Complete Network Security Guide

7 Types of Cyber Security Threats

1. Malware: Malicious software that can damage or gain unauthorized access to systems.
Examples include viruses, worms, trojans, ransomware, and spyware.
2. Emotet: A sophisticated banking trojan that primarily spreads through spam emails. It
can steal data, deploy other malware, and create backdoors for attackers.
3. Denial of Service (DoS): An attack that floods systems with traffic to make resources
unavailable to legitimate users. DDoS (Distributed Denial of Service) uses multiple
compromised systems for the attack.
4. Man in the Middle: An attack where hackers intercept communication between two
parties, eavesdropping or altering the data being exchanged without either party knowing.
5. Phishing: Fraudulent attempts to obtain sensitive information by disguising as a
trustworthy entity, typically through emails or fake websites.
6. SQL Injection: Attackers insert malicious code into vulnerable websites to access
databases and steal information.
7. Social Engineering: Psychological manipulation to trick people into revealing
confidential information or performing actions that compromise security.

Cyber Threat Actors and Their Motivations

· Nation States: Geopolitical advantage, espionage, sabotage
· Cybercriminals: Financial profit through theft, fraud, ransomware
· Hacktivists: Ideological or political causes, exposing perceived injustice
· Terrorist Groups: Ideological violence, disruption, fear
· Thrill Seekers: Personal satisfaction, recognition, challenge
· Insider Threats: Discontent/dissatisfaction from the workplace, revenge, financial gain

Types of Security Frameworks

· Control Frameworks (Basic/Baseline): Provide fundamental security controls and best
practices
· Program Frameworks: Outline how to establish and manage security programs
· Risk Frameworks: Methods for identifying, assessing, and mitigating security risks

Top Cybersecurity Frameworks

The NIST Cybersecurity Framework
1. Identify: Understand systems, assets, data, and risks
 2. Protect: Implement safeguards to ensure critical services
3. Detect: Implement activities to identify security events
4. Respond: Take action regarding detected security incidents
5. Recover: Restore capabilities impaired by security incidents

The Center for Internet Security Critical Security Controls (CIS)

· Used in small to large companies
· Originally developed for protecting hydropower and large U.S. infrastructures
· Incorporates standards from NIST and HIPAA
· Provides specific, actionable controls prioritized by effectiveness

The International Standards Organization (ISO) Frameworks (ISO/IEC

27001 and 27002)
· ISO 27000 series is comprehensive and demanding
· Recommends 114 different controls broken into 14 categories
· Provides an internationally recognized certification process
· Focuses on information security management systems (ISMS)

The Health Insurance Portability and Accountability Act (HIPAA)

· Framework for managing confidential patient and consumer data
· Emphasizes privacy protections and security measures
· Includes specific requirements for healthcare organizations
· Mandates protection, proper use, and disclosure of sensitive health information

Other Important Frameworks

· SOC2 (Service Organization Control): For service providers storing customer data in
the cloud
· NERC-CIP: For electric utilities and power grid security
· GDPR: European Union data protection and privacy regulations
· FISMA: Federal Information Security Management Act for U.S. government agencies
· HITRUST CSF: Healthcare-specific framework combining multiple standards
· PCI-DSS: Payment Card Industry Data Security Standard for handling credit card
information
· COBIT: Control Objectives for Information and Related Technologies for IT governance
· COSO: Committee of Sponsoring Organizations for enterprise risk management

Core Security Concepts

Encryption
The process of converting plain text into cipher/secret text to protect sensitive information.
AAA (Authentication, Authorization, and Accounting)
1. Authentication: Verifying credentials and identifying users

· Something you know: Passwords and usernames

· Something you have: OTP (One-Time Password), smart cards, tokens
· Something you are: Face ID and other biometrics

2. Authorization: Actions that a user is allowed to perform after authentication

· Determines what resources a user can access

· Based on roles, permissions, or attributes
· Controls what operations can be performed on resources

3. Accounting: Monitoring and recording user activities while accessing network resources

· Tracks who did what, when, and for how long

· Creates audit trails for security incidents
· Provides evidence for investigations and compliance

AAA Implementation Methods

· Local Database: Authentication credentials stored on the device itself
· ACS Server (Remote Server): Centralized authentication like RADIUS or TACACS+
· Combination of Both: For redundancy and flexibility

