Professional Documents
Culture Documents
Study Guide
Cyber Network Security
Created By: David Davor, Teaching Assistant
Module 1: Introduction
Learning Objectives
● Core Knowledge and the Function of Network Security
● The Application of selected Network Security Concepts
● Network Security Architecture and Building Principles
● How to Apply Security Practices
● How to Apply Network Devices Effectively
Prerequisite
● There are no prerequisites even though basic Networking Concepts will be
an advantage.
Learning Objectives
● The CIA and DAD Triangles
● Nonrepudiation
● Identification, Authentication, Authorization
CIA Triangle
CIA Triangle is considered the most fundamental aspect of Cybersecurity. The
CIA Triangle consists of Confidentiality, Integrity, and Availability.
Confidentiality refers to the ability to not disclose confidential information to
unauthorized persons. Integrity is the protection of information from unauthorized
modification. Availability is ensuring that a system or data is available for
authorized users.
DAD Triangle
The DAD Triangle, reveals the opposite of the CIA Triangle. DAD Triangle stands
for Disclosure, Alteration, Denial. Each principle in the CIA triad corresponds to
an opposing principle in the DAD triad. Confidentiality or Disclosure. Integrity or
Alteration, Availability, or Denial.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
Cybersecurity Principles
● Nonrepudiation: refers to a user not being able to deny having sent a
message or performed a specific act.
● Access Control: Defines the degree of permission granted to a resource
➔ Identification: Answers the question ‘Who is the subject’, Asserting
who you are
➔ Authentication: The proof of identification. The process of
identification
➔ Authorization: What can be accessed after authentication
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
Authentication Types
● Something you know: This could be a password, secrete code, pin, etc.
● Something you have: This is a physical object like ID cards, key fobs
● Something you are: Biometrics including fingerprints, iris scans, voice,
signature, etc.
Authorization Models: Three of the most important and most common models of
authorization are;
● Mandatory: Mandatory Access Control (MAC). This ensures that you have
an equal or higher clearance for a file or resource to be able to access it. For
instance, you must have a Top Secret clearance to be able to access Top
Secret files.
● Discretionary Access Control (DAC): In this case, the owner of a file or
resource decides who to give access.
● Role-Based Access Control: This model grants access to a resource based on
the role of the individual in the organization. For instance, people in Payroll
will not have access to Marketing information and vice versa.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
Learning Objectives
● CWE and CVE
● How to stay up to date
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
5
Learning Objectives
● Importance of Ethics to cybersecurity
● Laws, Regulations, and Policies
Ethics:
The moral principles which govern a person’s behavior. It differentiates an ethical
cybersecurity professional and a malicious user.
Example is the (ISC)2 Code of Ethics
● Protect society, the common good, necessary public trust and confidence,
and the infrastructure.
● Act honorably, honestly, justly, responsibly, and legally
● Provide diligent and competent service to principals
● Advance and protect the profession.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
6
Learning Objectives:
● Managing data responsibly
● Data encryption practices
● Proper data disposal
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
7
● Labeling: Tag the data. After finding the data, it has to be labelled with the
appropriate sensitivity levels
● Policy Creation: Data rules are defined with what can or cannot be done with
the data.
● Content monitoring: The data has to be monitored throughout and across the
network to ensure the policies defined for it are effective.
● Blocking: Stopping the data from leaving. When an unauthorized data
modification or transfer is detected, it is blocked or prevented according to
the policy.
● Reporting: Snitch on the offenders.
Data Encryption:
● Data at rest: Storage level encryption is applied to data at rest.
● Data in motion: Uses IPSEC, VPN, TLS/SSL to encrypt data in transit
● Data i n use: Information Right Management. Defines what users can do
with the data. Whether they can Read only or Write.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
8
Learning Objectives
● Incident Response: Processes, Teams, and Policies
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
9
Disaster Recovery Plan. Whe the incident gets really bad such that the Incident
Response Plan is fails to eradicate and recover affected systems, the Disater
Recover Plan is activated. The DRP runs on backup systems mostly at a secondary
site temporarily when more time is needed to resolve the issue at the primary site.
