You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Network Security Fundamentals
Network Security Fundamentals
Network security is the practice of protecting computer networks and their data from unauthorised access, misuse, and attack. As organisations become increasingly interconnected, a solid understanding of network security fundamentals is essential for every IT professional.
Why Network Security Matters
Networks are the backbone of modern organisations. Every email, database query, file transfer, and cloud API call traverses a network. A single compromised network can expose millions of records, disrupt critical services, and cost organisations millions of pounds in damages.
Key statistics:
- 71% of organisations experienced a network-based attack in the past year (Ponemon Institute)
- The average time to identify a breach is 204 days (IBM Cost of a Data Breach Report)
- Network-based attacks remain the most common initial access vector for advanced persistent threats
Defence in Depth
Defence in depth is the cornerstone strategy for network security. Rather than relying on a single control, you deploy multiple overlapping layers so that if one fails, others still protect the network.
| Layer | Controls | Examples |
|---|---|---|
| Perimeter | Firewalls, DMZs, proxies | Block unauthorised inbound/outbound traffic |
| Network | Segmentation, VLANs, ACLs | Limit lateral movement between zones |
| Endpoint | Antivirus, EDR, host firewalls | Protect individual devices |
| Application | WAFs, input validation, patching | Secure web apps and APIs |
| Data | Encryption, DLP, access controls | Protect data at rest and in transit |
| Human | Training, policies, phishing simulations | Reduce human error |
The Onion Model
Think of defence in depth like an onion — an attacker must peel through multiple layers to reach the core (your critical data):
┌──────────────────────────────────┐
│ Perimeter Security │
│ ┌────────────────────────────┐ │
│ │ Network Security │ │
│ │ ┌──────────────────────┐ │ │
│ │ │ Endpoint Security │ │ │
│ │ │ ┌────────────────┐ │ │ │
│ │ │ │ Application │ │ │ │
│ │ │ │ ┌──────────┐ │ │ │ │
│ │ │ │ │ DATA │ │ │ │ │
│ │ │ │ └──────────┘ │ │ │ │
│ │ │ └────────────────┘ │ │ │
│ │ └──────────────────────┘ │ │
│ └────────────────────────────┘ │
└──────────────────────────────────┘
The CIA Triad Applied to Networks
Every network security control maps back to the CIA triad:
| Principle | Network Application | Example Controls |
|---|---|---|
| Confidentiality | Prevent eavesdropping on network traffic | Encryption (TLS, IPsec), VPNs, network access control |
| Integrity | Ensure packets are not tampered with in transit | Checksums, digital signatures, DNSSEC |
| Availability | Keep network services accessible | Redundancy, load balancers, DDoS mitigation |
Network Security Devices and Tools
| Device/Tool | Purpose | Deployment |
|---|---|---|
| Firewall | Filter traffic based on rules | Perimeter, internal boundaries |
| IDS/IPS | Detect and/or block malicious traffic | Inline or passive monitoring |
| Proxy Server | Intermediary for web traffic, filtering and caching | Forward or reverse proxy |
| Load Balancer | Distribute traffic across servers for availability | Front of application servers |
| NAC (Network Access Control) | Enforce policy on devices connecting to the network | Switch ports, wireless access |
| Packet Capture (PCAP) | Record raw network traffic for analysis | TAPs, SPAN ports |
Key Network Security Tools
| Tool | Category | Use Case |
|---|---|---|
| Wireshark | Packet analyser | Inspect network traffic and troubleshoot issues |
| Nmap | Port scanner | Discover hosts, open ports, and services |
| Snort | IDS/IPS | Detect and block malicious network activity |
| tcpdump | Command-line PCAP | Quick traffic capture on Linux/Unix |
| Zeek (formerly Bro) | Network monitor | Generate detailed network metadata logs |
| Nessus | Vulnerability scanner | Identify vulnerabilities in network devices and services |
Common Network Attacks
Understanding attacks is essential for building effective defences:
| Attack | Description | Target |
|---|---|---|
| Port Scanning | Probing for open ports and services | Reconnaissance |
| ARP Spoofing | Poisoning ARP tables to redirect traffic | Local network |
| Man-in-the-Middle | Intercepting communications between two parties | Encryption gaps |
| DDoS | Overwhelming a target with traffic | Availability |
| DNS Spoofing | Returning false DNS responses | Name resolution |
| VLAN Hopping | Jumping between VLANs to access restricted segments | Segmentation |
| Packet Sniffing | Capturing unencrypted traffic on the wire | Confidentiality |
Network Security Policies
Every organisation needs documented network security policies:
- Acceptable Use Policy — defines permitted network usage
- Access Control Policy — specifies who can access which network resources
- Remote Access Policy — governs VPN and remote connectivity requirements
- Wireless Security Policy — sets standards for Wi-Fi configuration and access
- Incident Response Policy — outlines steps when a network breach is detected
- Change Management Policy — controls network configuration changes
Network Security Architecture Principles
- Least privilege — devices and users get only the network access they need
- Default deny — block all traffic except what is explicitly permitted
- Segmentation — divide the network into zones with controlled boundaries
- Visibility — you cannot protect what you cannot see — log and monitor everything
- Automation — automate repetitive security tasks to reduce human error
- Resilience — design networks to tolerate failures without losing security
Tip: Network security is not a product you buy — it is a process you build, monitor, and continuously improve.
Summary
Network security protects the infrastructure that connects all systems and data. The defence-in-depth strategy layers multiple controls so that no single point of failure compromises the entire network. Understanding devices, tools, common attacks, and architectural principles provides the foundation for all network security work. In the following lessons, we will dive into specific controls — firewalls, IDS/IPS, VPNs, segmentation, and more.