Network Security Fundamentals

Network security is the practice of protecting computer networks and their data from unauthorised access, misuse, and attack. As organisations become increasingly interconnected, a solid understanding of network security fundamentals is essential for every IT professional.

---

Why Network Security Matters

Networks are the backbone of modern organisations. Every email, database query, file transfer, and cloud API call traverses a network. A single compromised network can expose millions of records, disrupt critical services, and cost organisations millions of pounds in damages.

Key statistics:

• 71% of organisations experienced a network-based attack in the past year (Ponemon Institute)
• The average time to identify a breach is 204 days (IBM Cost of a Data Breach Report)
• Network-based attacks remain the most common initial access vector for advanced persistent threats

---

Defence in Depth

Defence in depth is the cornerstone strategy for network security. Rather than relying on a single control, you deploy multiple overlapping layers so that if one fails, others still protect the network.

Layer	Controls	Examples
Perimeter	Firewalls, DMZs, proxies	Block unauthorised inbound/outbound traffic
Network	Segmentation, VLANs, ACLs	Limit lateral movement between zones
Endpoint	Antivirus, EDR, host firewalls	Protect individual devices
Application	WAFs, input validation, patching	Secure web apps and APIs
Data	Encryption, DLP, access controls	Protect data at rest and in transit
Human	Training, policies, phishing simulations	Reduce human error

The Onion Model

Think of defence in depth like an onion — an attacker must peel through multiple layers to reach the core (your critical data):

┌──────────────────────────────────┐
│         Perimeter Security       │
│  ┌────────────────────────────┐  │
│  │     Network Security       │  │
│  │  ┌──────────────────────┐  │  │
│  │  │  Endpoint Security    │  │  │
│  │  │  ┌────────────────┐  │  │  │
│  │  │  │  Application    │  │  │  │
│  │  │  │  ┌──────────┐  │  │  │  │
│  │  │  │  │  DATA     │  │  │  │  │
│  │  │  │  └──────────┘  │  │  │  │
│  │  │  └────────────────┘  │  │  │
│  │  └──────────────────────┘  │  │
│  └────────────────────────────┘  │
└──────────────────────────────────┘

---

The CIA Triad Applied to Networks

Every network security control maps back to the CIA triad:

Principle	Network Application	Example Controls
Confidentiality	Prevent eavesdropping on network traffic	Encryption (TLS, IPsec), VPNs, network access control
Integrity	Ensure packets are not tampered with in transit	Checksums, digital signatures, DNSSEC
Availability	Keep network services accessible	Redundancy, load balancers, DDoS mitigation

---

Network Security Devices and Tools

Device/Tool	Purpose	Deployment
Firewall	Filter traffic based on rules	Perimeter, internal boundaries
IDS/IPS	Detect and/or block malicious traffic	Inline or passive monitoring
Proxy Server	Intermediary for web traffic, filtering and caching	Forward or reverse proxy
Load Balancer	Distribute traffic across servers for availability	Front of application servers
NAC (Network Access Control)	Enforce policy on devices connecting to the network	Switch ports, wireless access
Packet Capture (PCAP)	Record raw network traffic for analysis	TAPs, SPAN ports

Key Network Security Tools

Tool	Category	Use Case
Wireshark	Packet analyser	Inspect network traffic and troubleshoot issues
Nmap	Port scanner	Discover hosts, open ports, and services
Snort	IDS/IPS	Detect and block malicious network activity
tcpdump	Command-line PCAP	Quick traffic capture on Linux/Unix
Zeek (formerly Bro)	Network monitor	Generate detailed network metadata logs
Nessus	Vulnerability scanner	Identify vulnerabilities in network devices and services

---

Common Network Attacks

Understanding attacks is essential for building effective defences:

Attack	Description	Target
Port Scanning	Probing for open ports and services	Reconnaissance
ARP Spoofing	Poisoning ARP tables to redirect traffic	Local network
Man-in-the-Middle	Intercepting communications between two parties	Encryption gaps
DDoS	Overwhelming a target with traffic	Availability
DNS Spoofing	Returning false DNS responses	Name resolution
VLAN Hopping	Jumping between VLANs to access restricted segments	Segmentation
Packet Sniffing	Capturing unencrypted traffic on the wire	Confidentiality

---

Network Security Policies

Every organisation needs documented network security policies:

• Acceptable Use Policy — defines permitted network usage
• Access Control Policy — specifies who can access which network resources
• Remote Access Policy — governs VPN and remote connectivity requirements
• Wireless Security Policy — sets standards for Wi-Fi configuration and access
• Incident Response Policy — outlines steps when a network breach is detected
• Change Management Policy — controls network configuration changes

---

Network Security Architecture Principles

1. Least privilege — devices and users get only the network access they need
2. Default deny — block all traffic except what is explicitly permitted
3. Segmentation — divide the network into zones with controlled boundaries
4. Visibility — you cannot protect what you cannot see — log and monitor everything
5. Automation — automate repetitive security tasks to reduce human error
6. Resilience — design networks to tolerate failures without losing security

---

Tip: Network security is not a product you buy — it is a process you build, monitor, and continuously improve.

---

Summary

Network security protects the infrastructure that connects all systems and data. The defence-in-depth strategy layers multiple controls so that no single point of failure compromises the entire network. Understanding devices, tools, common attacks, and architectural principles provides the foundation for all network security work. In the following lessons, we will dive into specific controls — firewalls, IDS/IPS, VPNs, segmentation, and more.