Thre are 3 main types of secondary or alternative sites:
● Cold site. Usually has fewer facilities like elecyricity, water, and space. It is
the cheapest and also takes the longest time to setup.
● Warm site. Has a lot more facilities such as network devices,
telecommunication equipment, and other systems. Much more expensive
than cold sites and has lesser restore time.
● Hot site. This has almost everything except current data. Data may have to
be imported from stord backups. It is the easiest to restore and the most
expensive.
Testing your Disaster Recovery Plan. DRP can be tested in many ways including
the following:
● Checklist testing
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
10
● Structured testing
● Walkthrough testing
● Simulation testing
● Parellel testing
● Full interruption testing.
Risk Management
A risk is a function of the likelihood of a given threat source exercising a potential
vulnerability, and the resulting impact of that adverse event on the organization.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1 1
Risk Management It involves identifying the risk, accessing the likelihood of its
occurrence and the potential impact on the organization and to determine an
appropriate response to the risk.
Key Terms:
● Likelihood. The probability that a potential vulnerability may be exercised.
● Threat Source. Intent and method targeted at the intentional exploitation of a
vulnerability.
● Vulnerability. A weakness in system security procedures, designs, controls,
or implementation.
● Impact. The magnitude of harm that could be caused
● Asset. Anything of value that is owned by an organization.
➔ Conduct Assessment
➔ Communicate Results
➔ Maintain Assessment (regular risk assessment)
Risk impacts can be measured in quantitative or qualitative terms
Risk Calculations
➢ Single Loss Expectancy (SLE) = Asset value x Exposure Factor
➢ Annualized Loss Expectancy (ALE) = SLE x Annual Rate of Occurrence
(ARO)
Risk Treatment/Response
There are four main ways to response to a risk and these are:
❖ Risk mitigation. Implementing some form of control to limit the impact of
the risk on the organization.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
13
Learning Objectives:
● Network Structures and Topologies
● Network Segmentation and Isolation
Network structure
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
14
Even though the above may not apply to every organization or individual
networks, it gives the general network structure.
The above consist of 3 main sections:
● Outside (untrusted) or public network. This is called the Internet where
untrusted devices connect across the globe.
● Intranet (Trusted or Private) Network. Where internal resources like
applications and sensitive data are stored.
● Extranet. Is a part of the internal or private network where people within the
organization can access internal data or resources but with limited access.
● DMZ (Demilitarized zone). Refers to the part of the network or resources
where the public is allowed access like web servers and other public facing
applications.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
15
Network segmentation
Basically means creating different segments for the network either physically or
virtually. Types of Network Segmentation include:
❖ Virtual LANs (VLANS). Involves using switches to virtually create different
segments on the network.
❖ Air Gapped networks. Air gapped networks have no connections
whatsoever. They are totally separated from each other. They only
communicate through Sneakernet, where files are only transferred by USBs
or External Drives.
❖ Guess Networks. Guess networks most essentially provide access to guest
users to connect to the internet without being able to access internal or
private resources.
Network Topologies.
Network Topologies
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
16
❖ Bus Topology. In the bus topology, all devices connect to a main wire or
source which transfers information back and forth along the wire.
❖ Ring topology. Information transfer is circular across devices that are part of
the ring.
❖ Star Topology. In star topology all devices connect to a central point which
sends information to the connected devices.
❖ Mesh topology. Each device in a mesh topology connects directly to all
other devices.
❖ Tree Topology. A form of hybrid topology with a combination of the bus
and star topologies.
❖ Hybrid Topology: Combines different types of topologies in one topology.
Mostly considered a combination of ring and star topologies.
Learning objectives
● Network design Protocols, Principles and Controls
Network Principles
● Least privilege. Giving people the least amount of network access to do their
jobs
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
17
Network Protocols
● IPSec. An authentication and encryption protocol which works at the
network layer. Has two main types
➔ Transport Layer Mode. Data is encrypted, but the header
information is readable
➔ Tunnel layer Mode. Data and header information are all encrypted.
● SSL/TLS. Checks a certificate to ensure server validity.
