Back to Cybersecurity

Module 2: Network Security

Master network protection, firewalls, VPNs, and monitoring techniques.

Network Security Basics

Network security is like protecting a castle - you need walls (firewalls), guards (monitoring), and secure gates (VPNs). It protects data as it travels between systems.

🌐 Network Security Layers:

  • Physical: Secure cables, servers, network devices
  • Data Link: MAC filtering, port security
  • Network: Firewalls, routers, IP filtering
  • Transport: TLS/SSL encryption
  • Application: WAF, API gateways

TCP/IP Protocol Security

Common Network Attacks

IP Spoofing

Faking source IP address to bypass filters or hide identity.

ARP Poisoning

Intercepting network traffic by corrupting ARP tables.

DNS Spoofing

Redirecting users to malicious websites.

Man-in-the-Middle

Intercepting communication between two parties.

Firewalls

Firewalls are like security checkpoints - they control what traffic can enter or leave your network.

Firewall Rules Example:

# Allow HTTP/HTTPS

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow SSH from specific IP

iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -j ACCEPT

# Block all other incoming

iptables -P INPUT DROP

Packet Filtering

Basic filtering based on IP, port, protocol.

Stateful Inspection

Tracks connection state for better security.

Next-Gen (NGFW)

Deep packet inspection, IPS, application awareness.

VPNs & Secure Tunneling

VPNs create encrypted tunnels for secure communication over untrusted networks.

VPN Types

  • Site-to-Site: Connect entire networks (office to office)
  • Remote Access: Individual users connect to network
  • SSL/TLS VPN: Browser-based, no client needed
  • IPsec VPN: Network layer, highly secure

IDS/IPS Systems

Intrusion Detection/Prevention Systems monitor network traffic for suspicious activity.

IDS (Detection)

  • • Monitors and alerts
  • • Passive monitoring
  • • Logs suspicious activity
  • • Examples: Snort, Suricata

IPS (Prevention)

  • • Blocks threats automatically
  • • Inline with traffic
  • • Can drop malicious packets
  • • More aggressive than IDS

Network Monitoring with Wireshark

Wireshark captures and analyzes network packets - essential for troubleshooting and security analysis.

Common Wireshark Filters:

# Filter by IP

ip.addr => 192.168.1.1

# Filter HTTP traffic

http

# Filter by port

tcp.port => 443

# Find failed logins

http.response.code => 401

DDoS Protection

Distributed Denial of Service attacks overwhelm systems with traffic. Protection requires multiple layers.

Rate Limiting

Limit requests per IP/user to prevent abuse.

CDN & Caching

Distribute load across multiple servers globally.

Traffic Filtering

Block malicious traffic patterns and known bad IPs.

Auto-Scaling

Automatically add resources during attacks.

Wireless Security

❌ Weak:

  • • WEP (broken, don't use)
  • • WPA (deprecated)
  • • Open networks
  • • Default passwords

✅ Strong:

  • • WPA3 (latest standard)
  • • 802.1X authentication
  • • Strong passwords
  • • Hidden SSID (optional)

Zero Trust Architecture

"Never trust, always verify" - assume breach and verify every request.

Zero Trust Principles:

  • ✓ Verify explicitly (authenticate and authorize)
  • ✓ Least privilege access
  • ✓ Assume breach (segment network)
  • ✓ Continuous monitoring
  • ✓ Micro-segmentation

📚 Module Summary

You've mastered network security:

  • ✓ TCP/IP security and common attacks
  • ✓ Firewalls and filtering
  • ✓ VPNs and secure tunneling
  • ✓ IDS/IPS systems
  • ✓ Network monitoring with Wireshark
  • ✓ DDoS protection strategies
  • ✓ Wireless security and Zero Trust

Next: Learn cryptography and encryption!