Network Foundations - Network Security - Nikola's Digital Garden

#readwise # Network Foundations - Network Security ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article1.be68295a7e40.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Network Foundations - Network Security - URL: https://academy.hackthebox.com/module/289/section/3244 ## Summary Network security protects data and systems from unauthorized access and damage. Key components include firewalls, which monitor and control incoming and outgoing traffic, and Intrusion Detection/Prevention Systems (IDS/IPS), which detect and respond to suspicious activities. Firewalls enforce rules to allow or block traffic, while IDS alerts on threats, and IPS prevents them in real-time. Best practices for enhancing network security involve implementing these tools effectively. ## Highlights In networking, the term security refers to the measures taken to protect data, applications, devices, and systems within this network from unauthorized access or damage. The goal is to uphold and maintain the `CIA triad`: | Principle | Description | | ----------------- | --------------------------------------------- | | `Confidentiality` | Only authorized users can view the data. | | `Integrity` | The data remains accurate and unaltered. | | `Availability` | Network resources are accessible when needed. | ([View Highlight](https://read.readwise.io/read/01jnxs6v5wjnjybmsgw6728qx3)) --- A `Firewall` is a network security device, either hardware, software, or a combination of both, that monitors incoming and outgoing network traffic. Firewalls enforce a set of rules (known as `firewall policies` or `access control lists`) to determine whether to `allow` or `block` specific traffic. ([View Highlight](https://read.readwise.io/read/01jnxs7dgx6zdbmkp925k3v5ap)) --- - Below are some of the different types of firewalls. ^9yihby 1. Packet Filtering Firewall - Operates at Layer 3 (Network) and Layer 4 (Transport) of the OSI model. - Examines source/destination IP, source/destination port, and protocol type. - Example: A simple router ACL that only allows HTTP (port 80) and HTTPS (port 443) while blocking other ports. 2. Stateful Inspection Firewall - Tracks the state of network connections. - More intelligent than packet filters because they understand the entire conversation. - Example: Only allows inbound data that matches an already established outbound request. 3. Application Layer Firewall (Proxy Firewall) - Operates up to Layer 7 (Application) of the OSI model. - Can inspect the actual content of traffic (e.g., HTTP requests) and block malicious requests. - Example: A web proxy that filters out malicious HTTP requests containing suspicious patterns. 4. Next-Generation Firewall (NGFW) - Combines stateful inspection with advanced features like deep packet inspection, intrusion detection/prevention, and application control. - Example: A modern firewall that can block known malicious IP addresses, inspect encrypted traffic for threats, and enforce application-specific policies. ([View Highlight](https://read.readwise.io/read/01jnxsa1w7r6nsdb7bq9qesjgg)) --- ## Intrusion Detection and Prevention Systems (IDS/IPS) Intrusion Detection and Prevention Systems (IDS/IPS) are security solutions designed to monitor and respond to suspicious network or system activity. An Intrusion Detection System (IDS) observes traffic or system events to identify malicious behavior or policy violations, generating alerts but not blocking the suspicious traffic. In contrast, an Intrusion Prevention System (IPS) operates similarly to an IDS but takes an additional step by preventing or rejecting malicious traffic in real time. The key difference lies in their actions: an IDS detects and alerts, while an IPS detects and prevents. ([View Highlight](https://read.readwise.io/read/01jnxscv2xa795ah8dyxenecpy)) --- Both IDS and IPS solutions analyze network packets and compare them to known attack signatures or typical traffic patterns. This process involves: | Techniques | Description | | --------------------------- | ----------------------------------------------------- | | `Signature-based detection` | Matches traffic against a database of known exploits. | | `Anomaly-based detection` | Detects anything unusual compared to normal activity. | When suspicious or malicious behavior is identified, an IDS will generate an alert for further investigation, while an IPS goes one step further by blocking or rejecting the malicious traffic in real time. ([View Highlight](https://read.readwise.io/read/01jnxsdjk43ghjr0rttpfx0pxx)) ---