Network Security Concepts
Network Security is essentially the intersection between computer networking and cybersecurity. This field is one of the eight main CISSP domains and is something that I want to pursue. Some of the network security concepts include the CIA Triad, Defense in Depth, Firewalls, Encryption, Decryption, Network Segmentation, VPNs, and IDS/IPS devices.
CIA Triad
The CIA Triad is Confidentiality, Integrity, and Availability. This along with Authentication, Authorization and Non-repudiation are the main components of the CIA Triad. Confidentiality uses encryption to keep data protected. Integrity makes sure that the data is unaltered and accurate when data is in use. Availability is making data available for the people that are authorized to use the data.
Defense in Depth
Defense in Depth is the concept that everything should be protected and used as another layer of security so that an unauthorized user doesn’t have access to other systems which are protected by other security measures. These can be physical, administrative or technical controls that are used to prevent access to essential data or systems.
Network Security Devices
Firewalls, Intrusion Detection Systems, and Intrusion Prevention Systems are network security devices that can help protect a network. Firewalls are essentially perimeter security devices that can inspect, filter or control data in any direction from getting into or out of a network.
Intrusion Detection Systems are a network security device that is not inline and detects then alerts attempts to breach the network. Intrusion Prevention Systems are inline and can detect, alert, and prevent attacks from happening using automated responses. Firewalls, IDSs, and IPSs are able to be used together and will allow for a more secure network perimeter.
Other Concepts
VPNs can allow for encryption and decryption of data from different sites or remotely into an HQ and with Network Segmentation can be combined to form some of the Defense in Depth controls. Network Segmentation is mainly used for VLAN security in a LAN environment and there are also VXLANs that can separate client networks in a cloud environment.
Conclusion
These Network Security Concepts are sometimes used to justify network security measures. With Defense in Depth controls, there are some additional protections that network security has which is at the core of enterprise security measures. Network Segmentation is something that can happen in a Data Center with VXLANs providing virtual segmentation over an underlay network which are the physical switches and routers.
Network Security is the main field that I am wanting to go into, and I already have the Cisco CCST Cybersecurity and the SC-900 from Microsoft. These two complement each other nicely and I will be pursuing the ISC2 Certified in Cybersecurity as those three certifications will replace the need for me to get a CompTIA Security+ certification.
VLANs and VTP
Virtual Local Area Network or VLANs are a way to segment traffic in a network. These VLANs are built on the concept of trunking which on a Cisco switch allow traffic from multiple VLANs to access that link. The trunk is essentially for two or more VLANs that can go across it. VTP is Virtual Trunking Protocol and is a Cisco proprietary protocol that can help manage the VLANs on multiple networking devices. Understanding VLANs and VTP is something that would help you study for and pass the CCNA exam.
Trunking
Trunking is something on a Cisco switch that allows for tagging VLANs that are able to access the trunk link. If set up correctly with the 802.1q encapsulation you can manage the trunk links by tagging these trunks and keeping the untagged ports as access ports. There are some additional settings like allowed VLANs on a trunk link. A trunk link must have the 802.1q encapsulation on both sides of the link in order to operate as a trunk. There is a Cisco encapsulation that is an older way to configure trunks which is ISL or Inter-Switch Link.
VLANs and VLAN Pruning
VLANs have some settings that you can configure like allowing a Voice VLAN, an access VLAN and the native VLAN, that is the default option for VLANs. VLAN pruning is something that is more for disabling a certain VLAN on a switch so that the VLANs don’t require extra work on a switch that doesn’t need it. The VLAN pruning option is configured for the switches that don’t use all of the allowed VLANs on a trunk.
VTP Modes and Domains
VTP has three modes which are Transparent, Client, and Server. These modes replicate changes to the VLAN database with Client only receiving the updates, Server managing the updates and Transparent that doesn’t allow anything but local updates. There are some configuration items for VTP like configuring a VTP Domain, and a VTP Password. Additionally, the revision number is the thing that switches look at to see if they have the newest VTP changes.
