Networks and Communications Security

Course 5: Network and Communications Security

Welcome to course five: network and communication security. As we know, the explosive growth in networks, connectivity, and communications has paved the way for unprecedented transformation of business, personal, and government services into electronic, web enabled forms. This growth in e-business and e-commerce greatly expanded the threat surface. Fraudsters, criminals, unscrupulous business competitors, nation states, and non-nation state actors can take harmful actions against others worldwide. For decades, the world has operated on what is basically a network monoculture. One set of protocols and standards are used to power most of the internet, the worldwide, web e-commerce, and e-business. These standards include the open systems interconnection seven layer model from international organization for standardization and transmission. And the control protocol over internet protocol model from internet engineering taskforce. Almost every laptop, many smart devices, and other such end points use these standards to communicate with servers, and applications, and businesses, and governments. Therefore these models, or protocol stacks become our map of the threat surface. Security professionals need to have a solid understanding of modern networks and internet work concepts, techniques, technologies, and security issues. Their work is like police patrols, because they need to be familiar with the neighborhood's environment. Security professionals need to know the best ways to keep the neighborhood secure and to defend against attacks. The need for such a policing mentality is particularly urgent if the company has limited or no remote visibility into its operational technology systems. For this course, in module one, we start with a brief orientation to the network neighborhood, through the open systems interconnection seven layer, and transmission control protocol over internet protocol models. Then, we dive into all eight layers of this combined protocol stack. Introducing the key technologies at each layer and their regular use. In module two, we look at the various protocols that run on top of this architecture. In module three, we focus on attack and defensive strategies and tactics and build on the industry leading approach to put threat surface analysis into both the attackers and defenders operational context. In the last module, we bring these ideas together into a network security management and monitoring perspective. Now, let's discuss these four modules in detail. Course 5 Learning Objectives After completing this course, the participant will be able to:  L5.1 - Recognize layers of the OSI model, their functions and attacks present at each layer. L5.2 - Identify commonly used ports and protocols. L5.3 - Select appropriate countermeasures for various network attacks. L5.4 - Summarize best practices for establishing a secure networked environment. Course Agenda Module 1: Apply the Fundamental Concepts of Networking (Domain 6 - Network and Communications Security) Module 2: Securing Ports and Protocols (Domain 6 - Network and Communications Security) Module 3: Network Attacks and Countermeasures (Domain 6 - Network and Communications Security) Module 4: Manage Network Security (Domain 6 - Network and Communications Security) Who Should Take This Course: Beginners Experience Required: No prior experience required

Modules 1 and 2 showed us how the simple tool of abstraction, done layer by layer, helps designers and architects start with simple foundational ideas and build powerful, elaborate and incredibly functional systems as a result. We also saw how abstraction provides you (the defensive analyst) with a powerful tool to look at the threats facing the entire organization from almost any level within the protocol stacks, the overall IT architecture and the OT architectures as well.   That process isn’t done yet. Module 3 will start with a walkthrough of MITRE’s ATT&CK framework. As you’ll see, it’s a way of thinking about attacks and about the defenses you want to put in place to stop them or slow them down. It’s also a knowledge base, and a gateway to the growing world-wide community of users, contributors, researchers and security professionals that collaborate through and around its resources. In MITRE’s words, it is “open and available to any person or organization for use at no charge.” Clearly, attackers know of ATT&CK, and the majority of them, no doubt, make excellent use of it!  But remember what Kerckhoffs and Shannon said about encryption systems and the need to protect one’s keys at all costs — this holds true for everything else in cyber defense. Your enemies will know far, far more about how to attack systems like yours than you currently know about how to defend against them. So, it’s probably time to borrow a page from the attackers’ playbook and start digging deeper into resources like ATT&CK.  That will be the start of module 3’s journey. We’ll take a closer look at mitigations to many of those common exploit situations as they pertain to networks.