MODULE 01 network security fundamentals

elements of network security

1. network security controls
2.network security protocols
3.network security devices

network security controls:-

giving access to a authorized user or the thing stands in between user and device to give authorization based on ide

network security protocols

network security protocols implements security related operations to ensure the security and integrity of data in tr

network security devices

security devices like firewall , ids's(intrusion detection system), ipss(intrusion prevention system)
network security davices that are deployed to protect computer networks from unwantedd traffic and threads.

GOAL OF NETWORK DEFENSE incolves predicting , protecting , monitoring , analyzing , detecting , and responding.

defend a organization and their information

information assurance(IA) principles

1.Confidentiality
2.availability
3.integrity

Confidentiality:-
information is not disclosed to un-authorized parties or other than authorized user no one can access it(eg. Man in

integrity:-
information trnasfered through from sender to receiver cannot be modified or changed by third party.(eg.man in th

availability:-
the information is available to only authorized user without disturbance

non-repudiation:- receive request by server cant be denied by sender. authentication:-

types of network defence approaches

1.preventive :-
techniques that use to avoid threads or attacks. It consist of access control mechanism as a firewall, admission cont
2.reactive :-
techniques that use to detect attacks or threads. It includes security monitoring methods such as IDS, SIMS, TRS, IPS

3.retrospective:-
it examine the cause of attacks or any other info which help organization to plan a route to recover the data.
it includes fault finfing mechanism such as protocol analyzers and traffic monitors. Security forensics techniques as
4.proactive:-
basically it is a future plan that helps an organization to prevent from attacks or threads in future

network security protocols

radius , tacacs+ , kerberos , pgp , s/mime , secure HTTP , HTTPS , tls , ssl , Ipsec

radius:- remote authentication dial in user services it works on OSI model by using UDP and TCP as transport protocol. Also
it works in 3 differents stages such as:-
access request toward the server (id and pass)
access accepted or rejected
access challenges(accounting request)

TACACS+
network security protocols devided into diff layers such as
*transport
*network
*application

Transport:-
it includes TLS and SSL protocols.

TLS:- TLS protocol provides security and dependability of data between two communicating parties.

SSL:- SSl proviides security to the communication between clients and servers

Network layer:-

IPsec:- this protocol authenticate the packets during the transmission of data.

Application layer:-

PGP(pretty good protocol):- it provides cryptographic privacy and authentication for network communication and enhanc

S/MIME:- known as Secure/Multi-purpose Internet mail extension. It provides security to mails.

secure HTTP:- it provides security to the data traversing through the www

HTTPS:- it widely used across the internet to secure network communication.

Kerberos:- it is a client-server model that is implemented for authenticating request in computer network

RADIUS:- it provides centralized authentication,authorization,and accounting(AAA) for remote access servers to communicat

TACACS+ :- it authentication,authorization,and accounting(AAA) fornetwork communication

MODULE 02

IDNETIFIACTION, AUTHENTICATION AND AUTHORIZATION

ACCESS control
it works as the user sends a request toward the server then the authentication works on access control function
and it authorize the request in authorization database which manage by administrator(who add or delete or
modify account details in database)then the given request is correct then the access is given either it declined.

Access control terminologies:-

it includes Subject, Object, Reference Monitor, Operation checks.

reference monitor:- it checks access control rules for specific task

access control princiles:-

it distributed into 3 different types such as

1.Separation of Duties(SoD)
2.need-to-know
3.princile of least privilege

1.Separation of Duties(SoD):-
bassically it’s a brekdown of a task which isure that the no one has the access to perfom all functions by
2.need-to-know:-
int this access is provided only to the information that is required for performing a specific task

3.princile of least privilege:-

it extends the need to know principle in providing access to system
it provide access to employee which is not less or not more

Access Control Models:- it’s a standard which provides a predifined framework for implementing the necessary lvl of a
MAC(mandatory access control)
DAC(discretionary access control)
RBAC(role-based access control)
RB-RBAC(rule-based access control)

DAC(discretionary access control):-

end user hass complete access to the information they own

MAC(mandatory access control):-

only administrator or system owner has rights to aaign privileges

RBAC(role-based access control):-

permission are assigned based onn user roles.

RB-RBAC(rule-based access control):-

permissions are asiigned to a user role dynamically based on set of rules defined by administr

Identity and access management(IAM):- it responsible for providing the rigght individual with right access at the right time.

User Identity Management(IDM):-

it insure that an individual holds a valid identity.

identity Repository:-
in the attributes related to the users identities are stored.

