Comprehensive Guide to Network Security: Architecture, Operations, Threats, and Hardening

Name: Internet Networks & Network Security | Google Cybersecurity Certificate
Uploaded: 2026-02-17T11:41:31.997661+00:00
Channel: Google Career Certificates
Description: Summary and key takeaways on Comprehensive Guide to Network Security: Architecture, Operations, Threats, and Hardening, covering Introduction Network security

Google Career Certificates

Feb 17, 2026

•

4 min read

YouTube video ID: NIRXtMg-0z8

Source: YouTube video by Google Career Certificates — Watch original video

PDF

Introduction

Network security is a critical responsibility for any security analyst. With attacks becoming more frequent and sophisticated, understanding how networks are built, how they operate, and how to protect them is essential.

1. Network Basics

What is a network? A collection of connected devices (computers, phones, IoT appliances) that communicate via cables or wireless links.
Types of networks:
LAN (Local Area Network) – confined to a single building or home.
WAN (Wide Area Network) – spans cities, countries, or the entire Internet.
Key devices:
Hub – broadcasts data to all ports (like a radio tower).
Switch – forwards data only to the intended destination, improving security and performance.
Router – connects multiple networks and routes packets based on IP addresses.
Modem – links a LAN to the Internet.
Virtualization tools provided by cloud providers can emulate these devices, offering cost‑saving and scalability.

2. Cloud Networks

Traditional on‑premise networks are being replaced or supplemented by cloud networks – remote servers accessed over the Internet.
Benefits: reduced capital expense, easier scaling, and access to advanced services (storage, analytics, on‑demand processing).
Security implication: the same principles (firewalls, segmentation, encryption) still apply, but responsibilities are shared between the provider and the organization.

3. Data Packets & the TCP/IP Model

Data packet = envelope containing header (source/destination IP & MAC), protocol number, payload (the message), and footer.
TCP/IP model (4 layers):
Network Access Layer – physical hardware, cables, switches.
Internet Layer – adds IP addresses, decides LAN vs. WAN routing.
Transport Layer – TCP/UDP manage flow control, error checking.
Application Layer – protocols like HTTP, DNS, SMTP.
Ports (e.g., 25 for email, 443 for HTTPS) allow multiple services to share a single IP address.

4. Core Network Protocols

TCP – establishes reliable connections via a three‑way handshake.
ARP – resolves IP addresses to MAC addresses on a LAN.
HTTPS – encrypts web traffic using SSL/TLS.
DNS – translates human‑readable domain names to IP addresses.
IEEE 802.11 (Wi‑Fi) – wireless LAN standards; security evolved from WPA → WPA2 → WPA3.

5. Security Devices & Techniques

Firewalls (hardware, software, cloud‑based):
Stateless – filter based on static rules.
Stateful – track connections and block suspicious behavior.
Next‑Generation Firewalls (NGFW) – add deep packet inspection and threat‑intel integration.
VPNs – encrypt traffic and encapsulate packets, hiding the user’s public IP.
Security Zones – network segmentation (DMZ, internal, restricted) protected by multiple firewalls.
Proxy Servers – forward client requests, hide internal IPs, cache content, and can filter unsafe sites. Types include forward, reverse, and email proxies.

6. Common Network Attacks

Denial‑of‑Service (DoS) / Distributed DoS (DDoS) – flood a target with traffic to exhaust bandwidth or resources.
SYN flood – overwhelms the TCP handshake.
ICMP flood – saturates the network with ping‑type packets.
Ping of Death – sends an oversized ICMP packet (>64 KB) that crashes the target.
Packet Sniffing – intercepts data packets.
Passive – reads traffic (like opening someone’s mail).
Active – modifies packets in transit.
Mitigations: VPN encryption, HTTPS, avoid unprotected Wi‑Fi.
IP Spoofing – falsifies the source IP address.
Variants: on‑path attacks, replay attacks, Smurf attacks.
Mitigations: strict firewall rules, anti‑spoofing filters, encryption.

7. Security Hardening

a. OS Hardening

Regular patch updates to fix known vulnerabilities.
Maintain a baseline configuration for quick deviation detection.
Secure disposal of old hardware/software.
Enforce strong password policies and consider MFA.

b. Network Hardening

Port filtering – only open necessary ports.
Network segmentation – isolate departments or security zones.
Encryption – use latest standards, especially for restricted zones.
Ongoing log analysis with SIEM tools to spot anomalies.

c. Cloud Hardening

Use baseline images for cloud instances.
Separate workloads by service category.
Apply the same patch, segmentation, and encryption practices as on‑premise environments.

8. Putting It All Together

A security analyst must understand the full stack—from physical devices to cloud services—and apply layered defenses: firewalls, VPNs, segmentation, hardening, and continuous monitoring. This holistic approach reduces the attack surface and limits the impact of any breach.

Conclusion

Network security is a multi‑layered discipline that blends architecture knowledge, protocol awareness, threat detection, and proactive hardening. Mastering these concepts equips analysts to protect modern, hybrid environments against evolving attacks.

Effective network security requires a layered strategy that combines solid architecture, vigilant monitoring, and continuous hardening across devices, protocols, and cloud services.

Frequently Asked Questions

Who is Google Career Certificates on YouTube?

Google Career Certificates is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Network Security Essentials Book Recommended

Provides foundational concepts and practical guidance for securing LAN, WAN, and cloud networks, helping analysts build a solid security foundation now

Amazon →

Cisco Certified Network Associate (Ccna) Official Cert Guide

Covers networking fundamentals, device configuration, and security best practices essential for modern network defense, making it valuable for current professionals

Amazon →

Ubiquiti Unifi Switch 8 Poe

A reliable, managed switch that supports VLANs and port filtering, enabling secure segmentation and traffic control in small to medium networks today

Amazon →

Wireshark Network Analyzer Book

Teaches packet sniffing analysis techniques and how to detect malicious traffic, crucial for defending against interception attacks now

Amazon →

Comptia Security+ Study Guide

Offers comprehensive coverage of security hardening, firewalls, VPNs, and cloud security, aligning with current industry certification requirements

