Introduction
Network security protects devices, data, users, and services. Even basic networks need security because attackers may attempt to steal information, disrupt services, or gain unauthorized access.
Security Threats and Vulnerabilities
A threat is a potential danger. A vulnerability is a weakness that can be exploited. A mitigation is a control used to reduce risk.
Attackers may exploit weak passwords, outdated software, misconfigured devices, unprotected remote access, insecure wireless settings, or careless user behavior.
Types of Network Attacks
Common attack categories include:
| Attack Type | Description |
|---|---|
| Malware | Harmful software such as viruses, worms, ransomware, or Trojans. |
| Reconnaissance | Gathering information before an attack. |
| Access attack | Attempting to gain unauthorized entry. |
| Denial-of-service | Attempting to make a service unavailable. |
| Spoofing | Pretending to be another device or user. |
| Man-in-the-middle | Intercepting or altering communication between parties. |
Access Attacks
Access attacks target accounts, passwords, devices, or services. Examples include password guessing, brute-force attempts, credential theft, privilege escalation, and exploiting unsecured management services.
Strong authentication, account lockout policies, least privilege, and secure management protocols help reduce access attack risk.
Network Attack Mitigations
Effective security uses multiple layers.
Common mitigations include:
- Keep software and firmware updated.
- Use strong unique passwords.
- Disable unused services and ports.
- Use SSH instead of Telnet.
- Apply least privilege.
- Use firewalls and access control lists.
- Segment networks.
- Monitor logs and alerts.
- Back up important data.
- Train users to recognize social engineering.
Authentication, Authorization, and Accounting
AAA is a security framework.
| Component | Question Answered |
|---|---|
| Authentication | Who are you? |
| Authorization | What are you allowed to do? |
| Accounting | What did you do? |
AAA helps organizations control and record access to network devices and services.
Firewalls
A firewall filters traffic based on rules. It may allow, deny, inspect, or log traffic. Firewalls can protect the boundary between networks and can also segment internal networks.
Firewall rules may use source address, destination address, protocol, port, application, or connection state.
Endpoint Security
Endpoint devices such as laptops and phones are common targets. Endpoint security may include antivirus tools, host firewalls, operating system updates, disk encryption, device locking, and safe browsing practices.
Device Security
Routers and switches should be hardened. Basic device hardening includes:
- Use strong passwords.
- Encrypt stored passwords where possible.
- Use SSH for remote management.
- Disable unused ports.
- Set login banners.
- Limit management access.
- Save configurations securely.
- Keep firmware updated.