Course

The basic LAN

Understanding how network security works and selecting the appropriate security solutions is an important consideration. Learn the basics of designing secure networks.

    Syllabus

  • Other layer 2 attacks Video — 00:05:21
    • Layer 2 of the OSI model (Data Link layer) accessing network media and addressing using MAC addresses. MAC address flooding attacks and broadcast storms can be mitigated with network switches configuring with BPDU and STP.

  • The OSI model Video — 00:12:30
    • Is there a standard model for describing and mapping network hardware and software? Yes, the 7-layer conceptual OSI model! Understanding network security and selecting the appropriate security solutions requires a solid understanding of the OSI model.

  • Virtual Private Networks (VPNs) Video — 00:10:06
    • VPNs provide an encrypted network tunnel over the Internet to provide secure access to a remote network. Client-to-site VPNs allow individual device access where site-to-site VPNs can securely link branch offices over the Internet or securely link an on-premises network to the cloud through a L2TP or TLS VPN.

  • Network and port address translation Video — 00:06:49
    • Network address translation (NAT) maps external public IPs to internal private IPs to protect the true identity of servers. Port address translation (PAT) allows multiple internal network clients with private IPs to access the Internet using a single public IP assigned the NAT device public interface.

  • Firewalls Video — 00:11:16
    • Packet filtering firewalls apply to layer 4 (Transport layer) of the OSI model and examine only packet headers to allow or deny network traffic. Content filtering firewalls apply to OSI layer 7 (Application layer) and can examine packet headers as well as content to allow or deny traffic. A Web application firewall (WAF) protected Web apps from common Web application attacks.

  • Securing network access Video — 00:06:22
    • Securing networks restricts access to the network while securing services on the network. 802.1x network edge devices can limit network access. Rogue DHCP servers can be mitigated with DHCP snooping configurations. Secure remote server management is possible using a jump box/bastion host which has both public and private network connections.

  • Linux Snort IDS lab Video — 00:07:20
    • An Intrusion Detection System (IDS) is designed to detect suspicious network or host activity and then log or notify the incident. In this episode, the Snort IDS is configured and tested in Linux.

  • Network planning Video — 00:07:04
    • Which security considerations are important when planning your network design? IP addressing and network segmentation using screened subnets can be used for hosting public servers. VLANs can improve network performance and provide network isolation for security purposes.

  • ARP cache poisoning Video — 00:08:44
    • ARP is used to resolve an IP address to a 48-bit hexadecimal hardware MAC address. Attackers with network access can fraudulently send ARP updates to hosts in order to force network traffic through the attacker station.

  • Intrusion Detection and Prevention Systems (IDS/IPS) Video — 00:13:02
    • Intrusion detection can detect, log, report, and send alerts when suspicious activity is detected on a host or on the network, whereas intrusion prevention can be configured to stop the suspicious activity. Anomaly detection can be signature-based or heuristic/behavior-based. Unified threat management (UTM) solutions combine firewall, IDS, IPS, and other security functions.

  • IP Security (IPsec) Video — 00:08:59
    • The IPsec network security protocol suite can be used to secure any type of network traffic through integrity, authentication and encryption. Many VPNs use IPsec to establish an encrypted network tunnel.

  • Proxy servers Video — 00:06:15
    • Forward proxies sit between internal user devices and the Internet and fetch Internet content on behalf of internal users. Reverse proxies map public network service IPs to private IPs; they route client requests for a network service to the backend server private IP.

  • Honeypots Video — 00:06:01
    • How can malicious attacker and malware activity be monitored without allowing the compromise of production systems? Honeypots are fake decoy systems designed to attract malicious activity for the purpose of logging and tracing activity.

  • Ask me anything Video — 00:01:12
    • Secure Sockets Layer (SSL) has long been used to secure network communication on LANs and WANs. This episode discusses how Transport Layer Security (TLS) supersedes SSL in addition to continued backwards-compatibility support that remains for SSL.

  • Load balancing Video — 00:05:39
    • Active/active and active/passive load balancing can efficiently route client application requests to backend servers. Load balancing improves application performance and resiliency to a single application server failure.

  • Exam question review Video — 00:03:25
    • Address Resolution Protocol (ARP) is used by the TCP/IP protocol suite. This episode discussed ARP poisoning attacks and potential mitigations.

Syllabus

Course description

Meet the author

Mike Meyers, affectionately called the “Alpha Geek,” is the industry’s leading authority on CompTIA certifications. He is the president and co-founder of Total Seminars, LLC, a provider of PC and network repair seminars, books, videos and courseware for thousands of organizations throughout the world. Mike has been involved in the computer and network repair industry since 1987 as a technician, instructor, author, consultant and speaker. He has sold over a million IT and certification books, including the best-selling CompTIA A+ Certification All-in-One Exam Guide and CompTIA Network+ Certification All-in-One Exam Guide. He has personally taught thousands of students, including U.S. senators, U.S. Supreme Court Justices, members of the United Nation, every branch of the U.S. Armed Forces, many branches of the Department of Justice, hundreds of corporate clients and academic students at every level.

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library