Overview
A key way that attackers gain access to a company's resources is through a network connected to the internet. Organizations try to prevent as many attacks as possible. Unfortunately, not all attacks will be prevented, and as such, they must be detected it in a timely manner. Therefore, it is critical to be able to understand the goals of building a defensible network architecture. It is critically important to understand the architecture of the system, types of network designs, relational communication flows, and how to protect against attacks using devices such as routers and switches. These essentials and more will be covered during the first section of this course in order to provide a firm foundation for the remaining sections of this training.
In any organization large or small, all data are not created equal. Some data are routine and incidental while other data can be very sensitive, and loss of those data can cause irreparable harm to an organization. It is essential to understand attacks, the vulnerability behind those attacks, and how to prioritize the information and steps to secure the systems. To achieve this, you need to gain familiarity with the communication protocols of modern networks. Adversaries need our networks just as much as we do. Adversaries live off the land, mercilessly pivoting from system to system, on our network, until they can achieve the long-term goal for which they came. Being able to apply the concepts of 'knowing' our network, and how network operations are performed, will allow us to baseline 'normal'. Knowing normal allows 'abnormal' (the adversary) to stand out.
Cloud computing becomes an obvious topic of discussion in relation to our modern networks - public and private networks alike. A conversation on defensible networking would not be complete without an in-depth discussion of what cloud is, and more importantly, the important security considerations that must be taken into account.
By the end of this section, you will understand Defensible Network Architecture, Protocols and Packet Analysis, Network Device Security, Virtualization and Cloud, and Wireless Network Security.
Last, but certainly not least, all of the above wouldn't be as useful without applying the knowledge in our extensive hands-on lab-based environment. Each day of SEC401 is built on a foundation of how to apply key topics and concepts in real-world application.
By the end of Day 1, the adversary's game will be up. Adversaries need to use OUR network to achieve THEIR goals. By understanding how our networks function (relative to our unique needs), the adversary's activity will be revealed. Discovery of the adversary is only a small part of the overall battle; the remainder of SEC401 will show you how not only to defend, but better prevent (and remediate) the adversary.
Topics
SEC401.1: Outline: Network Security Essentials
- SEC401: An Introduction
- Defensible Network Architecture
- Protocols and Packet Analysis
- Network Device Security
- Virtualization and Cloud
- Securing Wireless Networks
Module 1: SEC401 - An Introduction
SEC401 is unique in its coverage of more than 30 topical areas of information security. In this introductory module we review the structure of the course, the logistics of the class schedule in concert with 'bootcamp' hours, and the overall thematic view of the course topics.
Module 2: Defensible Network Architecture
In order to properly secure and defend a network, you must first have a clear and strong understanding of both the logical and physical components of network architecture. Above and beyond an understanding of network architecture, however, properly securing and defending a network will further require an understanding of how the adversary abuses the information systems of our network to achieve their goals.
- Network Architecture
- Attacks Against Network Devices
- Network Topologies
- Network Design
Module 3: Protocols and Packet Analysis
A solid understanding of the interworking of networks enables you to more effectively recognize, analyze, and respond to the latest (perhaps unpublished) attacks. This module introduces the core areas of computer networks and protocols.
Network Protocols Overview
Layer 3 Protocols
- Internet Protocol
- Internet Control Message Protocol
Layer 4 Protocols
- Transmission Control Protocol
- User Datagram Protocol
Tcpdump
Module 4: Network Device Security
In order to implement proper network security, you have to understand the various components of modern networks. In this module, we will look at the core components of network infrastructure, how they work, and the methods needed to leverage them for modern cyber defense. Unfortunately everything on the network, including the network itself, is a target for the adversary. Our conversation on network device security would be incomplete without discussing how to properly secure our networking infrastructure itself.
- Network Devices
- Network Device Security
Module 5: Virtualization and Cloud
In this module, we will examine what virtualization is, the security benefits and risks of a virtualized environment, and the differences in virtualization architecture. Because cloud computing is architected on virtualization, the module concludes with an extensive discussion of what cloud is (public and private cloud), how it works, the services made available by public cloud, and related security concepts.
- Virtualization Overview
- Virtualization Security
- Cloud Overview
- Cloud Security
Module 6: Securing Wireless Networks
In this module, we will explain the differences between the various types of wireless communication technologies available today, the insecurities present in those communications, and approaches to mitigation to reduce the risk of those insecurities to a more acceptable level of risk.
- The Pervasiveness of "Wireless" Communications
- Traditional Wireless: IEEE 802.11 and Its Continual Evolution
- Personal Area Networks
- 5G Cellular (Mobile) Communication
- The Internet of Things