CIA Triad: Confidentiality, Integrity, Availability:
The CIA Triad is the foundational model of network security. Confidentiality ensures data is accessed only by authorized users, protecting privacy. Integrity guarantees that data remains accurate and unaltered during transmission or storage. Availability ensures network resources and data are accessible when needed. For example, a bank uses encryption for confidentiality, checksums for integrity, and redundant systems for availability.
Authentication Methods:
Authentication verifies user identity before granting access to resources. Common methods include passwords, biometrics, two-factor authentication (2FA), and tokens. For example, 2FA adds a code sent to your phone after entering your password, enhancing security by requiring two credentials.
Authorization and Accounting (AAA):
AAA stands for Authentication, Authorization, and Accounting. After authentication, authorization determines what resources a user can access, while accounting tracks user activity for auditing. For example, a network admin might allow some users to read files but restrict editing, while logging all access for compliance.
Security Policies and Procedures:
Security policies define the rules and guidelines to protect network resources, including acceptable use, password management, and incident handling. Procedures detail steps to enforce policies. For example, a company policy may require employees to change passwords every 90 days and report suspicious activity.
Firewalls and Packet Filtering:
Firewalls control network traffic based on security rules, filtering packets by IP addresses, ports, and protocols. They act as a barrier between trusted and untrusted networks. For example, a firewall blocks unauthorized access attempts to a corporate network.
Intrusion Detection and Prevention Systems (IDS/IPS):
IDS monitors network traffic for suspicious activity and alerts administrators, while IPS can actively block threats. These systems detect malware, unauthorized access, and attacks. For example, an IDS might alert if it detects port scanning, while IPS could block the attacker’s IP.
VPN Technologies:
VPNs create encrypted tunnels over public networks, allowing secure remote access to private networks. Types include SSL VPNs for web-based access and IPsec VPNs for site-to-site connections. For example, remote workers use VPNs to securely access company resources.
Network Access Control (NAC):
NAC enforces security policies by controlling device access based on compliance with rules like antivirus status or patches. Non-compliant devices may be quarantined or denied access. For example, NAC can prevent an infected laptop from joining the corporate network.
Endpoint Security:
Endpoint security protects devices like laptops and smartphones from threats through antivirus, firewalls, and encryption. It also includes device management and monitoring. For example, companies deploy endpoint security software to detect and remove malware on employee devices.
Wireless Security Best Practices:
Wireless security involves using strong encryption (WPA3), hiding SSIDs, using secure authentication methods, and regularly updating firmware. Avoid outdated protocols like WEP. For example, enterprise Wi-Fi networks often use WPA2-Enterprise with certificates for authentication.
Social Engineering Attacks:
Social engineering manipulates people into revealing confidential information or granting access. Common tactics include phishing emails, pretexting, and baiting. For example, a phishing email pretending to be IT support may trick users into sharing passwords.
Malware Types and Protection:
Malware includes viruses, worms, ransomware, spyware, and trojans designed to damage or infiltrate systems. Protection involves antivirus software, regular updates, and user education. For example, ransomware encrypts files and demands payment; backups are crucial for recovery.
Security Monitoring and Logging:
Monitoring involves continuous review of network activity to detect anomalies. Logging records system events for analysis and forensic investigations. For example, logs can help trace unauthorized access attempts and support incident response.
Physical Security Measures:
Physical security protects hardware and network infrastructure from theft, damage, or unauthorized access. Measures include locks, surveillance cameras, and access cards. For example, data centers use biometric scanners to restrict entry.
Incident Response and Disaster Recovery:
Incident response is the process to identify, contain, and mitigate security breaches. Disaster recovery plans restore systems and data after catastrophic events. For example, a company might have procedures to quickly isolate infected devices and restore from backups after an attack.