An overview of key network-related terminology, the CIA Triad,

secure and insecure ports and protocols, and common frameworks

used to describe attack flows:

Key Network-Related Terminology:

1. LAN (Local Area Network)

2. WAN (Wide Area Network)
3. Wi-Fi (Wireless Fidelity)
4. IP (Internet Protocol)
5. TCP/IP (Transmission Control Protocol/Internet Protocol)
6. DNS (Domain Name System)
7. DHCP (Dynamic Host Configuration Protocol)
8. Firewall
9. VPN (Virtual Private Network)
10. Encryption

Secure Ports and Protocols:

1. HTTPS (443)
2. SSH (22)
3. SFTP (22)
4. FTPS (989, 990)
5. SMTPS (465)

Insecure Ports and Protocols:

1. HTTP (80)
2. FTP (20, 21)
3. Telnet (23)
4. SNMP (161, 162)
5. TFTP (69)

Attack techniques and motivations:

1. Phishing
2. Proxies
3. Tunnelling
4. Mobile Malicious code
5. Phishing against Mobile Devices
5. Rogue antivirus

Security Controls:

1. Authentication, Authorization
2. Encryption
3. Firewalls
4. DNSSEC

CIA Triad:

The CIA Triad consists of three primary components:

1. *Confidentiality*: Protecting sensitive information from unauthorized

access.
2. *Integrity*: Ensuring data accuracy and consistency.
3. *Availability*: Ensuring data and systems are accessible when needed.

Here are some examples illustrating the CIA Triad:

Confidentiality:
1. Encrypting sensitive data, such as financial information or personal
identifiable information (PII), to prevent unauthorized access.
2. Implementing role-based access control (RBAC) to restrict access to
sensitive information.
3. Using secure communication protocols, such as HTTPS or SFTP, to
protect data in transit.
4. Implementing data masking or anonymization to protect sensitive data.
5. Using secure storage solutions, such as encrypted hard drives or
secure cloud storage.

Example Scenario:
- A healthcare organization implements encryption for patient records to
prevent unauthorized access.

Integrity:
1. Implementing checksums or digital signatures to ensure data
authenticity.
2. Using version control systems to track changes to sensitive data.
3. Using transaction logs to monitor and track changes to data.
5. Implementing data validation and verification processes.

Example Scenario:
- A financial institution implements transaction logging to track changes
to financial transactions.

Availability:
1. Implementing redundancy and failover systems to ensure system
uptime.
2. Using load balancing and content delivery networks (CDNs) to
distribute traffic.
3. Implementing backup power systems, such as UPS or generators.
4. Conducting regular maintenance and patching to prevent system
downtime.
5. Implementing Backups, disaster recovery and business continuity
plans.

Example Scenario:
- An e-commerce company implements a redundant server infrastructure
to ensure website availability.

Industry-Specific Examples:

1. Healthcare: HIPAA regulations require confidentiality, integrity, and

availability of patient records.
2. Finance: PCI-DSS regulations require confidentiality, integrity, and
availability of financial transactions.
3. Government: NIST guidelines require confidentiality, integrity, and
availability of sensitive government data.