Privilege Escalation
· The process of exploiting bugs or design flaws to gain elevated access to resources
· Can be vertical (higher privileges) or horizontal (same privilege level but different user)
· Common attack vector after initial system compromise

Principles of Network Security

· Confidentiality: Only intended parties should be able to access information
· Integrity: Data remains unaltered and authentic during storage and transmission
· Availability: Systems and data are accessible when needed by authorized users
· Authentication: Verifying the identity of users or systems
· Authorization: Validating what actions users or systems can perform
· Non-Repudiation: Preventing parties from denying their actions

How Network Security Works

Network Security typically consists of:
 · Physical Network Security: Controlled access through biometrics authentication to gain
physical access to network devices
· Technical Network Security: Protects data stored in the network or in transit using tools
like firewalls, encryption, and intrusion detection
· Administrative Network Security: Designing security policies and implementing
administrative controls

Types of Network Security

· Network Access Control (NAC):
· Prevents unauthorized devices from joining the network
· Can grant full access but deny access to specific confidential files/folders
· Enforces security policies before allowing network connections
· Antivirus and Anti-malware Software:
· Constantly monitors system activity and detects unusual behaviors
· Scans files for known malware signatures
· Provides real-time protection against threats
· Firewall Protection:
· Acts as a barrier to prevent unauthorized access to networks
· Filters traffic based on predetermined security rules
· Can be hardware-based, software-based, or cloud-based
· Virtual Private Networks (VPN):
· Creates a secure, encrypted connection over a less secure network (like the internet)
· Enables safe remote access to organizational resources
· Hides user IP addresses and encrypts data in transit
· Intrusion Detection and Prevention Systems (IDS/IPS):
· Monitors network traffic for suspicious activity
· Alerts administrators about potential attacks (IDS)
· Automatically blocks detected threats (IPS)
· Data Loss Prevention (DLP):
· Prevents sensitive data from leaving the organization
· Monitors and controls endpoint activities, network traffic, and data storage
· Enforces policies for handling confidential information

Network Infrastructure
Switch, Router & Firewall: How are they connected?
Internet → Router → Firewall → Switch → Computers & Devices

· Router: Connects different networks and directs traffic between them

· Firewall: Inspects traffic and blocks unauthorized access
 · Switch: Connects devices within the same network and directs traffic between them

Network Security Protocols

MD5 (Message Digest Algorithm 5)
· Cryptographic protocol using a mathematical hashing algorithm
· Generates a digital signature (code) that can be matched with the original file
· Used for authenticating messages, content verification, and digital signatures
· Note: Now considered insecure for cryptographic purposes due to vulnerabilities

SSL/TLS (Secure Socket Layer/Transport Layer Security)

· Provides security through encryption for data transferred between web browsers and
servers
· SSL is largely replaced by the more secure TLS protocol
· Creates an encrypted channel for private communications

Secure Socket Layer Protocol Components:

1. SSL Record Protocol:
· Data is divided into fragments for processing
· Provides basic data encapsulation

1. Handshake Protocol:
· Establishes a session from initiation to completion
· Uses 4 phases to complete the secure connection setup

1. Change Cipher Spec Protocol:

· Consists of a single 1-byte message
· Indicates that subsequent communications will use the negotiated cipher suite

1. Alert Protocol:
· Each message contains 2 bytes and conveys SSL-related alerts
· Classified into two levels:
· Warning (Level 1): No impact on connection (bad certificate, certificate expired, etc.)
· Fatal Error (Level 2): Breaks the connection (handshake failure, illegal parameters, etc.)