User Access Management (AM):Authorization:-

it involves controlling the access of information for an individual
eg.(A user can only read a file, but not write in it or delete it.)
it divided into different severals types such as

1.centralizwd authorization
2.decentralized authorization
3.implicit authorization
4.ecplicit authorization
1.centralizwd authorization:-

it done using a single centralized authorization unit

it only maintain single database for authorization to all the network resourses or applications
it’s an easy and inexpensive authorization approach

2.decentralized authorization:-

each network resource maintain its authorization unit and performs authorization locally
it maintain iits own database

3.implicit authorization:-

users can access the requested resources on behalf of others

access request goes through a primary resources to access the requested resources

4.ecplicit authorization:-

it requires separate authorizaton for each requested resources

it explicitly maintains authorization for each requested object

User Access Management(AM):Accounting:-

it help to keep track of users actions on the network

it helps in identifying authorized and un-authorized actions
this data can be used for trend analysis, data breach detection, forensics investigation, etc.

MODULE 03 ADMINISTRATIVE CONTROLS

REGULATORY FRAMEWORK it contains set of guidelines and best practices for security
use of regulatory framework according to field of uses

HIPPA(health insurance portability and accountability act

:- any field that deals with health related issues

SOA(sarbanes oxley act

:- public company boards , management and public accounting ferms

FISMA(federal infirmation security management act of 2002

:- a method use to protect information system

GLBA(gramm leach blilet act

:- companies that offer financial product and services

PCI-DSS( payment card industry data security standard

:- companies handling credit card information

PCI-DSS:- payment card industry data security standard

regulatory framework compliance:-

regulatory framework compliance is a set of guidelines and best practices established in orde

regulatory framework :-
under this frame work , an organization must document its pilicies, standards as well as procedures, prac

Polices:-
polices are high level statements dealing with the administrative network security of an organization.
eg. Policy includes email and encryption policies.

standards:-
it comprise specific low lvl mandatory controls related to the implementation of a specific
technology useful for enforcing and supporting policies.
it includes password policy such as password standard such as password complexity , password length etc or includ

procedures, practices and guidelines:-

procedures or standard operating procedures(SOP) comprise step-wise instructions useful for implemen
eg. Process for window installation and data encryption

need of compliance to it:-

to improve security
minimize losses
 maintain trust
increased control

regulatory framework ,laws and acts

PCI-DSS(payment card industry data security standard):-

it is a information security standard for organiation

PCI-DSS high lvl overview requirement

build and maintain a secure network

protect cardholder data
maintain a vulnerability
management program
implement strong access control measures
regularly monitor and test networks
maintain an information security policy

HIPPA(health insurance portability and accountability act

Electronic Transaction and Code Set Standards

Privacy Rule
Security Rule
National Identifier Requirements
Enforcement Rule

Key Elements of Security Policy

Clear Communication
Brief and Clear Information
Defined Scope and Applicability:
Enforceable by Law
Recognizes Areas of Responsibility
Sufficient Guidance

Contents of a Security Policy:-

There are four aspects in security policy implementation:-

High-level Security Requirements:

Security requirements include all
requirements for a system to implement security policies. These are further divided into
four types:
Discipline Security Requirements:
Safeguard Security Requirements:
Procedural Security Requirements:
Assurance Security Requirements:

Discipline Security Requirements:

Actions to be taken for various components that
need to be secured such as computer security, operations security, network security,
personnel security, and physical security

Safeguard Security Requirements:

Protective measures required such as protective
measures for access control, malware protection, audit, availability, confidentiality,
integrity, cryptography, identification, and authentication

Procedural Security Requirements:

Access policies, accountability, continuity of
operations, and documentation

Assurance Security Requirements: Policies used with the compliance of various

standards, certifications, and accreditations

Policy Description Based on Requirement:

Policy description mainly focuses on the
security disciplines, safeguards, procedures, continuity of operations, and
documentation. Each subset of this policy describes how the system’s architecture
elements will enforce security.

Security Concept of Operation:

This concept defines the roles, responsibilities, and
functions of a security policy. It focuses on the mission, communications, encryption,
user and maintenance rules, idle time management, privately owned versus public
domain, shareware software rules, and virus protection policy.

Allocation of Security Enforcement to Architecture Elements:

This policy allocates computer system architecture to each system in the program.

Information Security Policies

Enterprise Information Security Policy (EISP)

EISP drives an organization’s scope and provides direction to their security policies. These
policies support organizations by offering ideology, purpose, and methods to create a secure
environment for enterprises.

Issue Specific Security Policy (ISSP)

ISSP directs the audience on the usage of technology-based systems with the help of guidelin
These policies address specific security issues in an organization.
System Specific Security Policy (SSSP)
SSSP directs users while configuring or maintaining a system. The implementation of these
policies focuses on the overall security of a particular system in an organization.

