Network Security and Intrusion Detection

Network Security and Intrusion Detection is a specialized field within cybersecurity that focuses on protecting the integrity, confidentiality, and availability of computer networks and their data. It encompasses a wide range of practices and technologies, including the implementation of firewalls, virtual private networks (VPNs), and access control policies to prevent unauthorized access and attacks. A critical component of this discipline is Intrusion Detection, which involves the use of specialized systems (IDS) to continuously monitor network traffic and system activities for malicious patterns or policy violations, acting as a vigilant alarm system that alerts administrators to potential threats in real-time, enabling a swift response to mitigate damage.

1. Fundamentals of Network Security
   1. Core Security Principles
      1. Confidentiality
         1. Data Classification
         2. Information Sensitivity Levels
         3. Data Encryption
            1. Symmetric Encryption
            2. Asymmetric Encryption
            3. Hybrid Encryption Systems
         4. Access Controls
            1. Discretionary Access Control
            2. Mandatory Access Control
            3. Role-Based Access Control
         5. Data Masking
            1. Static Data Masking
            2. Dynamic Data Masking
            3. Tokenization
      2. Integrity
         1. Data Integrity Concepts
         2. Hash Functions
            1. MD5
            2. SHA Family
            3. HMAC
         3. Digital Signatures
            1. RSA Signatures
            2. DSA Signatures
            3. ECDSA
         4. Checksums
            1. CRC
            2. Parity Bits
            3. Error Detection Codes
         5. Message Authentication Codes
      3. Availability
         1. High Availability Concepts
         2. Redundancy and Failover
            1. Hardware Redundancy
            2. Network Redundancy
            3. Geographic Redundancy
         3. Backup Strategies
            1. Full Backups
            2. Incremental Backups
            3. Differential Backups
            4. Backup Testing and Recovery
         4. Denial-of-Service Mitigation
            1. Rate Limiting
            2. Traffic Shaping
            3. Load Balancing
         5. Business Continuity Planning
         6. Disaster Recovery Planning
      4. Non-repudiation
         1. Digital Signatures for Non-repudiation
         2. Audit Trails
            1. Log Integrity
            2. Timestamping
            3. Chain of Custody
         3. Legal and Regulatory Requirements
   2. The AAA Framework
      1. Authentication
         1. Authentication Factors
            1. Something You Know
            2. Something You Have
            3. Something You Are
         2. Password-based Authentication
            1. Password Policies
            2. Password Storage
            3. Password Attacks
         3. Token-based Authentication
            1. Hardware Tokens
            2. Software Tokens
            3. One-Time Passwords
         4. Biometric Authentication
            1. Fingerprint Recognition
            2. Facial Recognition
            3. Voice Recognition
            4. Iris Scanning
         5. Certificate-based Authentication
            1. Digital Certificates
            2. Public Key Infrastructure
            3. Certificate Validation
      2. Authorization
         1. Authorization Models
         2. Role-Based Access Control
            1. Role Definition
            2. Permission Assignment
            3. Role Hierarchies
         3. Attribute-Based Access Control
            1. Policy Decision Points
            2. Policy Enforcement Points
            3. Attribute Sources
         4. Access Control Lists
            1. Standard ACLs
            2. Extended ACLs
            3. Named ACLs
         5. Principle of Least Privilege
         6. Separation of Duties
      3. Accounting
         1. Logging User Activities
            1. Login Events
            2. Resource Access
            3. Administrative Actions
         2. Audit Logs
            1. Log Format Standards
            2. Log Retention Policies
            3. Log Analysis
         3. Usage Monitoring
            1. Bandwidth Monitoring
            2. Application Usage
            3. Resource Utilization
         4. Compliance Reporting
   3. Common Network Threats and Vulnerabilities
      1. Denial-of-Service Attacks
         1. DoS Attack Types
