Computer Science Cybersecurity Network Security and Intrusion Detection
Network Security and Intrusion Detection
Network Security and Intrusion Detection is a specialized field within cybersecurity that focuses on protecting the integrity, confidentiality, and availability of computer networks and their data. It encompasses a wide range of practices and technologies, including the implementation of firewalls, virtual private networks (VPNs), and access control policies to prevent unauthorized access and attacks. A critical component of this discipline is Intrusion Detection, which involves the use of specialized systems (IDS) to continuously monitor network traffic and system activities for malicious patterns or policy violations, acting as a vigilant alarm system that alerts administrators to potential threats in real-time, enabling a swift response to mitigate damage.
1.1.
Core Security Principles
1.1.1.
Confidentiality
1.1.1.1. Data Classification
1.1.1.2. Information Sensitivity Levels
1.1.1.3.1. Symmetric Encryption
1.1.1.3.2. Asymmetric Encryption
1.1.1.3.3. Hybrid Encryption Systems
1.1.1.4.1. Discretionary Access Control
1.1.1.4.2. Mandatory Access Control
1.1.1.4.3. Role-Based Access Control
1.1.1.5.1. Static Data Masking
1.1.1.5.2. Dynamic Data Masking
1.1.2.
Integrity
1.1.2.1. Data Integrity Concepts
1.1.2.3. Digital Signatures
1.1.2.4.3. Error Detection Codes
1.1.2.5. Message Authentication Codes
1.1.3.
Availability
1.1.3.1. High Availability Concepts
1.1.3.2. Redundancy and Failover
1.1.3.2.1. Hardware Redundancy
1.1.3.2.2. Network Redundancy
1.1.3.2.3. Geographic Redundancy
1.1.3.3. Backup Strategies
1.1.3.3.2. Incremental Backups
1.1.3.3.3. Differential Backups
1.1.3.3.4. Backup Testing and Recovery
1.1.3.4. Denial-of-Service Mitigation
1.1.3.4.2. Traffic Shaping
1.1.3.5. Business Continuity Planning
1.1.3.6. Disaster Recovery Planning
1.1.4.
Non-repudiation
1.1.4.1. Digital Signatures for Non-repudiation
1.1.4.2.3. Chain of Custody
1.1.4.3. Legal and Regulatory Requirements
1.2.
The AAA Framework
1.2.1.
Authentication
1.2.1.1. Authentication Factors
1.2.1.1.1. Something You Know
1.2.1.1.2. Something You Have
1.2.1.1.3. Something You Are
1.2.1.2. Password-based Authentication
1.2.1.2.1. Password Policies
1.2.1.2.2. Password Storage
1.2.1.2.3. Password Attacks
1.2.1.3. Token-based Authentication
1.2.1.3.1. Hardware Tokens
1.2.1.3.2. Software Tokens
1.2.1.3.3. One-Time Passwords
1.2.1.4. Biometric Authentication
1.2.1.4.1. Fingerprint Recognition
1.2.1.4.2. Facial Recognition
1.2.1.4.3. Voice Recognition
1.2.1.5. Certificate-based Authentication
1.2.1.5.1. Digital Certificates
1.2.1.5.2. Public Key Infrastructure
1.2.1.5.3. Certificate Validation
1.2.2.
Authorization
1.2.2.1. Authorization Models
1.2.2.2. Role-Based Access Control
1.2.2.2.1. Role Definition
1.2.2.2.2. Permission Assignment
1.2.2.2.3. Role Hierarchies
1.2.2.3. Attribute-Based Access Control
1.2.2.3.1. Policy Decision Points
1.2.2.3.2. Policy Enforcement Points
1.2.2.3.3. Attribute Sources
1.2.2.4. Access Control Lists
1.2.2.5. Principle of Least Privilege
1.2.2.6. Separation of Duties
1.2.3.
Accounting
1.2.3.1. Logging User Activities
1.2.3.1.2. Resource Access
1.2.3.1.3. Administrative Actions
1.2.3.2.1. Log Format Standards
1.2.3.2.2. Log Retention Policies
1.2.3.3.1. Bandwidth Monitoring
1.2.3.3.2. Application Usage
1.2.3.3.3. Resource Utilization
1.2.3.4. Compliance Reporting
1.3.
