Loading W Code...
Protecting networks from threats and attacks
Network security involves protecting the integrity, confidentiality, and availability of computer networks and data. Essential for Cisco, Zscaler, and security-focused interviews.
Data accessible only to authorized users
Data is accurate and unaltered
Systems accessible when needed
Firewall is a network security device that monitors and filters incoming/outgoing traffic based on security rules. Firewall Types: - Packet Filter: Inspects packets based on IP, port, protocol (Layer 3-4) - Stateful Inspection: Tracks connection state - Application Layer: Deep packet inspection (Layer 7) - Next-Gen (NGFW): IDS/IPS, application awareness, threat intelligence Deployment: - Network-based (hardware/software) - Host-based (personal firewall) - Cloud-based (WAF, firewall-as-a-service)
// Firewall Rule Example (iptables)
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH from specific IP
iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT
# Allow HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Deny all other incoming
iptables -A INPUT -j DROP
// Firewall Rule Table
┌────┬────────┬──────────┬───────────┬───────┬────────┐
│ # │ Action │ Source │ Dest │ Port │ Proto │
├────┼────────┼──────────┼───────────┼───────┼────────┤
│ 1 │ ALLOW │ ANY │ DMZ │ 80,443│ TCP │
│ 2 │ ALLOW │ LAN │ ANY │ ANY │ ANY │
│ 3 │ DENY │ ANY │ ANY │ 23 │ TCP │
│ 4 │ DENY │ ANY │ ANY │ ANY │ ANY │
└────┴────────┴──────────┴───────────┴───────┴────────┘VPN creates an encrypted tunnel over public networks for secure communication. VPN Types: - Site-to-Site: Connects two networks (office to office) - Remote Access: Individual user to network - SSL VPN: Browser-based, uses HTTPS - IPSec VPN: Network layer encryption VPN Protocols: - OpenVPN: Open source, SSL/TLS - WireGuard: Modern, fast, lightweight - IPSec: Suite of protocols (ESP, AH, IKE) - L2TP/IPSec: Layer 2 + encryption
// VPN Tunnel Visualization
┌──────────────┐ ┌──────────────┐
│ Remote User │ │ Corporate │
│ 192.168.1.10 │ │ Network │
└──────┬───────┘ │ 10.0.0.0/24 │
│ └──────┬───────┘
│ Encrypted Tunnel │
└──────────[INTERNET]─────────────────┘
┌─────────────────────────┐
│ ESP Header + Encrypted │
│ Original IP Packet │
└─────────────────────────┘
// IPSec Components
┌────────────┬─────────────────────────────────────┐
│ Component │ Function │
├────────────┼─────────────────────────────────────┤
│ ESP │ Encryption + Authentication │
│ AH │ Authentication only │
│ IKE │ Key exchange (Phase 1 & 2) │
│ SA │ Security Association (params) │
└────────────┴─────────────────────────────────────┘
// WireGuard Config Example
[Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2/24
[Peer]
PublicKey = <server_public_key>
Endpoint = vpn.example.com:51820
AllowedIPs = 0.0.0.0/0Encryption transforms data into unreadable format to protect confidentiality. Encryption Types: - Symmetric: Same key for encrypt/decrypt (AES, DES, 3DES) - Asymmetric: Public/private key pair (RSA, ECC) - Hashing: One-way function (SHA-256, MD5) Use Cases: - TLS/SSL: HTTPS, secure web traffic - PGP/GPG: Email encryption - SSH: Secure remote access - Disk Encryption: BitLocker, FileVault
// Symmetric vs Asymmetric Encryption
Symmetric (AES):
┌───────┐ Same Key ┌───────┐
│ Plain │ ────────────> │Cipher │
│ Text │ <──────────── │ Text │
└───────┘ └───────┘
Asymmetric (RSA):
┌───────┐ Public Key ┌───────┐ Private Key ┌───────┐
│ Plain │ ───────────> │Cipher │ ───────────> │ Plain │
│ Text │ │ Text │ │ Text │
└───────┘ └───────┘ └───────┘
// Common Algorithms
┌────────────────┬─────────┬─────────────────────┐
│ Algorithm │ Type │ Use │
├────────────────┼─────────┼─────────────────────┤
│ AES-256 │ Symm │ Data encryption │
│ RSA-2048 │ Asymm │ Key exchange, sigs │
│ SHA-256 │ Hash │ Integrity check │
│ ECDSA │ Asymm │ Digital signatures │
│ Diffie-Hellman │ Key Ex │ Secure key exchange │
└────────────────┴─────────┴─────────────────────┘
// TLS Handshake (simplified)
1. Client Hello: Supported ciphers
2. Server Hello: Selected cipher + Certificate
3. Key Exchange: Generate session key
