Google Cybersecurity Certificate Course 3 - Connect and Protect - Networks and Network Security

This is the third course of the Google Cybersecurity Certificate Course on Coursera. Again it’s a mix of my notes and definitions from the course.

Here is a link to my main page for the course.

Course 3 Overview

Module 1: Network architecture

Structure of a network
Network operations
Network attacks
Security hardening

Introduction to networks

Structure of a network
Standard networking tools
Cloud networks
TCP/IP model

Network: A group of connected devices.

Local Area Network (LAN): A network that spans a small area like an office building, a school, or a home.

Wide Area Network (WAN): A network that spans a large geographic area like a city, state, or country. The internet is like a giant WAN.

Network tools

Hub: A network device that broadcasts information to every device on the network.

Switch: A device that makes connections between specific devices on a network by sending and receiving data between them.

Router: A network device that connects multiple networks together.

Modem: A device that connects your router to the internet and brings internet access to the LAN.

Virtualization tools: Pieces of software that perform network operations.

Cloud networks

Cloud computing: The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices.

Cloud network: A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet.

Cloud service providers (CSPs) offer

On-demand storage
Processing power
Analytics

Three main categories of services

Software as a service (SaaS)
Infrastructure as a service (IaaS)
Platform as a service (PaaS)

Benefits of cloud computing and software-defined networks

Reliability
Cost
Scalability

Network communication

Data packet: A basic unit of information that travels from one device to another within a network.

E.g. the packet header includes information like the sender’s IP address, the destination’s MAC address, and the protocol to use.

Bandwidth: The amount of data a device receives every second.

Speed: The rate at which data packets are received or downloaded.

Packet sniffing: The practice of capturing and inspecting data packets across a network.

Transmission Control Protocol (TCP): An internet communication protocol that allows two devices to form a connection and stream data.

Internet Protocol (IP): A set of standards used for routing and addressing data packets as they travel between devices on a network.

Port: A software-based location that organizes the sending and receiving of data between devices on a network.

Port numbers

Port 25 - Email
Port 443 - Secure internet communication
Port 20 - Large file transfers

TCP/IP model: A framework used to visualize how data is organized and transmitted across the network.

Four layers of the TCP/IP model

Network access layer. Creation of data packets. (Ethernet, WLAN)
Internet layer. IP addresses are attached to data packets. (IP v4, v6)
Transport layer. Protocols to control the flow of traffic. (TCP, UDP)
Application layer. How data packets will interact with receiving devices. (HTTP, TLS, DNS)

Open systems interconnection (OSI) model: A standardized concept that describes the seven layers computers use to communicate and send data over the network.

Physical
Data
Network
Transport
Session
Presentation
Application

Internet Protocol (IP) address: A unique string of characters that identifies the location of a device on the internet

User Datagram Protocol (UDP): A connectionless protocol that does not establish a connection between devices before transmissions

Module 2: Network operations

Network protocols: Rules used by two or more devices on a network to describe the order of delivery and structure of data.

HTTPS: Provides a secure method of communication between clients and web servers.

Wireless security protocols

WEP - Wired Equivalent Privacy
WPA - WiFi Protected Access
WPA2
- personal mode for home networks (easy)
- enterprise mode for business
WPA3 - increase encryption

Firewall: A network security device that monitors traffic to and from your network.

Port filtering: A firewall function that blocks or allows certain port numbers to limit unwanted communication.

Firewall types: physical, software, cloud.

Stateful: A class of firewall that keeps track of information passing through it and proactively filters out threats.

Stateless: A class of firewall that operates based on predefined rules and does not keep track of information from data packets. Less secure.

Benefits of next-generation firewalls (NGFWs)

Deep packet inspection
Intrusion protection
Threat intelligence

Virtual private networks (VPNs): A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet.

Encapsulation: A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets.

Security zone: A segment of a network that protects the internal network from the internet.

Network segmentation: A security technique that divides the network into segments. E.g. public wifi at a hotel vs their internal network.

Areas of the controlled zone

Demilitarized zone (DMZ)
Internal network
Restricted zone

Internet -> Firewall -> DMZ -> Firewall -> Internal Network -> Firewall -> Restricted Zone

Subnetting: The subdivision of a network into logical groups called subnets.

Classless Inter-Domain Routing (CIDR): A method of assigning subnet masks to IP addresses to create a subnet.

Proxy server: A server that fulfills the requests of a client by forwarding them on to other servers. Hides IP, adds a layer of security. Uses temporary memory.

Forward proxy server: Regulates and restricts a person’s access to the internet.

Reverse proxy server: Regulates and restricts the internet’s access to an internal server.

Recap

Network protocols
VPNs
Firewalls, security zones, and proxy servers

Module 3: Secure against network intrusions

Network security
Network intrusion tactics
Network attack protection

2014 Home Depot hack

Packet sniffing. Like opening someone else’s mail.

The body of a data packet may contain sensitive information such as credit card numbers, dates of birth, or personal messages. Malicious actors can use the information contained in the body of a data packet to their advantage.

Active or passive.

HTTPS everywhere is a good idea. Also avoid unprotected public WiFi.

IP spoofing: A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to the network.

On-path attacks: intercepts half-way.

Replay attack: delays or repeats it at another time. Can cause connection issues, or they might impersonate an authorized user.

Smurf attack: combination of DDoS and IP spoofing. The attacker sniffs an authorized user’s IP address and floods it with packets.

How to protect? Always use encryption. Firewall configuration.

DoS: A network attack that targets a network or server and floods it with network traffic.

DDoS: A type of denial or service attack that uses multiple devices or servers in different locations to flood the target network with unwanted traffic.

SYN flood attack: A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets.

Activity Three steps of the TCP handshake:

The [SYN] packet is the initial request from an employee visitor trying to connect to a web page hosted on the web server. SYN stands for “synchronize.”
The [SYN, ACK] packet is the web server’s response to the visitor’s request agreeing to the connection. The server will reserve system resources for the final step of the handshake. SYN, ACK stands for “synchronize acknowledge.”
The [ACK] packet is the visitor’s machine acknowledging the permission to connect. This is the final step required to make a successful TCP connection. ACK stands for “acknowledge.”

Module 4 - Introduction to security hardening

Network hardening

Port filtering / firewall
Network subnets / segmentation
Encryption

Most firewalls are similar in their basic functions. Firewalls allow or block traffic based on a set of rules. As data packets enter a network, the packet header is inspected and allowed or denied based on its port number. NGFWs are also able to inspect packet payloads. Each system should have its own firewall, regardless of the network firewall.

An intrusion detection system (IDS) is an application that monitors system activity and alerts on possible intrusions. An IDS alerts administrators based on the signature of malicious traffic.

An intrusion prevention system (IPS) is an application that monitors system activity for intrusive activity and takes action to stop the activity. It offers even more protection than an IDS because it actively stops anomalies when they are detected, unlike the IDS that simply reports the anomaly to a network administrator.

A security information and event management system (SIEM) is an application that collects and analyzes log data to monitor critical activities in an organization. SIEM tools work in real time to report suspicious activity in a centralized dashboard. SIEM tools additionally analyze network log data sourced from IDSs, IPSs, firewalls, VPNs, proxies, and DNS logs. SIEM tools are a way to aggregate security event data so that it all appears in one place for security analysts to analyze. This is referred to as a single pane of glass.