Common Network Threats and Vulnerabilities
1.3.1.
Denial-of-Service Attacks
1.3.1.2. DDoS Attack Types
1.3.1.4. Amplification Attacks
1.3.1.4.1. DNS Amplification
1.3.1.4.2. NTP Amplification
1.3.1.4.3. SSDP Amplification
1.3.1.5. Application Layer DoS
1.3.2.
Man-in-the-Middle Attacks
1.3.2.2. Session Hijacking
1.3.2.2.1. TCP Session Hijacking
1.3.2.2.2. Web Session Hijacking
1.3.2.2.3. Session Fixation
1.3.2.3.1. HTTPS Downgrade Attacks
1.3.2.3.2. Certificate Spoofing
1.3.2.4.1. ARP Cache Poisoning
1.3.3.
Eavesdropping and Sniffing
1.3.3.1. Passive vs Active Sniffing
1.3.3.2.1. Promiscuous Mode
1.3.3.3. Wireless Eavesdropping
1.3.3.3.2. Evil Twin Attacks
1.3.3.3.3. Packet Injection
1.3.3.4. Protocol Analysis
1.3.4.
Spoofing Attacks
1.3.4.1.1. Source IP Spoofing
1.3.4.1.3. Non-Blind Spoofing
1.3.4.2.1. MAC Address Cloning
1.3.4.2.2. CAM Table Overflow
1.3.4.3.1. DNS Cache Poisoning
1.3.4.5. Caller ID Spoofing
1.3.5.
Malware Propagation
1.3.5.1. Malware Classification
1.3.5.2.2. Boot Sector Viruses
1.3.5.4.1. Remote Access Trojans
1.3.5.4.2. Banking Trojans
1.3.5.5.1. Crypto-Ransomware
1.3.5.5.2. Locker Ransomware
1.3.5.5.3. Ransomware-as-a-Service
1.3.5.6. Advanced Persistent Threats
1.3.6.
Reconnaissance Attacks
1.3.6.1. Information Gathering Phases
1.3.6.2.1. TCP Connect Scans
1.3.6.2.4. Stealth Scanning Techniques
1.3.6.3.1. Network Discovery
1.3.6.3.2. Topology Mapping
1.3.6.3.3. Service Enumeration
1.3.6.4. Vulnerability Scanning
1.3.6.4.1. Automated Scanners
1.3.6.4.3. Vulnerability Databases
1.3.6.5. Social Engineering
1.3.6.6. Open Source Intelligence
1.4.
Network Models in Security Context
1.4.1.
OSI Model Security
1.4.1.1. Physical Layer Security
1.4.1.1.1. Physical Access Controls
1.4.1.1.3. Electromagnetic Interference
1.4.1.2. Data Link Layer Security
1.4.1.2.1. MAC Address Security
1.4.1.2.3. Switch Security
1.4.1.3. Network Layer Security
1.4.1.3.2. Routing Security
1.4.1.3.3. Network Address Translation
1.4.1.4. Transport Layer Security
1.4.1.5. Session Layer Security
1.4.1.5.1. Session Management
1.4.1.5.2. Session Hijacking Prevention
1.4.1.6. Presentation Layer Security
1.4.1.6.1. Encryption and Decryption
1.4.1.6.2. Data Compression Security
1.4.1.6.3. Protocol Translation Security
1.4.1.7. Application Layer Security
1.4.1.7.1. Application Protocols
1.4.1.7.2. Web Application Security
1.4.2.
TCP/IP Security Model
1.4.2.1. Link Layer Security
1.4.2.1.1. Ethernet Security
1.4.2.1.3. Point-to-Point Security
1.4.2.2. Internet Layer Security
1.4.2.3. Transport Layer Security
1.4.2.3.1. TCP Security Features
1.4.2.3.2. UDP Security Considerations
1.4.2.4. Application Layer Security
1.4.2.4.1. HTTP/HTTPS Security
1.4.2.4.2. FTP/SFTP Security
1.4.3.
Defense in Depth Strategy
1.4.3.1. Layered Security Approach
1.4.3.2. Security Controls at Each Layer
1.4.3.3. Threat Mitigation Strategies