Conclusion
VLAN and VTP configurations do matter on the network as this is how the VLAN database changes are configured on a LAN. There are additional configuration options that are available and note that you need to configure an access port with switchport mode access and switchport access VLAN 10 or whatever the VLAN is for it to work. In order to configure a trunk on a Cisco switch you will need to set the encapsulation on both sides and then configure the switchport mode trunk to get both sides to enable the trunk.
CIA Triad
The CIA Triad is a fundamental security model in cybersecurity and is composed of Confidentiality, Integrity, and Availability. Confidentiality is something that ensures that data is kept confidential by allowing only authorized users access to the data.
The main thing about Integrity is that data is kept to the same level of protection and that the data could only be changed by the person that changed it thus providing non-repudiation. Availability is the concept that data remains available for the authorized users provided that they are authenticated.
Confidentiality
Confidentiality is the thing that ensures data is kept private and only accessible for authorized users. This is ensured by encryption, access controls and with strong authentication measures. Confidentiality builds trust in the security measures and ensures legal compliance by protecting the organization’s reputation. Threats to confidentiality include phishing, social engineering and password attacks.
Integrity
This makes sure that data has not been altered by malicious users or compromised. Integrity of data is that it maintains its trustworthiness and accuracy. Hash validation is one way to maintain integrity and verify if data has been corrupted or altered. Integrity protects against intentional and accidental modifications of data ensuring that the information remains trustworthy. Threats to Integrity include modifying data, man in the middle attacks and unauthorized file modifications.
Availability
This is where data is available to users for business continuity. Also, where data and systems are available to authorized users when necessary. This includes items like data backups and server maintenance. Availability ensures that the business can continue to function in the event of an incident or a failure of a system. Threats to availability include ransomware, denial of service attacks, distributed denial of service attacks, hardware failures and natural disasters.
Substack Note on Impostor Syndrome
I have posted a note on Substack that is a short form blog post that is about imposter syndrome. It can be found at the following link:
https://substack.com/@dejongaaron/note/c-207972601
In this Substack note the main point that I was covering was that one of the pain points in studying for cybersecurity exams is imposter syndrome. This is further discussed in the Substack note. I will do a post next time; it was my first time doing Substack so bear with me.
Conclusion
The CIA Triad is useful as a security model for understanding fundamental cybersecurity principles, incident response and disaster recovery. It also serves as the basis for understanding security vulnerabilities and creating policies that protect data at rest, data in transit and data in use.
Introduction
In the Computer Networking industry there are some topologies for setting up the network in the LAN or Local Area Network. When you begin to develop a sense of computer networking you can group networks into network types and network topologies. Understanding the basics of computer networking will allow you to develop your skills in Cybersecurity.
There are also other network types like the LAN that are MAN (Metropolitan Area Network) or WAN (Wide Area Network). These are general network types that are non-vendor specific and can be instituted in other networks. Some of these other network types include the PAN or Personal Area Network and the CAN which is the Campus Area Network.
The network topologies include the bus, ring, star, mesh, full mesh, and hybrid topologies. The bus topology is something that has happened in the past and is less common where all of the computers are situated along one cable. This is a configuration that was common in the beginning of networking.
Ring Topology
The ring topology includes some older technology as well, which is Token Ring. Token Ring is a technology that was used by setting up computers in a ring-shaped topology where the computers are all located along the ring and use the token to communicate.
Star Topology
Going into the star topology, it is used today and is where the computers sit around a central switch which resembles a star shaped topology. The star topology could also be around a hub or a piece of technology that is centrally connecting computers together. The star topology is useful in a LAN environment where there are buildings or floors that need to be connected to each other from a central location.
Mesh and Full Mesh Topologies
There are some other topologies that are connected in either a mesh or full mesh shaped topology where the central devices are connected to each other resembling more of a modern network topology with the full mesh being something where the central devices are fully connected to all other switches.
Conclusion
There is also a hybrid topology which is a combination of network topologies. This is usually the most common type of topology. The network topologies can include the physical topology which is the physical equipment and a logical topology where the flow of data goes across the different network types.
Within computer networks there are some basic knowledge items that will help you in your journey in IT and in both computer networking and cybersecurity specifically. Helping you understand these topics will help you in the path that you are wanting to do for your IT career.