Internet Access Policies:-

Promiscuous Policy
Permissive Policy
Paranoid Policy
Prudent Policy

Promiscuous Policy:- No restrictions on Internet/remote

access
Nothing is blocked

Permissive Policy:- Known dangerous services/

attacks blocked
Policy begins with no restrictions
Known holes plugged; known
dangers stopped

Paranoid Policy:- Everything is forbidden

No Internet connection, or severely
limited Internet usage
Users find ways around overly
severe restrictions

Prudent Policy:- Provides maximum security while

allowing known, but necessary,
dangers
All services are blocked
Safe/necessary services are
enabled individually

MODULE 04 Physical Controls

OSI MODEL(Open Systems Interconnection)

this model divided into 7 different layers such as

physical layer
data link layer
network layer
transport layer
session layer
 presentation layer
application layer

1. Physical Layer transmit raw bit stream over the physical medium
The physical layer is responsible for the physical cable or wireless connection between
network nodes. It defines the connector, the electrical cable or wireless technology connecting the
devices, and is responsible for transmission of the raw data, which is simply a series of 0s and 1s, while t

2. Data Link Layer

defines the format of data on the network

3. Network Layer
decides which physical path the data will take

4. Transport Layer
transmit data using transmission protocols including TCP and UDP

5. Session Layer
maintain connection and is responsible for controlling ports and sessions

6. Presentation Layer
ensure the data is in usable format and is where data encryption occurs

7. Application Layer
human-computer interaction layer, where application can access the network services.

types of physical security controls

preventive controls:- security types like door locks and security guard

detective controls:- includes security controls like motion detector, alarm system and sensors, etc

deterrent controls:- different types of warning signs

reovery controls:- used to recover security violation and restore information and system

compensating controls:-
used as an alternative control when the intended controls failed
eg. Hot sites, backup power system.

module 05 TECHNICAL CONTROLS VIMP TOPIC

different types of network segmentation

networl segmentation:-
is a splitting up the network into smaller network segments

benefits of network segmentation

improved security
better access control
improved monitoring
improved performance
better containment

types of network segmentation:-

physical segmentation
logical segmentation
network virtualization

firewall:- firewall only protects from network threads which came from outside
firewall allows or denied 4 thinngs
1.protocols
2.ports
3.programs
4. ip addresses
thid all goes under the BASTION HOST

Bastion Host:-
it is a computer system designed and configured to protect network resources
from attacks.
it is only host that can addresed directly from public network
it provide limited range of services such as website hosting and mail to ensure
security
need for baston host:-
minimize chances of penetration by intruders
create all logs which used to identify attacks or attempts to attack
it provide an additional lvl of security

DMZ(demilitarized zone):-

IDS/IPS:- it is a additional layer of security under the defense-in-depth

principle
IDS does several things that basic firewall cannot do
it helps to minimize chances of missing security threats that could came from firewall
ive authorization based on identity management is called network security controls

urity and integrity of data in transit. The network security protocols ensure the security of the data passinng through the network.

on system)
ntedd traffic and threads.

ng , and responding.

o one can access it(eg. Man in the middle)

ed by third party.(eg.man in the middle)

is a authorizing user

m as a firewall, admission control mechanism as NAC and NAP, cryptographic application such as IPSec and SSL, biometric techniques as sp
ods such as IDS, SIMS, TRS, IPS.

ute to recover the data.

curity forensics techniques as CSIRT ans CERT.post-mortem analysis machanism including risk and legal management.

ds in future

CP as transport protocol. Also it uses password authentication protocol(PAP), the challenge handshake authentication(CHAP), or extensibl
k communication and enhances the security of emails
access servers to communicates with central servers.

on access control function

r(who add or delete or
s given either it declined.

ess to perfom all functions by individually.

menting the necessary lvl of access control

t of rules defined by administrator.

right access at the right time.

n individual
 practices established in order for organization to follow and thus meet their regulatory needs, enhance processes, improve protection an

rds as well as procedures, practices, and guidelines.each of them have different purposes thus they cannot be combined in ine document.

an organization.

password length etc or includes data encryption standard(DES), advanced encryption standard(AES), and rivest-shamir-adleman algorithm

tructions useful for implementing the controls that are defined by multiple policies, standards, and guidelines
e are further divided into
ity, network security,

ility, confidentiality,

ty of operations, and
how the system’s architecture

nications, encryption,
wned versus public

em in the program.

eir security policies. These

d methods to create a secure

tems with the help of guidelines.

e implementation of these
an organization.
connection between
chnology connecting the
y a series of 0s and 1s, while taking care of bit rate control.

ork services.
through the network.

SL, biometric techniques as speech and facial recognition.

entication(CHAP), or extensible authentication(EAP)
cesses, improve protection and accomplish any other objective.

be combined in ine document.

est-shamir-adleman algorithm