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

CHRIS ROOSENRAAD: You've
learned about security domains
in previous courses.
Now we'll explore one of
those domains further--
networks.
It's important to
secure networks
because network-based attacks
are growing in both frequency
and complexity.
Hi there.
My name is Chris, and I'm the
Chief Information Security
Officer for Google Fiber.
I'm excited to be your
instructor for this course.
I've been working in network
security and engineering
for over 20 years, and
I'm looking forward
to sharing some of my knowledge
and experience with you.
This course will help you
understand the basic structure
of a network, also referred
to as a network architecture,
and commonly used network tools.
You'll also learn about
network operations
and explore some basic
network protocols.
Next, you'll learn about
common network attacks
and how network
intrusion tactics can
prevent a threat to a network.
Finally, the course will
provide an overview of security
hardening practices
and how you might use
them to help secure a network.
There's a lot to learn
in securing networks,
and I'm excited to go on
this journey with you.
Ready to get started?
Let's go.
Before securing a
network, you need
to understand the basic
design of a network
and how it functions.
In this section
of the course, you
will learn about the
structure of a network,
standard networking
tools, cloud networks,
and the basic framework for
organizing communications
across a network,
called the TCP/IP model.
Securing networks is a big
part of a security analyst's
responsibilities, so I'm
excited to help you understand
how to secure your
organization's
network from threats,
risks, and vulnerabilities.
Let's get going.
Welcome.
Before you can
understand the importance
of securing a network, you
need to know what a network is.
A network is a group
of connected devices.
At home, the devices
connected to your network
might be your laptop, cell
phones, and smart devices,
like your refrigerator
or air conditioner.
In an office, devices like
workstations, printers,
and servers all
connect to the network.
The devices on a
network can communicate
with each other over network
cables or wireless connections.
Networks in your
home and office can
communicate with networks
in other locations
and the devices on them.
Devices need to find
each other on a network
to establish communications.
These devices will use unique
addresses or identifiers
to locate each other.
The addresses will ensure
that communications
happens with the right device.
These are called the
IP and MAC addresses.
Devices can communicate
on two types of network--
a Local Area Network, also
known as a LAN, and a Wide Area
Network, also known as a WAN.
A Local Area Network, or
LAN, spans a small area,
like an office building,
a school, or a home.
For example, when a personal
device, like your cell phone
or tablet, connects to the Wi-Fi
in your house, they form a LAN.
The LAN then connects
to the internet.
A Wide Area Network,
or WAN, spans
a large geographical area,
like a city, state, or country.
You can think of the
internet as one big WAN.
An employee of a
company in San Francisco
can communicate
and share resources
with another employee in
Dublin, Ireland over the WAN.
Now that you've learned
about the structure and types
of network, meet me
in an upcoming video
to learn about the devices
that connect to them.
In this video, you'll learn
about the common devices
that make up a network.
Let's get started.
A hub is a network device
that broadcasts information
to every device on the network.
Think of a hub like
a radio tower that
broadcasts a signal to any radio
tuned to the correct frequency.
Another network
device is a switch.
A switch makes connections
between specific devices
on a network by sending and
receiving data between them.
A switch is more
intelligent than a hub.
It only passes data to
the intended destination.
This makes switches
more secure than hubs
and enables them to
control the flow of traffic
and improve network performance.
Another device that we'll
discuss is a router.
A router is a network device
that connects multiple networks
together.
For example, if a
computer in one network
wants to send information to
a tablet on another network,
then the information will
be transferred as follows.
First, the information
travels from the computer
to the router.
Then the router reads
the destination address
and forwards the data to the
intended network's router.
Finally, the receiving router
directs that information
to the tablet.
Finally, let's discuss modems.
A modem is a device
that connects
your router to the internet
and brings internet access
to the LAN.
For example, if a
computer from one network
wants to send
information to a device
on a network in a different
geographic location,
it would be transferred
as follows--
the computer would send
information to the router.
The router would then
transfer the information
through the modem
to the internet.
The intended recipient's
modem receives the information
and transfers it to the router.
Finally, the recipient's router
forwards that information
to the destination device.
Network tools, such as hubs,
switches, routers, and modems,
are physical devices.
However, many
functions performed
by these physical
devices can be completed
by virtualization tools.
Virtualization tools
are pieces of software
that perform network operations.
Virtualization tools carry out
operations that would normally
be completed by a hub,
switch, router, or modem,
and they are offered by
cloud service providers.
These tools provide
opportunities for cost savings
and scalability.
You'll learn more
about them later
in the certificate program.
Now you've explored some common
devices that make up a network.
Coming up, you're going to
learn more about cloud computing
and how networks can be
designed using cloud services.
Companies have traditionally
owned their network devices
and kept them in their
own office buildings.
But now a lot of companies are
using third-party providers
to manage their networks.
Why?
Well, this model helps
companies save money
while giving them access
to more network resources.
The growth of cloud
computing is helping
many companies reduce costs
and streamline their network
operations.
Cloud computing is
the practice of using
remote servers, applications,
and network services that
are hosted on the
internet instead
of on local physical devices.
Today the number of businesses
that use cloud computing
is increasing
every year, so it's
important to understand
how cloud networks function
and how to secure them.
Cloud providers
offer an alternative
to traditional
on-premise networks
and allow organizations
to have the benefit
of a traditional network
without storing the devices
and managing the
network on their own.
A cloud network is a collection
of servers or computers
that stores resources
and data in a remote data
center that can be
accessed via the internet.
Because companies
don't house the servers
at their physical
location, these servers
are referred to as
being in the cloud.
Traditional network
hosts web servers
from a business in
its physical location.
However, cloud
networks are different
from traditional
networks because they
use remote servers, which
allows online services and web
applications to be used from
any geographic location.
Cloud security will
become increasingly
relevant to many
security professionals
as more organizations
migrate to cloud services.
Cloud service providers
offer cloud computing
to maintain applications.
For example, they
provide on-demand storage
and processing power that their
customers only pay as needed.
They also provide
business and web analytics
that organizations can use
to monitor their web traffic
and sales.
With a transition
to cloud networking,
I have witnessed an overlap
of identity-based security
on top of the more traditional
network-based solutions.
This meant that my
focus needed to be
on verifying both where
the traffic is coming from
and the identity that
is coming with it.
More organizations are
moving their network services
to the cloud to save money
and simplify their operations.
As this trend has
grown, cloud security
has become a significant
aspect of network security.
Networks help organizations
communicate and connect.
But communication makes
network attacks more likely
because it gives a malicious
actor an opportunity
to take advantage of
vulnerable devices
and unprotected networks.
Communication over
a network happens
when data is transferred
from one point to another.
Pieces of data are typically
referred to as data packets.
A data packet is a basic
unit of information
that travels from one device
to another within a network.
When data is sent
from one device
to another across
a network, it is
sent as a packet that contains
information about where
the packet is going,
where it's coming from,
and the content of the message.
Think about data packets like
a piece of physical mail.
Imagine you want to send
a letter to a friend.
The envelope will need
to have the address where
you want the letter to go,
and your return address.
Inside the envelope
is a letter that
contains the message that
you want your friend to read.
A data packet is very
similar to a physical letter.
It contains a header that
includes the Internet Protocol
address, the IP address,
and the Media Access
Control, or MAC address,
of the destination device.
And it includes
a protocol number
that tells the
receiving device what
to do with the
information in the packet.
Then there's the body
of the packet, which
