N10-009 Network Security Study Guide for the CompTIA Network+

Page 3

Security Features, Defense Techniques, and Solutions

When it comes to network hardening, there are various security features, defense techniques, and solutions that can be used to secure a network and its infrastructure, devices, and protocols. Given a scenario, you should be able to apply common security features, defense techniques, and security solutions.

Device Hardening

Hardening refers to various techniques, both logical and physical, that are used to protect a network and network devices from unauthorized access. Device hardening is the process of adjusting device or OS default configurations or disabling unused ports and services to increase device security.

Disable Unused Ports and Services

Network services, such as applications and protocols, connect to a network via an assigned or designated port. All unneeded or unused services should be disabled to prevent threat actors from using the related ports to gain access to a network.

Change Default Passwords

New devices or factory reset devices are assigned a default admin username and password, which are readily available and simplistic. As such, these devices are highly vulnerable to attacks from threat actors. The admin account should be either disabled or changed, and the default password should be changed to a more secure and complex password.

Network Access Control (NAC)

NAC is a security technique that requires the host requesting access to have its security posture evaluated prior to access. For example, an NAC system may look to ensure that all OS or antimalware updates have been installed prior to access.

Port Security

Port security is a generalized term that refers to the protection of port access. It can be used to create separation of devices on a single switch or on different VLANs spanning multiple switches. Port security can also use MAC filtering to specify which hardware device is allowed to physically connect and communicate over a port using its MAC address, or it can be used to limit logical transmission over port-specified MAC addresses.

802.1X

802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard for access control on port-based networks that can be applied to wired or wireless networks. The 802.1x standard specifies the use of three components: The supplicant is the entity requesting access to the network, the authenticator is the device that receives the request from the supplicant, and the authentication server actually performs the centralized authentication.

MAC Filtering

An access point can be set to allow or deny access based on a predefined list of MAC addresses manually entered into a MAC address filter table. This is known as MAC filtering, which may be an option for a small network, though it is susceptible to MAC spoofing.

Key Management

Key management is used to secure cryptographic keys through the entire key lifecycle from key generation to distribution, storage and usage, rotation, revocation, and eventual destruction. Key management is used to apply access controls and security measures during all key phases.

Security Rules

A security rule in network security is a predefined guideline or parameter used to allow or deny network traffic based on logical factors such as port number, IP address, or content.

Access Control List (ACL)

An ACL is a security protocol that allows or denies traffic based on a predefined list of IP addresses for sources and destinations. ACLs can be simple or highly complex and are commonly located on routers and used in firewalls to prevent outside traffic from accessing the internal network.

Uniform Resource Locator (URL) Filtering

URL filtering is a form of content filter that allows or denies web traffic based on the web address, or URL, of the requested web page. The URL filter compares the URL against a database of known or suspected risky, malicious, or inappropriate URLs, thereby blocking or allowing access.

Content Filtering

Content filtering is a method of restricting access to web material that is identified as malicious or inappropriate. Content filtering can be applied via a URL filter or through active content analysis using pattern analysis, keyword identification, or image analysis.

Security Zones

A security zone is a logically segmented portion of a network with specifically applied security policies, rules, and access controls. In the network, there are three primary security zones: trusted, untrusted, and the screened subnet.

Trusted vs. Untrusted Zones

A trusted zone is a segment of the network that is considered to be secure and organizationally controlled, such as an intranet. Once in a trusted zone, access control protocols between devices are more relaxed due to the trust relationship. An untrusted zone is a segment of a network that is considered to be insecure or potentially hostile, such as the internet. Increased access controls and security measures are applied to untrusted zones when they attempt to access trusted zones.

Screened Subnet

A screened subnet, also known as a perimeter network or a demilitarized zone (DMZ), is a portion of a network that places publicly accessible resources, such as web servers, between two firewalls to isolate the screened subnet from the rest of the network.

7 Screened Subnet.png

Retrieved from: https://commons.wikimedia.org/wiki/File:Traditional_Single_Layer_DMZ_with_two_flanking_firewalls.png

Previous
Return to Study Guides

All Study Guides for the CompTIA Network+ are now available as downloadable PDFs

Upgrade to Premium