SSL/TLS Protocol Stack

Handshake Protocol | Change Cipher Protocol | Alert Protocol | HTTP

------------------------------------------|------------------

SSL Record Protocol

------------------------------------------|------------------
 TCP

------------------------------------------|------------------

IP

Advantages of SSL/TLS
· Can be customized to specific application needs
· Provides authentication, confidentiality, and integrity
· Works transparently with existing applications

Virtual Private Network (VPN)

What a Good VPN Should Provide:
· Encryption of your IP address to maintain anonymity
· Encryption of protocols and data for secure transmission
· Kill switch that disconnects if the VPN connection drops
· Two-factor authentication for enhanced security

Types of VPNs:
· SSL VPN:
· Works through a web browser
· Cost-effective and secure
· Only the specific browser tab/URL is made private
· No need to install special software
· Site-to-Site VPN:
· Connects entire networks to each other
· Commonly used between corporate offices or branches
· Allows secure resource sharing across locations
· Usually implemented using dedicated VPN hardware
· Client-to-Server VPN:
· Individual users connect to a remote network
· Remote employees can securely access company resources
· Typically requires VPN client software on user devices
· Provides encrypted tunnel for all internet traffic

Cryptography
Cryptography is a technique used to secure information through codes so that only intended
recipients can understand it. It's used in securing credentials, financial transactions, and
communications.
Why Use Cipher Text?
· Transforms readable data into an unreadable format
· Protects sensitive information even if intercepted
· Can only be decoded with the appropriate key

Features of Cryptography:
· Confidentiality: Data is encrypted and secure
· Integrity: Data remains unaltered and original
· Non-repudiation: Parties cannot deny their actions (e.g., when a customer uses their
private key for a transaction, they can't later deny authorizing it)
· Authentication: Verifies identity of users or systems

Types of Cryptography:
1. Symmetric Key Cryptography:
· Uses a single key for both encryption and decryption
· Faster but requires secure key exchange
· Examples: AES, DES, 3DES

1. Asymmetric Key Cryptography (Public Key):

· Uses different keys for encryption and decryption
· Public key encrypts, private key decrypts
· Slower but more secure for key exchange
· Examples: RSA, DSA, ECC

1. Hash Functions:
· Creates fixed-length outputs from variable-length inputs
· One-way functions (cannot be reversed)
· Used for password storage, data integrity checks
· Examples: SHA-1, SHA-256, MD5

Applications of Cryptography:
· Computer Passwords: Storing passwords securely using hashing
· Digital Currencies: Securing blockchain transactions
· Secure Web Browsing: Encryption used in TLS and SSL
· Electronic Signatures: Verifying document authenticity
· Authentication: Comparing passwords with stored hash values
· Cryptocurrencies: Securing transactions and maintaining blockchain integrity
· End-to-End Encryption: Ensuring only sender and receiver can read messages

Advantages of Cryptography:
· Access Control: Only authorized persons with decryption keys can access resources
 · Secure Communication: Protects data in transit
· Protection Against Attacks: Defends against eavesdropping and tampering
· Compliance: Meets legal and regulatory requirements

Hashing
The process of scrambling data beyond recognition using a mathematical algorithm that produces
a fixed-size output regardless of input size.

· Creates a unique "fingerprint" of data

· Cannot be reversed to reveal the original input
· Even tiny changes to input create completely different hash values
· Used for password storage, file integrity checks, and digital signatures

Private Key Cryptography (Symmetric Encryption)

Uses a single key for both encryption and decryption.

· The Caesar Cipher is one of the oldest encryption techniques

· Both sender and receiver must have the same key
· Security concerns arise from key distribution and management
· If the private key is stolen, security is compromised

Public Key Cryptography (Asymmetric Encryption)

Uses different keys for encryption (public key) and decryption (private key).

· Public key can be freely shared, private key must be kept secret
· More secure than symmetric encryption for key exchange
· Computationally intensive, so not efficient for large file transfers
· Used for digital signatures, secure key exchange, and authentication
· Creates foundation for PKI (Public Key Infrastructure)

Specific Encryption Algorithms

Vigenère Cipher (IMPORTANT FOR EXAM)
A method of encrypting text using a series of interwoven Caesar ciphers based on a keyword.

Encryption process: C1 = (P1+K1 mod m) mod 26

Decryption Process: P1 = (C1-K1 mod m) mod 26

· More secure than simple substitution ciphers

· Weakness: Can be broken by determining keyword length and frequency analysis
Auto Key Cipher
Similar to Vigenère but uses the plaintext itself as part of the key after the initial keyword.