contains the message that
needs to be transmitted
to the receiving device.
Finally, at the end of the
packet, there's a footer.
Similar to a
signature on a letter,
the footer signals to
the receiving device
that the packet is finished.
The movement of data
packets across a network
can provide an indication of how
well the network is performing.
Network performance can
be measured by bandwidth.
Bandwidth refers to
the amount of data
a device receives every second.
You can calculate bandwidth by
dividing the quantity of data
by the time in seconds.
Speed refers to the rate
at which data packets are
received or downloaded.
Security personnel are
interested in network bandwidth
and speed because if
either are irregular,
it can be an indication
of an attack.
Packet sniffing is the practice
of capturing and inspecting
data packets across the network.
Communication on a network is
important for sharing resources
and data because it
allows organizations
to function effectively.
Coming up, you'll learn more
about the protocols that
support network communication.
Hello again.
In this video, you'll learn more
about communication protocol
the devices use to
communicate with each other
across the internet.
This is called the TCP/IP model.
TCP/IP stands for Transmission
Control Protocol and Internet
Protocol.
TCP/IP is the standard model
used for network communication.
Let's take a closer
look at this model
by defining TCP
and IP separately.
First, TCP, or the
Transmission Control Protocol,
is an internet
communication protocol
that allows two devices to form
a connection and stream data.
The protocol includes
a set of instructions
to organize data so it can
be sent across a network.
It also establishes a
connection between two devices
and makes sure
the packet reaches
the appropriate destination.
The IP in TCP/IP stands
for Internet Protocol.
IP is a set of standards used
for routing and addressing
data packets as they travel
between devices on a network.
Included in the internet
protocol is the IP address
that functions as an address
for each private network.
You'll learn more about
IP addresses a bit later.
When data packets are sent
and received across a network,
they are assigned a port.
Within the operating
system of a network device,
a port is a
software-based location
that organizes the sending
and receiving of data
between devices on a network.
Ports divide network
traffic into segments
based on the service they will
perform between two devices.
The computer sending and
receiving these data segments
knows how to prioritize
and process these segments
based on their port number.
This is like sending a
letter to a friend who
lives in an apartment building.
The mail delivery
person not only
knows how to find the
building, but they also
know exactly where to go in the
building to find the apartment
number where your friend lives.
Data packets
include instructions
that tell the
receiving device what
to do with the information.
These instructions come in
the form of a port number.
Port numbers allow computers
to split the network traffic
and prioritize the
operations they
will perform with the data.
Some common port
numbers are port 25,
which is used for
email, port 443,
which is used for secure
internet communications,
and port 20 for
large file transfers.
As you've learned
in this video, a lot
of information and instructions
are contained in data packets
as they travel
across the network.
Coming up, you'll learn
more about the TCP/IP model.
Now that we have discussed
the structure of a network
and how communications takes
place, it's important for you
to know how the security
professionals identify
problems that might arise.
The TCP/IP model
is a framework that
is used to visualize how data
is organized and transmitted
across the network.
The TCP/IP model
has four layers.
The four layers are the
network access layer,
the internet layer,
the transport layer,
and the application layer.
Knowing how the TCP/IP model
organizes network activity
allows security professionals
to monitor and secure
against risks.
Let's examine these
layers one at a time.
Layer 1 is the
network access layer.
The network access layer deals
with creation of data packets
and their transmission
across a network.
This includes hardware devices
connected to physical cables
and switches that direct
the data to its destination.
Layer 2 is the internet layer.
The internet layer
is where IP addresses
are attached to data packets
to indicate the location
of the sender and receiver.
The internet layer also
focuses on how networks connect
to each other, for example, data
packets containing information
that determine whether
they will stay on the LAN
or be sent to a remote
network, like the internet.
The transport layer
includes protocols
to control the flow of
traffic across a network.
These protocols permit
or deny communication
with other devices and
include information
about the status
of the connection.
Activities of this layer
include error control,
which ensures data is flowing
smoothly across the network.
Finally, at the
application layer,
protocols determine how the
data packets will interact
with receiving devices.
Functions that are organized
at the application layer
include file transfers
and email services.
Now you have an understanding
of the TCP/IP model and its four
layers.
Meet you in the next video.
Let's learn about how
IP addresses are used
to communicate over a network.
IP stands for Internet Protocol.
An Internet Protocol
address, or IP address,
is a unique string
of characters that
identifies the location of
a device on the internet.
Each device on the internet
has a unique IP address,
just like every
house on a street
has its own mailing address.
There are two types
of IP addresses--
IP version 4 or IPv4, and
IP version 6, or IPv6.
Let's look at examples
of an IPv4 address.
IPv4 addresses are written
as four one-, two-,
or three-digit numbers
separated by a decimal point.
In the early days
of the internet,
IP addresses were all IPv4.
But as the use of
the internet grew,
all the IPv4 addresses
started to get used up,
so IPv6 was developed.
IPv6 addresses are made
up of 32 characters.
The length of the IPv6 address
will allow for more devices
to be connected to the
internet without running out
of addresses as quickly as IPv4.
IP addresses can be
either public or private.
Your internet service provider
assigns a public IP address
that is connected to
your geographic location.
When network
communications goes out
for your device on
the internet, they all
have the same
public-facing address.
Just like all of the
roommates in one home
share the same mailing
address, all the devices
on a network share the same
public-facing IP address.
Private IP addresses are
only seen by other devices
on the same local network.
This means that all the
devices on your home network
can communicate with each
other using unique IP
addresses that the rest
of the internet can't see.
Another kind of address used
in network communications
is called a MAC address.
A MAC address is a unique
alphanumeric identifier
that is assigned to each
physical device on a network.
When a switch receives
a data packet,
it reads the MAC address
of the destination device
and maps it to a port.
It then keeps this information
in a MAC address table.
Think of the MAC address
table like an address book
that the switch uses
to direct data packets
to the appropriate device.
In this video, you
learned about IP version 4
and IP version 6 addresses.
You learn how IP
and MAC addresses
are used in network
communication,
and the difference between
a public and a private IP
address.
Hey, you made it.
Well done.
Let's wrap up what
you've learned
in this section of the course.
We explored the
structure of a network,
including WANs and LANs.
We also discussed
standard networking tools,
like hubs, switches,
routers, and modems.
We briefly introduced
cloud networks,
and we discussed their benefits.
We also spent some time
on the TCP/IP model.
As a reminder, technicians
and security analysts
often use this framework
when communicating where
network problems have occurred.
That wraps up this section.
Next, you'll learn more
about network operations
and how data is transmitted
over wireless networks.
Congratulations on the
progress you've made so far.
In this section, you'll learn
about how networks operate
using tools and protocols.
These are the
concepts that you'll
use every day in your work
as a security analyst.
The tools and
protocols you'll learn
in this section of
the program will
help you protect your
organization's network
from attack.
Did you know that
malicious actors
can take advantage of data
moving from one device
to another on a network?
Thankfully, there are
tools and protocols
to ensure the network
stays protected
against this type of threat.
As an example, I once
identified an attack
based solely on the fact they
were using the wrong protocol.
The network traffic
volumes were right.
It was coming from
a trusted IP, but it
was on the wrong
protocol, which tipped us
off enough to shut down
the attack before they
caused real damage.
First, we'll discuss some
common network protocols.
Then we'll discuss Virtual
Private Networks, or VPNs,
and finally, we'll learn about
firewalls, security zones,
and proxy servers.
Now that you have an idea
of where we're headed,
let's get started.
Networks benefit
from having rules.
Rules ensure that data
sent over the network
gets to the right place.
These rules are known
as network protocols.
Network protocols
are a set of rules
used by two or more
devices on a network