● HTTPS. Internet protocol which uses SSL/TLS
● SSH. Secure program to access remote computers
Network Controls
There are 3 categories of controls:
1. Administrative/management: Controls in the form of Policies, Procedure,
Guidelines
2. Technical Controls: Controls implemented through Hardware and Software
programs.
3. Operational Controls: Controls executed by peoples.
Under each of the above 3 categories, there are 7 controls.
❖ Directive Controls. May include configuration standards and policies
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
18
Learning Objectives
● Security Models
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
19
Similar to the Bell-LaPadula model, The Biba integrity Model also has objects and
subjects with labels and properties that allows a user to either write down or up.
This means if you do not have write down access, you cannot modify any file that
has same or lower label as the user.
Learning Objectives:
● Common Attack vectors
● Web Filtering Techniques for Mitigation
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
20
Web Filtering
The following can be used to filter web traffic:
● Firewalls. Traffic entering an internal network goes through a firewall which
inspects the traffic for any malicious content. Using Web application
firewalls or Next generation firewalls in this case is most appropriate.
● DMZ. A segment of the network which is accessed from the public and is
able to inspect web traffic for any suspicious traffic.
● Access control Lists: Can be used to deny or allow specific traffic.
●
●
Lesson 4.5: Module 4 Conclusion
Skills Learned From This Lesson: Module Recap
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
21
● Learning Objectives
● The basics of malware
● User Awareness
● Cybersecurity Training
● Security Products
Malware
❖ Virus: Malicious software that infects a host file in order to spread
❖ Logic Bomb: Malicious program that executes when certain conditions are
met.
❖ Worm: A malicious software that clones itself in order to spread.
❖ Trojan: Malicious software that masquerades as something it is not.
❖ Bot: Malicious code that acts like a remotely controlled robot.
❖ Rootkit: Software that enables administrative control of a computer.
Malware Countermeasures
● The best protection against malware is User Awareness.
Malware Countermeasures
● Following good cyber practices
➔ Understand security policies
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
22
Learning Objectives
● Policies, Guidelines, and Baselines
● Change Management and Patch Management
● Network Development Life Cycle.
Security Practices
❖ Policy: High level documents that outlines senior management’s security
directives
❖ Standards: Compulsory rules that support the security policies.
❖ Procedures: Step-by-step instructions for performing a task
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
23
Policy Format
● Objective
● Policy Statement
● Applicability
● Enforcement
● Roles and Responsibilities
● Review
Procedure Components
❖ Purpose
❖ Applicability
❖ Steps
❖ Figures
❖ Decision Point
Change management
It is the processes involved in making changes to the network. The process involve
the following:
● Request Submission: A formal request is made for change.
● Recording: The change to be made must be fully documented for reference
future usage.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
24
● Impact Assessment: Document the impact the change will have on the
network with relevant statistics such as performance.
● Decision Making: A decision must be made whether or not the change will
be implemented.
● Approval: Approval from senior management is needed to fully implement
the change.
● Status Tracking: The change must be monitored to see if the desired result is
being achieved.
Patch Management
It's a way of maintaining the integrity of a system
❖ Acquisition: Getting the patch or update needed for the system
❖ Testing: Testing the patch or update in a testing environment
❖ Approval: The patch or update must get approval before deploying in the
work environment.
❖ Packaging: Preparing the patch for deployment to all systems that need it.
❖ Deployment: Applying the patch to your production systems. Be sure to
inform users of what to expect (system disruptions etc) during the
deployment.
❖ Verification: observe whether the patch achieved its intended purpose.
Learning Objectives
● Computer Protection Components
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
26
HIDS is a host based Intrusion detection system which detects and alerts the user
of a possible attack on the host system.
HIPS will try to stop the attack targeted at the host.
● Anti-malware: Agent that works in seek and destroy mode by scanning files
or objects.
● Host Firewalls: Filters traffic coming to and from a computer.
Learning Objective
Network Protection Components
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
27
Module 7: Conclusion
Lesson 7.1: Conclusion and Summary
Skills Learned From This Lesson: Course Summary and Conclusion.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
29