.. include:: global.rst ********************************************* Chapter 1: Fundamentals of Network Security ********************************************* ------------------------- What Is Network Security? ------------------------- **Network security** is the protection of network communications from: - Unauthorized access - Abuse or misuse - Damage or disruption It includes monitoring traffic, blocking unsafe activity, and responding to threats. --------------------------- Core Security Principles --------------------------- Confidentiality =============== Protects data from being seen by unauthorized users. Only people with a valid **need to know** should have access. Integrity ========= Protects data from being changed improperly. Ensures data remains accurate and consistent. Availability ============ Ensures systems and data are accessible when needed. Protects against downtime and data loss. Authentication ============== Verifies who a user is. Examples: passwords, biometrics, multifactor authentication (MFA). Authorization ============= Controls what a user is allowed to do. Based on job roles and need to know. Nonrepudiation ============== Prevents users from denying actions they performed. Often provided through encryption and digital signatures. ---------------------- Security Policies ---------------------- A **security policy** defines: - What is allowed - What is not allowed - How security is enforced Policies keep security organized and effective. ----------------------- Network Fundamentals ----------------------- TCP/IP ====== Most networks use **TCP/IP**. Two versions of IP: - **IPv4** – most widely used today - **IPv6** – newer and growing in use OSI Model ========= The **OSI model** explains how network communication works using seven layers. +-------+----------------------------------+ | Layer | Function | +=======+==================================+ | 7 | Application – User programs | +-------+----------------------------------+ | 6 | Presentation – Format data | +-------+----------------------------------+ | 5 | Session – Manage sessions | +-------+----------------------------------+ | 4 | Transport – Send data | +-------+----------------------------------+ | 3 | Network – IP and routing | +-------+----------------------------------+ | 2 | Data Link – MAC addresses | +-------+----------------------------------+ | 1 | Physical – Bits and signals | +-------+----------------------------------+ Addresses ---------------------- Logical Addresses (IP) ====================== - Identify devices globally - Unique across the Internet - Not tied to physical hardware - Allow communication between any two hosts Physical Addresses (MAC) ======================== - Identify devices locally - Unique only on the local network - Assigned by the NIC manufacturer - Tied to hardware but can be spoofed MAC Address Spoofing ---------------------- MAC addresses can be changed using: - Linux, Unix, macOS commands - Windows tools (SMAC, MAC Changer, etc.) ----------------------------- Network Security Components ----------------------------- Nodes and Hosts =============== A **node** is any device on a network (PC, printer, server). A **host** is a node with an IP address that provides or uses services. Firewalls ========= A **firewall** filters network traffic. It blocks harmful or unauthorized connections. VPN (Virtual Private Network) ============================== A **VPN** creates an encrypted tunnel across the Internet. Used for secure remote access. Proxy Servers ============= A **proxy** sits between users and the Internet. It: - Filters traffic - Hides internal addresses - Adds security and privacy DNS === **DNS** converts names into IP addresses. Example: ``www.example.com → IP address`` DNS must be protected but does not secure the network itself. Intrusion Detection & Prevention ================================ **IDS** detects attacks. **IPS** detects and blocks attacks. They can: - Alert admins - Block IPs - Close ports - Stop connections Network Access Control (NAC) ============================ NAC checks devices before allowing them on the network. It ensures systems have: - Antivirus - Security patches - Firewalls - Authorization Non-compliant devices can be blocked.