to describe the
order of delivery
and the structure of the data.
Let's use a scenario
to demonstrate
a few different types
of network protocols
and how they work
together on a network.
Say you want to access your
favorite recipe website.
You go to the address bar at
the top of your browser and type
in the website's
address, for example,
www.yummyrecipesforme.org.
Before you gain
access to the website,
your device will
establish communications
with a web server.
That communication
uses a protocol
called the Transmission
Control Protocol, or TCP.
TCP is an internet
communications protocol
that allows two devices to form
a connection and stream data.
TCP also verifies both
devices before allowing
any further communications
to take place.
This is often referred
to as a handshake.
Once communication
is established
using a TCP handshake, a
request is made to the network.
Using our example, we
have requested data
from the
YummyRecipeForMe server.
Their servers will
respond to that request
and send data packets
back to your device
so that you can
view the web page.
As data packets move
across the network,
they move between network
devices, such as routers.
The Address Resolution
Protocol, or ARP,
is used to determine the MAC
address of the next router
or device in the path.
This ensures that the data
gets to the right place.
Now the communication
has been established
and the destination
device is known,
it's time to access the
YummyRecipeForMe website.
The HyperText Transfer
Protocol Secure, or HTTPS,
is a network protocol
that provides
a secure method of communication
between client and website
servers.
It allows your web browser
to securely send a request
for a web page to the
YummyRecipesForMe server
and receive a web
page as a response.
Next comes a protocol called
the Domain Name System, or DNS,
which is a network protocol
to translate internet domain
names into IP addresses.
The DNS protocol sends the
domain name and the web address
to a DNS server that
retrieves the IP
address of the website
you are trying to access,
in this case, YummyRecipesForMe.
The IP address is included
as a destination address
for the data packets traveling
to the YummyRecipesForMe web
server.
So just by visiting one website,
the device on your networks
are using four
different protocols--
TCP, ARP, HTTPS, and DNS.
These are just some
of the protocols
used in network communications.
To help you learn more about
the different protocols,
we'll discuss them further
in upcoming course material.
But how do these protocols
relate to security?
Well, in YummyRecipesForMe
website example,
we used HTTPS, which is a secure
protocol that requests a web
page from a web server.
HTTPS encrypts data
using the Secure Socket
Layer and Transport
Layer Security,
otherwise known as SSL/TLS.
This helps keep the information
secure from malicious actors
who want to steal
valuable information.
That's a lot of information and
a lot of protocols to remember.
Throughout your career
as a security analyst,
you'll become more familiar
with network protocols
and use them in your
daily activities.
So far you've learned about a
variety of network protocols,
including communications
protocols like TCP/IP.
Now we're going to
go more in depth
into a class of communications
protocols called the IEEE
802.11.
IEEE 802.11, commonly
known as Wi-Fi,
is a set of standards
that define communications
for wireless LANs.
IEEE stands for the Institute
of Electrical and Electronics
Engineers, which is
an organization that
maintains Wi-Fi standards.
And 802.11 is a suite
of protocols used
in wireless communications.
Wi-Fi protocols have
adapted over the years
to become more
secure and reliable
to provide the same level of
security as a wired connection.
In 2004, a secure protocol
called the Wi-Fi Protected
Access, or WPA, was introduced.
WPA is a wireless security
protocol for devices
to connect to the internet.
Since then, WPA has evolved
into newer versions, like WPA2
and WPA3, which include
further security improvements,
like more advanced encryption.
As a security analyst, you might
be responsible for making sure
that the wireless connections
in your organization are secure.
Let's learn more about
security measures.
In this video, you'll
learn about different types
of firewalls.
These include
hardware, software,
and cloud-based firewalls.
You'll also learn the
difference between
a stateless and
stateful firewall,
and cover some of
the basic operations
that a firewall performs.
Finally, you'll explore
how proxy servers
are used to add a layer of
security to the network.
A firewall is a network security
device that monitors traffic
to and from your network.
It either allows
traffic, or it blocks it
based on a defined
set of security rules.
A firewall can use
port filtering,
which blocks or allows
certain port numbers to limit
unwanted communication.
For example, it
could have a rule
that only allows communications
on port 443 for HTTPS
or port 25 for email and
blocks everything else.
These firewall settings
will be determined
by the organization's
security policy.
Let's talk about a few
different kinds of firewalls.
A hardware firewall is
considered the most basic way
to defend against
threats to a network.
A hardware firewall
inspects each data packet
before it's allowed
to enter the network.
A software firewall
performs the same functions
as a hardware firewall, but
it's not a physical device.
Instead, it's a software
program installed on a computer
or on a server.
If the software firewall's
installed on a computer,
it will analyze all the traffic
received by that computer.
If the software firewall
is installed on a server,
it will protect all the devices
connected to the server.
A software firewall
typically costs
less than purchasing a
separate physical device,
and it doesn't take
up any extra space.
But because it is
a software program,
it will add some
processing burden
to the individual devices.
Organizations may choose to
use a cloud-based firewall.
Cloud service providers
offer Firewalls as a Service,
or FaaS, for organizations.
Cloud-based firewalls
are software firewalls
hosted by a cloud
service provider.
Organizations can configure
the firewall rules
on the cloud service
provider's interface,
and the firewall will
perform security operations
on all incoming traffic before
it reaches the organization's
on-site network.
Cloud-based firewalls also
protect any assets or processes
that an organization might
be using in the cloud.
All the firewalls
we have discussed
can be either
stateful or stateless.
The terms "stateful"
and "stateless"
refer to how the
firewall operates.
Stateful refers to
a class of firewall
that keeps track of
information passing through it
and proactively
filters out threats.
A stateful firewall
analyzes network traffic
for characteristics
and behavior that
appear suspicious and stops
them from entering the network.
Stateless refers to
a class of firewall
that operates based
on predefined rules
and does not keep track of
information from data packets.
A stateless firewall
only acts according
to preconfigured rules set by
the firewall administrator.
The rules programmed by
the firewall administrator
tell the device what to
accept and what to reject.
A stateless firewall doesn't
store or analyze information.
It also doesn't discover
suspicious trends
like a stateful firewall does.
For this reason,
stateless firewalls
are considered less secure
than stateful firewalls.
A Next-Generation
FireWall, or NGFW,
provides even more security
than a stateful firewall.
Not only does an NGFW
provide stateful inspection
of incoming and
outgoing traffic,
but it also performs more
in-depth security functions,
like deep packet inspection
and intrusion protection.
Some NGFWs connect to
cloud-based threat intelligence
services so they can
quickly update to protect
against emerging cyber threats.
Now you have a basic
understanding of firewalls
and how they work.
We learned that firewalls
can be hardware or software.
We also discussed the
difference between
a stateless and stateful
firewall and the security
benefits of a stateful firewall.
Finally, we discussed
next-generation firewalls
and the security
benefits they provide.
Coming up, we'll learn more
about virtual networks.
In this video, we're
going to discuss
how Virtual Private
Networks, or VPNs,
add security to your network.
When you connect
to the internet,
your internet service provider
receives your network's
requests and forwards it to
the correct destination server.
But your internet
requests include
your private information.
That means if the
traffic gets intercepted,
someone could potentially
connect your internet activity
with your physical location
and your personal information.
This includes some
information that you
want to keep private, like
bank accounts and credit card
numbers.
A Virtual Private Network,
also known as a VPN,
is a network security service
that changes your public IP
address and hides your
virtual location so that you
can keep your data private when
you're using a public network,
like the internet.
VPNs also encrypt your data as
it travels across the internet
to preserve confidentiality.
A VPN service
performs encapsulation
on your data in transit.
Encapsulation is a process
performed by a VPN service
that protects your data
by wrapping sensitive data
in other data packets.
Previously, you learned
how the MAC and IP
address of the
destination device
is contained in the header
and footer of a data packet.
This is a security
threat because it
shows the IP and
virtual location
of your private network.
You could secure a data