Comparison of Asymmetric vs. Symmetric Encryption

Asymmetric Encryption:

· Uses: Digital signatures, cryptocurrency transactions, encrypted browsing

· Weaknesses:
· Slower performance
· Requires larger key sizes
· Cipher text expansion (output larger than input)
· Strengths: More secure as private key is never shared

Symmetric Encryption:

· Strengths:
· Faster with lower CPU requirements
· Cipher text same size as plaintext
· Better performance metrics
· Optimized for bulk data encryption
· Easier implementation
· Weaknesses: Less secure as secret key must be shared

Types of Encryption Methods

Stream Ciphers
· Encrypts information one bit/byte at a time
· Faster encryption method
· Data converted to binary digits and encrypted sequentially
· Popular algorithms: RC4, Salsa20, ChaCha20

Block Ciphers
· Information broken down into chunks/blocks of fixed size
· Block size depends on key size
· Chunks encrypted and later chained together
· Popular algorithms: AES, DES, 3DES

AES (Advanced Encryption Standard)

Features of AES
1. Uses substitution and permutation operations
 2. Number of rounds depends on key length:

· 128-bit key = 10 rounds

· 192-bit key = 12 rounds
· 256-bit key = 14 rounds

AES Process Steps

· Mix Column: Multiply each column with a constant matrix (not done in last round)
· Key Generation: Complex process involving rotation, substitution, and XOR operations
· Rounds:
· Initial round: XOR with Round key 0
· Main rounds: Sub byte, Shift rows, Mix column, Add round key
· Final round: Sub byte, Shift row, Add last round key

Applications of AES
· Wireless security against hackers
· General file encryption
· Secure browsing sessions
· Processor security to prevent hijacking

Differences Between DES and AES

DES (Data Encryption Standard):

· Key length: 56 bits

· Block size: 64 bits
· Fixed number of rounds: 16
· Relatively slower
· Now considered insecure due to small key size

AES (Advanced Encryption Standard):

· Key length: 128, 192, or 256 bits

· Block size: 128 bits
· Number of rounds depends on key length
· Relatively faster
· Currently the global standard for secure encryption

DSA (Digital Signature Algorithm)

Advantages of DSA
· Highly robust standard
 · Requires less storage
· Faster key computation
· Patent-free

RSA (Rivest, Shamir, Adelman)

A widely used asymmetric encryption algorithm that enables secure data transmission.

Advantages of RSA
· No need to share secret keys beforehand
· Provides proof of owner authenticity
· Data cannot be modified in transit
· Faster encryption than DSA

SHA (Secure Hash Algorithm)

SHA Characteristics
· Can process messages up to 2^64 bits in length
· Creates fixed-length output (digest)
· Original message cannot be recreated from the digest
· Even tiny changes in input create completely different outputs

Applications of SHA
· Digital signature verification
· Password hashing
· SSL handshakes in web browsing
· Data integrity checks

SSL Handshake Diagram (IMPORTANT FOR EXAM)

The SSL/TLS handshake process establishes a secure connection through these steps:

1. Client sends "hello" with supported cipher suites and random number
2. Server responds with its certificate, selected cipher suite, and its own random number
3. Client verifies server certificate and generates a pre-master secret
4. Client encrypts the pre-master secret with server's public key and sends it
5. Both sides generate the master secret and session keys
6. Both confirm the connection is secured with the calculated keys
7. Encrypted data exchange begins
Network Security Implementation Process
First: Inventory Systems and Policies
· Document existing infrastructure
· Review current security policies
· Identify sensitive assets and data
· Establish baseline security posture

Second: Workshop Needs & Plans

· Interview key management stakeholders
· Run workshops with managers to identify requirements
· Document meetings and get management approval
· Align security plans with business objectives

Third: Audit to Identify Vulnerabilities

· Comprehensively assess security posture
· Identify and classify security gaps
· Prioritize risks and remediation efforts
· Increase integrity of physical assets and employee processes

Get Comprehensive Layered Security

Implement security in multiple layers, where each layer provides protection if the previous one
fails.

Focus Areas for Secure Network Design

· Physical Security: Protect hardware and infrastructure
· VLANs with Subnets and QoS: Segment network traffic
· Enhanced Firewalls: Multiple layers of traffic filtering
· DMZ (Demilitarized Zone): Buffer zone between public and private networks
· Hierarchical Design: Structured approach to network architecture
· Port Security: Control access at the switch port level
· Wireless Security: Protect wireless networks from unauthorized access