         2. DDoS Attack Types
         3. Flood Attacks
            1. SYN Flood
            2. UDP Flood
            3. ICMP Flood
         4. Amplification Attacks
            1. DNS Amplification
            2. NTP Amplification
            3. SSDP Amplification
         5. Application Layer DoS
            1. HTTP Flood
            2. Slowloris
            3. R.U.D.Y.
         6. Botnets and DDoS
      2. Man-in-the-Middle Attacks
         1. Attack Vectors
         2. Session Hijacking
            1. TCP Session Hijacking
            2. Web Session Hijacking
            3. Session Fixation
         3. SSL Stripping
            1. HTTPS Downgrade Attacks
            2. Certificate Spoofing
         4. ARP Spoofing
            1. ARP Cache Poisoning
            2. ARP Flooding
         5. DNS Hijacking
         6. BGP Hijacking
      3. Eavesdropping and Sniffing
         1. Passive vs Active Sniffing
         2. Packet Sniffers
            1. Promiscuous Mode
            2. Network Taps
            3. Port Mirroring
         3. Wireless Eavesdropping
            1. War Driving
            2. Evil Twin Attacks
            3. Packet Injection
         4. Protocol Analysis
         5. Traffic Analysis
      4. Spoofing Attacks
         1. IP Spoofing
            1. Source IP Spoofing
            2. Blind Spoofing
            3. Non-Blind Spoofing
         2. MAC Spoofing
            1. MAC Address Cloning
            2. CAM Table Overflow
         3. DNS Spoofing
            1. DNS Cache Poisoning
            2. DNS Pharming
         4. Email Spoofing
         5. Caller ID Spoofing
      5. Malware Propagation
         1. Malware Classification
         2. Viruses
            1. File Infectors
            2. Boot Sector Viruses
            3. Macro Viruses
         3. Worms
            1. Network Worms
            2. Email Worms
            3. USB Worms
         4. Trojans
            1. Remote Access Trojans
            2. Banking Trojans
            3. Rootkits
         5. Ransomware
            1. Crypto-Ransomware
            2. Locker Ransomware
            3. Ransomware-as-a-Service
         6. Advanced Persistent Threats
      6. Reconnaissance Attacks
         1. Information Gathering Phases
         2. Port Scanning
            1. TCP Connect Scans
            2. SYN Scans
            3. UDP Scans
            4. Stealth Scanning Techniques
         3. Network Mapping
            1. Network Discovery
            2. Topology Mapping
            3. Service Enumeration
         4. Vulnerability Scanning
            1. Automated Scanners
            2. Manual Testing
            3. Vulnerability Databases
         5. Social Engineering
         6. Open Source Intelligence
   4. Network Models in Security Context
      1. OSI Model Security
         1. Physical Layer Security
            1. Physical Access Controls
            2. Cable Security
            3. Electromagnetic Interference
         2. Data Link Layer Security
            1. MAC Address Security
            2. VLAN Security
            3. Switch Security
         3. Network Layer Security
            1. IP Security
            2. Routing Security
            3. Network Address Translation
         4. Transport Layer Security
            1. TCP Security
            2. UDP Security
            3. Port Security
         5. Session Layer Security
            1. Session Management
            2. Session Hijacking Prevention
         6. Presentation Layer Security
            1. Encryption and Decryption
            2. Data Compression Security
            3. Protocol Translation Security
         7. Application Layer Security
            1. Application Protocols
            2. Web Application Security
            3. Email Security
      2. TCP/IP Security Model
         1. Link Layer Security
            1. Ethernet Security
            2. Wi-Fi Security
            3. Point-to-Point Security
         2. Internet Layer Security
            1. IPv4 Security
            2. IPv6 Security
            3. ICMP Security
         3. Transport Layer Security
            1. TCP Security Features
            2. UDP Security Considerations
            3. SCTP Security
         4. Application Layer Security
            1. HTTP/HTTPS Security
            2. FTP/SFTP Security
            3. SMTP Security
            4. DNS Security
      3. Defense in Depth Strategy
         1. Layered Security Approach
         2. Security Controls at Each Layer
         3. Threat Mitigation Strategies