packet by encrypting
it to make sure your
information can't be deciphered,
but the network routers
won't be able to read
the IP and MAC address to
know where to send it to.
This means you won't be able
to connect to the internet site
or the service that you want.
Encapsulation
solves this problem
while still maintaining
your privacy.
VPN services encrypt
your data packets
and encapsulate them
in other data packets
that the routers can read.
This allows your
network requests
to reach their destination
but still encrypts
your personal data so it's
unreadable while in transit.
A VPN also uses an
encrypted tunnel
between your device
and the VPN server.
The encryption is unhackable
without a cryptographic key,
so no one can access your data.
VPN services are simple and
offer significant protection
while you're on the internet.
With a VPN, you have the added
assurance that your data is
encrypted, your IP address
and virtual location
are unreadable to
malicious actors.
In this section, we'll discuss
a type of network security
feature called a security zone.
Security zones are a
segment of a network
that protects the internal
network from the internet.
They are part of the
security technique
called network segmentation.
It divides the
network into segments.
Each network segment has its own
access permissions and security
rules.
Security zones control who
can access different segments
of a network.
Security zones act as a
barrier to internal networks,
maintain privacy within
corporate groups,
and prevent issues from
spreading to the whole network.
One example of
network segmentation
is a hotel that offers
free public Wi-Fi.
The unsecured guest
network is kept separate
from another encrypted network
used by the hotel staff.
Additionally, an
organization's network
can be divided into
subnetworks, or subnets,
to maintain privacy for each
department in an organization.
For instance, at a
university, there
may be a faculty subnet and
a separate student subnet.
If there is contamination
on the student subnet,
network administrators
can isolate it
and keep the rest of the
network free from contamination.
An organization's network
is classified into two types
of security zones.
First, there's the
uncontrolled zone,
which is any network outside
the organization's control,
like the internet.
Then there's the
controlled zone,
which is a subnet that
protects the internal network
from the uncontrolled zone.
There are several types of
network within the controlled
zone.
On the outer layer is the
Demilitarized Zone, or DMZ,
which contains
public-facing services that
can access the internet.
This includes web servers,
proxy servers that host websites
for the public, and
DNS servers that
provide IP addresses
for internet users.
It also includes email
and file servers that
handle external communications.
The DMZ acts as a
network perimeter
to the internal network.
The internal network contains
private servers and data
that the organization
needs to protect.
Inside the internal
network is another zone
called the restricted zone.
The restricted zone protects
highly confidential information
that is only
accessible to employees
with certain privileges.
Now let's try to picture
these security zones.
Ideally, the DMZ is situated
between two firewalls.
One of them filters
traffic outside the DMZ,
and one of them filters traffic
entering the internal network.
This protects the
internal network
with several lines of defense.
If there's a restricted
zone, that too
would be protected
with another firewall.
This way, attacks that penetrate
into the DMZ network cannot
spread to the internal network.
And attacks that penetrate the
internal network cannot access
the restricted zone.
As a security
analyst, you may be
responsible for
regulating access control
policies on these firewalls.
Security teams can
control traffic
reaching the DMZ and
the internal network
by restricting IPs and ports.
For example, an
analyst may ensure
that only HTTPS traffic
is allowed to access
web servers in the DMZ.
Security zones are
an important part
of securing networks, especially
in large organizations.
Understanding how they are used
is essential for all security
analysts.
Coming up, we'll learn about
securing internal networks.
Previously, we discussed how
firewalls, VPNs, and security
zones help to secure networks.
Next we'll cover how to
secure internal networks
with proxy servers.
Proxy servers are another system
that help secure networks.
The definition of a
proxy server is a server
that fulfills the
request of a client
by forwarding them
on to other servers.
The proxy server is
a dedicated server
that sits between the internet
and the rest of the network.
When a request to
connect to the network
comes in from the
internet, the proxy server
will determine if the
connection request is safe.
The proxy server uses
a public IP address
that is different from the
rest of the private network.
This hides the private
network's IP address
from malicious actors
on the internet
and adds a layer of security.
Let's examine how this
would work with an example.
When a client receives
an HTTPS response,
they will notice a distorted
IP address or no IP address,
rather than the real IP address
of the organization's web
server.
A proxy server can also be
used to block unsafe websites
that users aren't allowed to
access on an organization's
network.
A proxy server uses
temporary memory
to store data that's regularly
requested by external servers.
This way it doesn't
have to fetch data
from an organization's
internal servers every time.
This enhances security
by reducing contact
with the internal server.
There are different
types of proxy servers
that support network security.
This is important for security
analysts who monitor traffic
from various proxy servers
and may need to know
what purpose they serve.
Let's explore some different
types of proxy servers.
A forward proxy server regulates
and restricts a person's access
to the internet.
The goal is to hide
a user's IP address
and approve all
outgoing requests.
In the context of
an organization,
a forward proxy server
receives outgoing traffic
from an employee,
approves it, and then
forwards it on to the
destination on the internet.
A reverse proxy server regulates
and restricts the internet's
access to an internal server.
The goal is to accept traffic
from external parties,
approve it, and forward it
to the internal servers.
This setup is useful for
protecting internal web servers
containing confidential
data from exposing their IP
address to external parties.
An email proxy server is
another valuable security tool.
It filters spam email by
verifying whether a sender's
address was forged.
This reduced the risk
of phishing attacks
that impersonate people
known to the organization.
Let's talk about a real-world
example of an email proxy.
Several years ago, when I
was working at a large US
broadband ISP, we
used a proxy server
to implement multiple layers
of anti-spam filtering
before the message was
allowed in for delivery.
It ended up tagging around
95% of messages as spam.
The proxy servers would
allow us to filter and then
scale those filters without
impacting the underlying email
platform.
Proxy servers play an important
part in network security.
By filtering incoming
and outgoing traffic
and staying alert
to network attacks,
these devices add a
layer of protection
from unsecured public network
that we call the internet.
You've learned a lot
about some complex topics.
I want to congratulate you for
coming this far in the program.
Let's recap what we've
covered in this section.
First, we discussed
common network protocols,
like TCP, ARP, HTTPS, and DNS.
And then we covered how Virtual
Private Networks, or VPNs,
can be used to maintain
privacy on a public network.
Finally, we explored how
firewalls, security zones,
and proxy servers help to
secure network infrastructure.
Overall, network
operations is a vast topic
involving various tools,
protocols, and techniques
that help networks run
smoothly and securely.
Feel free to come back
and review these videos
at any time.
You'll use this information
in any type of role
as a security analyst.
Hey there.
Welcome to this video about
securing networks from attacks.
You've come a long way
already in your understanding
of networks and
network security.
Now you'll learn how
to secure networks
so that the valuable
information they contain
doesn't get into
the wrong hands.
We're going to discuss how
network intrusion tactics can
present a threat to networks,
and how a security analyst can
protect against network attacks.
Let's get started.
Let's start by
answering the question,
why do we need to
secure networks?
As you've learned, networks are
constantly at risk of attack
from malicious actors.
Attackers can infiltrate
networks via malware, spoofing,
or packet sniffing.
Network operations can also
be disrupted by attacks
such as packet flooding.
As we go along,
you're going to learn
about these and other common
network intrusion attacks
in more detail.
Protecting a network from these
types of attacks is important.
If even one of them happens, it
could be a catastrophic impact
on an organization.
Attacks can harm an
organization by leaking
valuable or confidential
information.
They can also be damaging to
an organization's reputation
and impact customer retention.
Mitigating attacks may
also cost the organization
money and time.
Over the last few
years, there have
been a number of
examples of damage
that cyber attacks can cause.
One notorious
example was an attack
against the American home
improvement chain Home Depot
