regular security audits and penetration testing
Incident response plan and disaster recovery
Employee security awareness training