4. Encrypted communication beginsCommon network attacks that security professionals must understand and defend against. Attack Categories: - DoS/DDoS: Overwhelm with traffic - Man-in-the-Middle: Intercept communication - Spoofing: Impersonate another device - Sniffing: Capture network traffic - Injection: SQL, XSS, command injection Attack Prevention: - Firewalls and IDS/IPS - Encryption (TLS, VPN) - Authentication and authorization - Regular security updates
// Common Network Attacks
┌─────────────────┬────────────────────────────────────┐
│ Attack │ Description │
├─────────────────┼────────────────────────────────────┤
│ DDoS │ Flood target with traffic │
│ Man-in-Middle │ Intercept & modify traffic │
│ ARP Spoofing │ Fake ARP responses │
│ DNS Spoofing │ Return fake DNS responses │
│ IP Spoofing │ Fake source IP address │
│ SYN Flood │ Exhaust TCP connections │
│ Ping of Death │ Oversized ICMP packets │
│ Smurf Attack │ ICMP broadcast amplification │
└─────────────────┴────────────────────────────────────┘
// ARP Spoofing Attack
Attacker sends: "192.168.1.1 is at [Attacker MAC]"
Result: Traffic meant for gateway goes to attacker
// SYN Flood Attack
Attacker ──[SYN]───> Server (many requests)
Server ──[SYN-ACK]> ??? (resources allocated)
Server waits... (connection table fills up)
Legitimate users cannot connect
// Defense Mechanisms
- IDS/IPS: Detect and block attacks
- Rate Limiting: Prevent floods
- DNSSEC: Prevent DNS spoofing
- 802.1X: Port-based authentication
- VPN: Encrypt trafficIDS (Intrusion Detection System) monitors network traffic for suspicious activity. IPS (Intrusion Prevention System) actively blocks detected threats. Detection Methods: - Signature-based: Match known attack patterns - Anomaly-based: Detect deviation from normal - Policy-based: Enforce security policies Deployment: - NIDS/NIPS: Network-based - HIDS/HIPS: Host-based
// IDS vs IPS
┌─────────────────┬─────────────────┬─────────────────┐
│ Feature │ IDS │ IPS │
├─────────────────┼─────────────────┼─────────────────┤
│ Action │ Detect & Alert │ Detect & Block │
│ Mode │ Passive │ Inline │
│ Response │ Admin notified │ Automatic │
│ Impact on flow │ None │ Can drop packets│
└─────────────────┴─────────────────┴─────────────────┘
// Snort IDS Rule Example
alert tcp any any -> 192.168.1.0/24 80 (
content:"GET /admin";
msg:"Potential admin access attempt";
sid:1000001;
)
// IDS/IPS Placement
┌─────────┐
Internet ────────>│ Firewall│
└────┬────┘
│
┌────┴────┐
│ IPS │ (inline - blocks)
└────┬────┘
│
┌────┴────┐
│ IDS │ (span port - monitors)
└────┬────┘
│
Internal NetworkAuthentication protocols verify user identity before granting access. Common Protocols: - RADIUS: Remote Authentication Dial-In User Service - TACACS+: Terminal Access Controller Access-Control - Kerberos: Ticket-based authentication (AD) - 802.1X: Port-based network access control - LDAP: Directory-based authentication Multi-Factor Authentication (MFA): - Something you know (password) - Something you have (token, phone) - Something you are (biometrics)
// RADIUS vs TACACS+
┌─────────────────┬─────────────────┬─────────────────┐
│ Feature │ RADIUS │ TACACS+ │
├─────────────────┼─────────────────┼─────────────────┤
│ Transport │ UDP (1812,1813) │ TCP (49) │
│ Encryption │ Password only │ Entire packet │
│ AAA Separation │ Combined │ Separate │
│ Primary Use │ Network access │ Device admin │
│ Standard │ Open (RFC) │ Cisco proprietary│
└─────────────────┴─────────────────┴─────────────────┘
// Kerberos Authentication Flow
1. User → AS: "I want to login" (TGT Request)
2. AS → User: TGT (Ticket Granting Ticket)
3. User → TGS: TGT + "I want Service X"
4. TGS → User: Service Ticket
5. User → Service: Service Ticket
6. Service → User: Access Granted
// 802.1X Components
┌──────────────┐ ┌───────────────┐ ┌────────────┐
│ Supplicant │────>│ Authenticator │────>│ RADIUS │
│ (Client) │ EAP │ (Switch/AP) │ │ Server │
└──────────────┘ └───────────────┘ └────────────┘Know CIA Triad: Confidentiality, Integrity, Availability
Understand firewall types: Packet filter, Stateful, Application, NGFW
Explain VPN types and protocols (IPSec, SSL VPN, WireGuard)
Know common network attacks and defenses (DDoS, MITM, Spoofing)
Compare IDS vs IPS and their deployment modes
Understand symmetric vs asymmetric encryption and TLS handshake