in 2014.
A group of hackers compromised
and infected Home Depot's
servers with malware.
By the time network
administrators
shut down the
attack, the hackers
had already taken the credit
and debit card information
for over 56 million customers.
Now you know why it's so
important to secure a network.
But to keep a
network secure, you
need to know what kinds of
attacks to protect it from.
Coming up, you'll learn about
some common network attacks.
Welcome back.
In this video, we
are going to discuss
denial-of-service attacks.
A denial-of-service
attack is an attack
that targets a network
or server and floods it
with network traffic.
The objective of a
Denial-of-Service attack,
or a DoS attack, is to disrupt
the normal business operations
by overloading an
organization's network.
The goal of the attack is
to send so much information
to a network the device that it
crashes or is unable to respond
to legitimate users.
This means that the
organization won't
be able to conduct their normal
business operations, which
can cost them money and time.
A network crash
can also leave them
vulnerable to other security
threats and attacks.
A Distributed Denial-of-Service
attack, or DDoS,
is a kind of DoS attack
that uses multiple devices
or servers in
different locations
to flood the target network
with unwanted traffic.
Use of numerous devices
makes it more likely
that the total amount of traffic
sent will overwhelm the target
server.
Remember, DoS stands
for Denial of Service.
So it doesn't matter
what part of the network
the attacker overloads.
If they overload
anything, they win.
An unfortunate example
I've seen is an attacker
who crafted a very
careful packet that
caused a router to spend extra
time processing the request.
The overall traffic volume
didn't overload the router.
The specifics within
the packet did.
Now we'll discuss network-level
DoS attacks that target network
bandwidth to slow traffic.
Let's learn about three common
network-level DoS attacks.
The first is called
a SYN flood attack.
A SYN flood attack is
a type of DoS attack
that simulates
the TCP connection
and floods a server
with SYN packets.
So let's break this
definition down
a bit more by taking a
closer look at the handshake
process that is used to
establish a TCP connection
between a device and a server.
The first step in
the handshake is
for the device to send a
SYN, or a Synchronize request
to the server.
Then the server responds
with a SYN/ACK packet
to acknowledge the receipt
of the device's request
and leaves a port open for the
final step of the handshake.
Once the server receives
the final ACK packet
from the device, a TCP
connection is established.
Malicious actors can take
advantage of the protocol
by flooding a server
with SYN packet requests
for the first part
of the handshake.
But if the number
of SYN requests
is larger than the number of
available ports on the server,
then the server
will be overwhelmed
and become unable to function.
Let's discuss two
other common DoS
attacks that use another
protocol called ICMP.
ICMP stands for Internet
Control Message Protocol.
ICMP is an internet
protocol used by devices
to tell each other
about data transmission
errors across the network.
Think of ICMP like a request for
a status update from a device.
The device will
return error messages
if there is a network concern.
You can think of this like
the ICMP request checking
in with the device to make
sure that all is well.
An ICMP flood attack is a
type of DoS attack performed
by an attacker
repeatedly sending ICMP
packets to a network server.
This forces the server
to send an ICMP packet.
This eventually uses
up all the bandwidth
for incoming and
outgoing traffic
and causes the server to crash.
Both of the attacks
we've discussed so far,
SYN flood and ICMP
flood, take advantage
of communication protocols by
sending an overwhelming number
of requests.
There are also attacks
that can overwhelm
a server with one big request.
One example that we'll discuss
is called the ping of death.
A ping of death attack
is a type of DoS attack
that is caused when a hacker
pings a system by sending it
an oversized ICMP
packet that is bigger
than 64 kilobytes, the
maximum size for a correctly
formed ICMP packet.
Pinging a vulnerable network
server with an oversized ICMP
packet will overload the
system and cause it to crash.
Think of this like dropping
a rock on a small anthill.
Each individual ant can carry
a certain amount of weight
while transporting food
to and from the anthill.
But if a large rock is
dropped on the anthill,
then many ants will be
crushed and the colony
is unable to function
until it rebuilds
its operations elsewhere.
Now that's it for
DoS and DDoS attacks.
Coming up, we'll continue to
discuss common network attacks.
In this video, we'll discuss
packet sniffing, with a focus
on how threat actors
may use this technique
to gain unauthorized
access to information.
Previously, you learned
about the information
in data packets that
travel across the network.
Packets include a header,
which contains the sender's
and receiver's IP addresses.
Packets also contain
a body, which
may contain valuable information
like names, date of birth,
personal messages, financial
information, credit card
numbers.
Packet sniffing is the practice
of using software tools
to observe data as it
moves across a network.
As a security analyst,
you may use packet
sniffing to analyze
and capture packets
when investigating
ongoing incidents
or debugging network issues.
Later in this
certificate program,
you'll gain hands-on practice
with some packet sniffing
software.
However, malicious
actors may also
use packet sniffing
to look at data
that has not been sent to them.
This is a little bit like
opening somebody else's mail.
It's important for you to learn
about how threat actors use
packet sniffing
with harmful intent
so you can be
prepared to protect
against these malicious acts.
Malicious actors may
insert themselves
in the middle of an authorized
connection between two devices.
Then they can use
packet sniffing
to spy on every data packet as
it comes across their device.
The goal is to find valuable
information in the data packets
that they can then use
in their advantage.
Attackers can use software
applications or a hardware
device to look
into data packets.
Malicious actors can
access a network packet
with a packet sniffer and
make changes to the data.
They may change the information
in the body of the packet,
like altering a recipient's
bank account number.
Packet sniffing can
be passive or active.
Passive packet sniffing
is a type of attack
where data packets
are read in transit.
Since all the
traffic on a network
is visible to any
host on the hub,
malicious actors can
view all the information
going in and out of the
device they are targeting.
Thinking back to the example
of a letter being delivered,
we can compare a passive
packet sniffing attack
to a postal delivery
person maliciously reading
somebody's mail.
The postal worker,
or packet sniffer,
has the right to deliver
the mail but not the right
to read the information inside.
Active packet sniffing
is a type of attack
where data packets are
manipulated in transit.
This may include injecting
internet protocols
to redirect the packets
to an unintended port,
or changing the information
the packet contains.
An active packet
sniffing attack would
be like a neighbor telling
the delivery person,
I'll deliver that mail for
you, and then reading the mail
or changing the letter before
putting it in your mailbox.
Even though your neighbor knows
you and even if they deliver it
to the correct house, they are
actively going out of their way
to engage in malicious behavior.
The good news is that
malicious packet sniffing
can be prevented.
Let's look at a few ways a
network security professional
can prevent these attacks.
One way to protect against
malicious packet sniffing
is to use a VPN to
encrypt and protect data
as it travels
across the network.
If you don't remember
how VPNs work,
you can revisit the
video about this topic
in the previous
section of the program.
When you use a VPN,
hackers might interfere
with your traffic,
but they won't
be able to decode it
to read it and read
your private information.
Another way to add a
layer of protection
against packet sniffing
is to make sure
the websites you have use HTTPS
at the beginning of the domain
address.
Previously, we
discussed how HTTPS
uses SSL/TLS to encrypt data
and prevent eavesdropping
when malicious actors spy
on network transmissions.
One final way to
help protect yourself
against malicious
packet sniffing
is to avoid using
unprotected Wi-Fi.
You usually find
unprotected Wi-Fi
in public places like
coffee shops, restaurants,
or airports.
These networks don't
use encryption.
This means that
anyone on the network
can access all of
the data traveling
to and from your device.
One precaution you can take
is avoiding free public Wi-Fi
unless you have a
VPN service already
installed on your device.
OK, now you know how threat
actors may use packet sniffing
and how to protect a
network from these attacks.
Let's move on to discuss
other network intrusions.
Next let's learn about another
kind of network attack called
IP spoofing.
IP spoofing is a
network attack performed
when an attacker changes the
source IP of a data packet
to impersonate an
authorized system and gain
access to a network.
In this kind of
attack, the hacker
is pretending to be
someone they are not
so they can communicate over
the network with the target
computer and get past
firewall rules that
may prevent outside traffic.
