The Basic LAN Course

Understanding how network security works and selecting the appropriate security solutions is an important consideration. Learn the basics of designing secure networks.

2 hours

Syllabus

Ask me anything

Video - 00:01:00

Secure Sockets Layer (SSL) has long been used to secure network communication on LANs and WANs. This episode discusses how Transport Layer Security (TLS) supersedes SSL in addition to continued backwards-compatibility support that remains for SSL.
Linux Snort IDS lab

Video - 00:07:00

An Intrusion Detection System (IDS) is designed to detect suspicious network or host activity and then log or notify the incident. In this episode, the Snort IDS is configured and tested in Linux.
Exam question review

Video - 00:03:00

Address Resolution Protocol (ARP) is used by the TCP/IP protocol suite. This episode discussed ARP poisoning attacks and potential mitigations.
Intrusion Detection and Prevention Systems (IDS/IPS)

Video - 00:13:00

Intrusion detection can detect, log, report, and send alerts when suspicious activity is detected on a host or on the network, whereas intrusion prevention can be configured to stop the suspicious activity. Anomaly detection can be signature-based or heuristic/behavior-based. Unified threat management (UTM) solutions combine firewall, IDS, IPS, and other security functions.
Virtual Private Networks (VPNs)

Video - 00:10:00

VPNs provide an encrypted network tunnel over the Internet to provide secure access to a remote network. Client-to-site VPNs allow individual device access where site-to-site VPNs can securely link branch offices over the Internet or securely link an on-premises network to the cloud through a L2TP or TLS VPN.
IP Security (IPsec)

Video - 00:09:00

The IPsec network security protocol suite can be used to secure any type of network traffic through integrity, authentication and encryption. Many VPNs use IPsec to establish an encrypted network tunnel.
Network and port address translation

Video - 00:07:00

Network address translation (NAT) maps external public IPs to internal private IPs to protect the true identity of servers. Port address translation (PAT) allows multiple internal network clients with private IPs to access the Internet using a single public IP assigned the NAT device public interface.
Proxy servers

Video - 00:06:00

Forward proxies sit between internal user devices and the Internet and fetch Internet content on behalf of internal users. Reverse proxies map public network service IPs to private IPs; they route client requests for a network service to the backend server private IP.
Firewalls

Video - 00:11:00

Packet filtering firewalls apply to layer 4 (Transport layer) of the OSI model and examine only packet headers to allow or deny network traffic. Content filtering firewalls apply to OSI layer 7 (Application layer) and can examine packet headers as well as content to allow or deny traffic. A Web application firewall (WAF) protected Web apps from common Web application attacks.
Honeypots

Video - 00:06:00

How can malicious attacker and malware activity be monitored without allowing the compromise of production systems? Honeypots are fake decoy systems designed to attract malicious activity for the purpose of logging and tracing activity.
Securing network access

Video - 00:06:00

Securing networks restricts access to the network while securing services on the network. 802.1x network edge devices can limit network access. Rogue DHCP servers can be mitigated with DHCP snooping configurations. Secure remote server management is possible using a jump box/bastion host which has both public and private network connections.
Load balancing

Video - 00:06:00

Active/active and active/passive load balancing can efficiently route client application requests to backend servers. Load balancing improves application performance and resiliency to a single application server failure.
Network planning

Video - 00:07:00

Which security considerations are important when planning your network design? IP addressing and network segmentation using screened subnets can be used for hosting public servers. VLANs can improve network performance and provide network isolation for security purposes.
Other layer 2 attacks

Video - 00:05:00

Layer 2 of the OSI model (Data Link layer) accessing network media and addressing using MAC addresses. MAC address flooding attacks and broadcast storms can be mitigated with network switches configuring with BPDU and STP.
ARP cache poisoning

Video - 00:09:00

ARP is used to resolve an IP address to a 48-bit hexadecimal hardware MAC address. Attackers with network access can fraudulently send ARP updates to hosts in order to force network traffic through the attacker station.
The OSI model

Video - 00:13:00

Is there a standard model for describing and mapping network hardware and software? Yes, the 7-layer conceptual OSI model! Understanding network security and selecting the appropriate security solutions requires a solid understanding of the OSI model.

Meet the author

Mike Meyers

Mike Meyers, affectionately called the "Alpha Geek," is the industry's leading authority on CompTIA certifications. He is the president and co-founder of Total Seminars, LLC, a provider of PC and network repair seminars, books, videos and courseware for thousands of organizations throughout the world. Mike has been involved in the computer and network repair industry since 1987 as a technician, instructor, author, consultant and speaker. He has sold over a million IT and certification books, including the best-selling CompTIA A+ Certification All-in-One Exam Guide and CompTIA Network+ Certification All-in-One Exam Guide. He has personally taught thousands of students, including U.S. senators, U.S. Supreme Court Justices, members of the United Nation, every branch of the U.S. Armed Forces, many branches of the Department of Justice, hundreds of corporate clients and academic students at every level.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust