Network Security

From BloomWiki
Revision as of 14:23, 23 April 2026 by Wordpad (talk | contribs) (BloomWiki: Network Security)
Jump to navigation Jump to search

How to read this page: This article maps the topic from beginner to expert across six levels � Remembering, Understanding, Applying, Analyzing, Evaluating, and Creating. Scan the headings to see the full scope, then read from wherever your knowledge starts to feel uncertain. Learn more about how BloomWiki works ?

Network Security is the set of rules, configurations, and tools used to protect the integrity, confidentiality, and accessibility of computer networks and data. In a world where everything is connected, the "Network" is the highway for all information. Network security is about building the "Walls," "Gates," and "Checkpoints" that allow legitimate traffic to pass while keeping hackers, malware, and data thieves out. It is a constant game of "Cat and Mouse" between security engineers and cybercriminals, requiring a deep understanding of both Technology and Human Behavior.

Remembering

  • Network Security — The policies and practices adopted to prevent and monitor unauthorized access, misuse, or denial of a computer network.
  • Firewall — A security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.
  • VPN (Virtual Private Network) — A tool that creates an encrypted "Tunnel" over the public internet to protect your data and identity.
  • IP Address — A unique string of numbers that identifies each computer using the Internet Protocol to communicate over a network.
  • Port — A "Virtual Doorway" on a computer used for specific types of traffic (e.g., Port 80 for web, Port 22 for secure login).
  • Intrusion Detection System (IDS) — A device or software application that monitors a network for malicious activity or policy violations.
  • DDoS (Distributed Denial of Service) — An attack where multiple compromised systems flood a target network with traffic to crash it.
  • Phishing — A fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication.
  • Man-in-the-Middle (MitM) — An attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating.
  • Encryption (In Transit) — Protecting data while it is moving across the network (e.g., HTTPS).
  • Zero Trust — A security model that requires all users, whether in or out of the network, to be authenticated and validated before being granted access.
  • DMZ (Demilitarized Zone) — A physical or logical subnetwork that contains an organization's external-facing services (like a website) to keep the internal network safe.
  • Encryption (At Rest) — Protecting data while it is stored on a disk or database.
  • MAC Address — A unique identifier assigned to a network interface controller (NIC) for communications at the data link layer.

Understanding

Network security is understood through Defense in Depth and The CIA Triad.

1. The CIA Triad:

  • Confidentiality: Only the right people can see the data (Encryption).
  • Integrity: The data hasn't been changed (Hashing).
  • Availability: The network is always working when needed (DDoS protection).

2. Defense in Depth (The Layers of the Castle): One "Wall" is never enough. Good security uses multiple layers:

  • The Perimeter: Firewalls and Routers.
  • The Network: IDS and Traffic monitoring.
  • The Host: Antivirus and User permissions.
  • The Application: Secure code and Passwords.
  • The Data: Encryption.

If a hacker breaks through one layer, they should be stopped by the next.

3. The Zero Trust Model: In the past, we believed the "Internal Network" was safe and only the "Internet" was dangerous. Today, we assume The Network is already compromised. Every single request, even from a CEO's laptop inside the office, must be verified with a password, a device check, and multi-factor authentication (MFA).

The Principle of Least Privilege: Never give a user or a program more access than they absolutely need to do their job. If a marketing intern doesn't need access to the payroll database, they shouldn't have it. This limits the damage if their account is hacked.

Applying

Modeling 'Firewall Logic' (Filtering Traffic): <syntaxhighlight lang="python"> def firewall_check(ip_address, port, is_encrypted): 

   """
   A simple rule-based packet filter.
   """
   allowed_ports = [80, 443, 22]
   blocked_ips = ["192.168.1.50", "10.0.0.99"]
   
   if ip_address in blocked_ips:
       return "BLOCK: Source IP is on the Blacklist."
   
   if port not in allowed_ports:
       return f"BLOCK: Port {port} is closed for security."
       
   if port == 80 and not is_encrypted:
       return "WARNING: Allowing unencrypted web traffic (HTTP)."
       
   return "ALLOW: Traffic matches security policy."
  1. Testing a suspicious request

print(firewall_check("192.168.1.50", 443, True))

  1. This is how firewalls protect your home and business
  2. from thousands of 'knocks' per day.

</syntaxhighlight>

Security Landmarks
The Morris Worm (1988) → The first major internet worm, which showed how a single bug could crash 10% of the early internet.
Stuxnet → A sophisticated cyber-weapon that used network security flaws to physically destroy nuclear centrifuges.
HTTPS Everywhere → The global movement that made encryption the default for all web traffic.
Wi-Fi Security (WPA3) → The latest standard for protecting wireless networks from "Packet Sniffing" and password cracking.

Analyzing

IDS vs. IPS
Feature IDS (Detection) IPS (Prevention)
Role A 'Security Camera' A 'Security Guard'
Action Alerts an admin when a hack is seen Automatically 'Blocks' the hack as it happens
Risk Hacker might finish before admin sees it Might accidentally block 'Good' traffic
Analogy A smoke detector A sprinkler system

The Concept of "Attack Surface": Every open port, every user account, and every piece of software is a potential "Entry Point" for a hacker. The goal of network security is to "Shrink the Attack Surface" by closing everything that isn't essential. Analyzing a network's "Surface" is the first step in a "Penetration Test" (a legal, helpful hack to find flaws).

Evaluating

Evaluating network health: (1) Vulnerability Scanning: Are there any known bugs (CVEs) in our software that we haven't patched yet? (2) Latency: Does the security (like a VPN) slow down the network so much that people stop using it? (3) Log Analysis: Are there weird patterns of traffic (e.g., someone trying 1,000 passwords a second)? (4) Phishing Success Rate: Are our employees trained well enough to not click on "Free Gift Card" links?

Creating

Future Frontiers: (1) AI-Driven Security: Using neural networks to detect "Abnormal Behavior" in real-time that no human rule could catch. (2) Quantum Key Distribution (QKD): Using the laws of physics to send encryption keys that are mathematically impossible to intercept. (3) Deception Technology: Building "Honeypots" (fake servers) that lure hackers into a trap where their tools and methods can be studied safely. (4) IPv6 Adoption: Moving to a new internet address system that has built-in security features and trillions of more addresses.

Retrieved from "http://bloomwiki.org/index.php?title=Network_Security&oldid=1037"