Some common IP spoofing attacks
are on-path attacks, replay
attacks, and Smurf attacks.
Let's discuss these
one at a time.
An on-path attack is an attack
where the malicious actor
places themselves in the middle
of an authorized connection
and intercepts or alters
the data in transit.
On-path attackers gain
access to the network
and put themselves
between two devices,
like a web browser
and a web server.
Then they sniff the
packet information
to learn the IP and MAC
addresses of the two devices
that are communicating
with each other.
After they have
this information,
they can pretend to be
either of these devices.
Another type of attack
is a replay attack.
A replay attack is
a network attack
performed when a
malicious actor intercepts
a data packet in
transit and delays it
or repeats it at another time.
A delayed packet can
cause connection issues
between target computers.
Or a malicious actor may
take a network transmission
that was sent by
an authorized user
and repeated it at a
later time to impersonate
the authorized user.
A Smurf attack is a combination
of a DDoS attack and an IP
spoofing attack.
The attacker sniffs an
authorized user's IP address
and floods it with packets.
This overwhelms
the target computer
and can bring down a server
or the entire network.
Now that you've learned about
different kinds of IP spoofing,
let's talk about how you
can protect a network
from this kind of attack.
As you previously
learned, encryption
should always be implemented so
that the data in your network
transfers can't be read
by malicious actors.
Firewalls can be configured to
protect against IP spoofing.
IP spoofing makes it seem
like the malicious actor is
an authorized user by
changing the sender's
address of the data packet
to match the target network's
address.
So if a firewall
receives a data packet
from the internet, where
the sender's IP address is
the same as the private
network, then the firewall
will deny the transmission,
since all the devices
with that IP address
should already
be on the local network.
You can make sure that your
firewall's configured correctly
by creating a rule to reject
all incoming traffic that
has the same IP address
as the local network.
That's it for IP spoofing.
You've learned
how IP spoofing is
used in some common attacks,
like on-path attacks, replay
attacks, and Smurf attacks.
Nice job finishing this section.
Let's review what
you've learned so far.
We discussed how
to secure networks.
We also learned about
network intrusion tactics,
like malicious packet
sniffing and IP spoofing.
Finally, we discussed how a
security analyst can protect
against these kind of attacks.
You've learned about
DoS and DDoS attacks,
like ICMP flooding, SYN attacks,
and the ping of death, which
try to overwhelm a network by
flooding it with unwanted data
packets.
Wow, just think about
everything you know already
about network attacks.
What you've learned
in these videos
will be essential in your
work as a security analyst.
Coming up, you'll learn about
how security analysts can
protect a network using various
security hardening techniques.
I want to take a moment
to congratulate you
on your progress so far.
First, you learned about
network operations.
Then you learned about
the tools and protocols
that help network
systems function.
Next, you learned how
vulnerabilities and networks
expose them to various
security intrusions.
Now we'll discuss
security hardening.
Then we'll learn
about OS hardening,
explore network
hardening practices,
and discuss cloud
hardening practices.
Security hardening
can be implemented
in devices, networks,
applications,
and cloud infrastructure.
Security analysts
may perform tasks
such as patch
updates and backups
as part of security hardening.
We'll discuss these tasks as
you progress through the course.
As a security analyst,
hardening will play a major role
in your day-to-day tasks, which
is why it's important for you
to understand how it works.
I'm excited to accompany
you on this journey.
Meet you in the next video.
Security analysts and the
organizations they work with
have to be proactive about
protecting systems from attack.
This is where security
hardening comes in.
Security hardening
is the process
of strengthening a system
to reduce its vulnerability
and attack surface.
All the potential
vulnerabilities
that a threat
actor could exploit
are referred to as a
system's attack surface.
Let's use an example that
compares a network to a house.
The attack surface would be
all the doors and windows
that a robber could use to
gain access to that house.
Just like putting locks on
all the doors and windows
in a house, security
hardening involves
minimizing the attack surface,
or potential vulnerabilities,
and keeping a network
as secure as possible.
As part of security
hardening, security analysts
perform regular
maintenance procedures
to keep a network device and
systems functioning securely
and optimally.
Security hardening
can be conducted
on any device or system
that can be compromised,
such as hardware, operating
systems, applications, computer
networks, and databases.
Physical security is also a
part of security hardening.
This may include securing a
physical space with security
cameras and security guards.
Some common types of
hardening procedures
include software updates,
also called patches,
and device or application
configuration changes.
These updates and
changes are done
to increase security and
fix security vulnerabilities
on a network.
An example of a security
configuration change
would be requiring
longer passwords or more
frequent password changes.
This makes it harder
for a malicious actor
to gain login credentials.
An example of
configuration check
is updating the
encryption standards
for data that is
stored in a database.
Keeping encryption
up to date makes
it harder for malicious
actors to access the database.
Other examples of
security hardening
include removing or
disabling unused applications
and services,
disabling unused ports,
and reducing access permissions
across devices and network.
Minimizing the number of
applications, devices, ports,
and access permissions makes
network and device monitoring
more efficient and reduces
the overall attack surface,
which is one of the best ways
to secure an organization.
Another important strategy
for security hardening
is to conduct regular
penetration testing.
A penetration test,
also called a pen test,
is a simulated attack that
helps identify vulnerabilities
in a system, network, website,
application, and process.
Penetration testers document
their findings in a report.
Depending on where
the test fails,
security teams can
determine the type
of security vulnerabilities
that require fixing.
Organizations can then
review these vulnerabilities
and come up with a
plan to fix them.
Coming up, you'll
learn more about
how security hardening
is an essential aspect
of securing networks.
It's a foundational
part of network security
that strengthens
a network in order
to reduce the number
of successful attacks.
Hi there.
In this video, we'll discuss
Operating System, or OS,
hardening and why
it's essential to keep
the entire network secure.
The operating system
is the interface
between computer
hardware and the user.
The OS is the first
program loaded
when a computer turns on.
The OS acts as an intermediary
between software applications
and the computer hardware.
It's important to secure
the OS in each system,
because [? of one ?]
[? secure ?] OS can lead
to a whole network
being compromised.
There are many types
of operating systems,
and they all share similar
security hardening practices.
Let's talk about some of
those security hardening
practices that are
recommended to secure an OS.
Some OS hardening tasks are
performed at regular intervals,
like updates,
backups, and keeping
an up-to-date list of
devices and authorized users.
Other tasks are
performed only once
as part of preliminary
safety measures.
One example would be configuring
a device setting to fit
a secure encryption standard.
Let's begin with
OS hardening tasks
that are performed at
a regular interval,
such as patch installation,
also known as patch updates.
A patch update is a software
and Operating System,
or OS, update that addresses
security vulnerabilities
within a program or product.
Now we'll discuss patch
updates provided to the company
by the OS software vendor.
With patch updates, the
OS should be upgraded
to its latest software version.
Sometimes patches are released
to fix a security vulnerability
in the software.
As soon as OS vendors publish
a patch and the vulnerability
fix, malicious actors
know exactly where
the vulnerability is
in the system running
the out-of-date OS.
This is why it's important
for organizations
to run patch updates as
soon as they are released.
For example, my team had to
perform an emergency patch
to address a recent
vulnerability found
in a commonly used
programming library.
The library is used
almost everywhere.
So we had to quickly patch most
of our servers and applications
to fix the vulnerability.
The newly updated
OS should be added
to the baseline configuration,
also called the baseline image.
A baseline configuration
is a documented set
of specifications
within a system
that is used as a basis for
future builds, releases,
and updates.
For example, a baseline
may contain a firewall rule
with a list of allowed and
disallowed network ports.
If a security team suspects
unusual activity affecting
the OS, they can compare
the current configuration
to the baseline and make sure
that nothing has been changed.
Another hardening task
performed regularly
is hardware and
software disposal.
This ensures that all
old hardware is properly
wiped and disposed of.
It's also a good idea to
delete any unused software
applications, since some
popular programming languages
have known vulnerabilities.
Removing unused
software makes sure
that there aren't any
unnecessary vulnerabilities
connected with the programs
that the software uses.
The final OS hardening
technique that we'll discuss
is implementing a
strong password policy.
Strong password policies
require that passwords
follow specific rules.
For example, an organization
may set a password policy
that requires a minimum of
eight characters, a capital
letter, a number, and a symbol.
To discourage malicious actors,
a password policy usually
states that a user will
lose access to the network
after entering the wrong
password a certain number
of times in a row.
Some systems also require
Multi-Factor Authentication,
or MFA.
MFA is a security measure
which requires a user
to verify their identity
in two or more ways
to access a system or network.
Ways of identifying
yourself include
something you know,
like a password,
something you have, like
an ID card, or something
unique about you,
like your fingerprint.
To review, OS hardening
is a set of procedures
that maintains OS
security and improves it.
Security measures, like
access privileges and password
policies, frequently undergo
regular security checks
as part of OS hardening.
Coming up, we'll discuss
network hardening practices.
Earlier, you learned
that OS hardening
focuses on device
safety and uses
patch updates, secure
configuration, and account
access policies.
Now we'll focus on
network hardening.
Network hardening focuses
on network-related security
hardening, like port filtering,
network access privileges,
and encryption over networks.
Certain network hardening
tasks are performed regularly,
while others are performed once
and then updated as needed.
Some tasks that are
regularly performed
are firewall rule maintenance,
network log analysis, patch
updates, and server backups.
Earlier, you learned
that a log is
a record of events that occurs
within an organization's
systems.
Network log analysis
is the process
of examining network logs to
identify events of interest.
Security teams use a log
analyzer tool, or a Security
Information and Event Management
tool, also known as a SIEM,
to conduct network log analysis.
A SIEM tool is an application
that collects and analyzes
log data to monitor critical
activities in an organization.
It gathers security
data from a network
and presents that data
on a single dashboard.
The dashboard
interface is sometimes
called a single pane of glass.
A SIEM helps analysts
to inspect, analyze,
and react to security events
across the network based
on their priority.
Reports from the SIEM provide a
list of new or ongoing network
vulnerabilities and list
them on a scale of priority
from high to low, where high
priority vulnerabilities
have a much shorter
deadline for mitigation.
Now that we've covered tasks
that are performed regularly,
let's examine tasks
that are performed once.
These tasks include
port filtering
on firewalls, network
access privileges,
and encryption
for communication,
among many things.
Let's start with port filtering.
Port filtering can be
formed over the network.
Port filtering is
a firewall function
that blocks or allows
certain port numbers to limit
unwanted communication.
A basic principle
is the only ports
that are needed are the
ones that are allowed.
Any port that isn't being
used by the normal network
operations should be disallowed.
This protects against
port vulnerabilities.
Networks should be set up with
the most up-to-date wireless
protocols available, and
older wireless protocols
should be disabled.
Security analysts also
use network segmentation
to create isolated subnets
for different departments
in an organization.
For example, they might make
one for the marketing department
and one for the
finance department.
This is done so that
issues in each subnet
don't spread across
the whole company,
and only specified
users are given access
to the part of the network that
they require for their role.
Network segmentation
may also be used
to separate different
security zones.
Any restricted zone on
a network containing
highly classified
or confidential data
should be separate from
the rest of the network.
Lastly, all network
communication
should be encrypted using the
latest encryption standards.
Encryption standards
are rules or methods
used to conceal outgoing
data and uncover,
or decrypt, incoming data.
Data in restricted zones should
have much higher encryption
standards, which makes them
more difficult to access.
You've learned about the most
common hardening practices.
This knowledge will be useful
as you complete the certificate
program, and it's essential
to your career as a security
analyst.
In recent years,
many organizations
are using network
services in the cloud.
So in addition to securing
on-premise networks,
a security analyst will need
to secure cloud networks.
In a previous video, you
learn that a cloud network
is a collection of
servers or computers
that stores resources
and data in a remote data
center that can be
accessed via the internet.
They can host company
data and applications
using cloud computing to provide
on-demand storage, processing
power, and data analytics.
Just like regular web
servers, cloud servers
also require proper maintenance,
done through various security
hardening procedures.
Although cloud servers are
hosted by a cloud service
provider, these providers
cannot prevent intrusions
in the cloud, especially
intrusions from malicious
actors, both internal and
external to an organization.
One distinction between
cloud network hardening
and traditional
network hardening
is the use of a server
baseline image for all server
instances stored in the cloud.
This allows you to compare
data in the cloud servers
to the baseline image to
make sure there haven't
been any unverified changes.
An unverified change could come
from an intrusion in the cloud
network.
Similar to OS hardening,
data and applications
on a cloud network are
kept separate depending
on their service category.
For example, older applications
should be kept separate
from newer applications.
And software that deals
with internal functions
should be kept separate
from front-end applications
seen by users.
Even though the cloud
service provider
has a shared responsibility
with the organization using
their services, there are
still security measures
that need to be taken
by the organization
to make sure their
cloud network is safe.
Just like traditional networks,
operations in the cloud
need to be secured.
You're doing great.
Meet you in the next video.
Great work on learning
about security hardening.
Let's take a few minutes to
wrap up what you've learned.
You learned about security
hardening and its importance
to an organization's
infrastructure.
First, we discussed how
security hardening strengthens
systems and networks to reduce
the likelihood of an attack.
Next, we covered the
importance of OS hardening,
including patch updates,
baseline configurations,
and hardware and
software disposal.
Then we explored network
hardening practices,
such as network log analysis
and firewall rule maintenance.
Finally, we examined
cloud network hardening
and the responsibilities of both
organizations and cloud service
providers in
maintaining security.
As a security analyst,
you'll be working
with operating systems,
on-premise networks, and cloud
networks.
You'll be using
all the knowledge
that we learn in this
section in your career
as a security analyst.
Wow, we have covered
a lot in this course.
Let's review everything
we've discussed.
You learned about networks,
network architecture,
and the best practices used
by security professionals
to secure a network
against security breaches.
As we bring this
course to a close,
let's review what you've learned
about security networks so far.
First, we explored the
structure of a network.
A security analyst
must understand
how a network is designed
to be able to identify parts
of a network that present
vulnerabilities and need
to be secured.
Next, we learned about
network operations
and how they affect the
communication of data.
Network protocols
determine how the data is
transmitted over the network.
As communication takes
place over the network,
malicious actors
may use tactics,
such as denial-of-service
attacks, packet sniffing,
and IP spoofing.
Security analysts employ
tools and measures,
such as firewall rules, to
protect against these attacks.
We also discussed
security hardening.
Security hardening
is used to reduce
the attack area of a network.
This means the attack does
not disable an entire network.
Security hardening can
be done at the hardware
level, the software level,
or the network level.
Securing networks
is an essential part
of a security analyst's duties.
Knowledge of a network and
its operations and security
practices will
ensure that you are
successful in your career
as a security analyst.
And that brings us to the
topic of our next course, which
will cover computing basics
for security analysts.
In that course, you'll learn
how to use the Linux command
line to authenticate and
authorize users on a network
and to use SQL, otherwise known
as "sequel," to communicate
with databases.
Great work getting here.
All the concepts you've
learned in this section
will be essential for success in
your role as security analyst.
Now you can move on
to the next course.
Enjoy.
[MUSIC PLAYING]