Domain 4 Communication and Network Security

Inhoud verberg
1 πŸ”‘ 1. Key Concepts
2 πŸ“– 2. Deep Dive (More Detailed)
2.1 πŸ”Ή OSI Model (7 Layers Explained)
2.1.1 Layers:
2.2 πŸ”Ή TCP/IP Model (Real-World Model)
2.2.1 Layers:
2.2.2 Mapping to OSI:
2.3 πŸ”Ή Network Architecture & Design
2.3.1 Key Concepts:
2.3.2 DMZ (Demilitarized Zone)
2.4 πŸ”Ή Network Devices (Detailed)
2.4.1 Firewall
2.4.2 Router
2.4.3 Switch
2.4.4 IDS (Intrusion Detection System)
2.4.5 IPS (Intrusion Prevention System)
2.4.6 Proxy
2.5 πŸ”Ή Secure Communication Channels
2.5.1 Key Concepts:
2.5.2 Examples:
2.6 πŸ”Ή Secure vs Insecure Protocols
2.6.1 Insecure:
2.6.2 Secure:
2.7 πŸ”Ή Network Attacks (Detailed)
2.7.1 DoS / DDoS
2.7.2 Man-in-the-Middle (MITM)
2.7.3 Spoofing
2.7.4 Sniffing
2.8 πŸ”Ή Segmentation & Isolation
2.8.1 VLANs
2.8.2 Subnets
2.8.3 Air Gap
2.9 πŸ”Ή Wireless Security (Detailed)
2.9.1 Risks:
2.9.2 Protections:
3 🧠 3. Manager Mindset
4 ❓ 4. Practice Questions
4.1 1
4.2 2
4.3 3
4.4 4
4.5 5
4.6 6
4.7 7
4.8 8
4.9 9
4.10 10
4.11 11
4.12 12
4.13 13
4.14 14
4.15 15
4.16 16
4.17 17
4.18 18
4.19 19
4.20 20
5 βœ… 5. Answers + Reasoning
5.1 1
5.2 2
5.3 3
5.4 4
5.5 5
5.6 6
5.7 7
5.8 8
5.9 9
5.10 10
5.11 11
5.12 12
5.13 13
5.14 14
5.15 15
5.16 16
5.17 17
5.18 18
5.19 19
5.20 20
6 ⚠️ 6. Exam Traps
7 πŸ”„ 7. Flash Review
8 πŸ“Š 8. Score

πŸ”‘ 1. Key Concepts

  • OSI & TCP/IP Models
  • Network Architecture & Design
  • Network Devices & Their Functions
  • Secure Communication Channels
  • Secure vs Insecure Protocols
  • Network Attacks & Threats
  • Segmentation & Isolation
  • Wireless Security

πŸ“– 2. Deep Dive (More Detailed)

πŸ”Ή OSI Model (7 Layers Explained)

The OSI model is a conceptual framework that explains how data travels from one system to another.

Layers:

  1. Physical
    • Hardware: cables, connectors, signals
    • Security: physical access control
  2. Data Link
    • MAC addresses
    • Switching, frame transmission
    • Security: MAC filtering
  3. Network
    • IP addressing, routing
    • Devices: routers
    • Security: packet filtering
  4. Transport
    • End-to-end communication
    • Protocols: TCP (reliable), UDP (fast)
    • Security: port control
  5. Session
    • Maintains communication sessions
    • Session establishment/termination
  6. Presentation
    • Data formatting, encryption, compression
  7. Application
    • User-facing services (HTTP, FTP, email)

Why it matters:
Each layer has different vulnerabilities and controls.

Exam insight:

  • Lower layers β†’ infrastructure
  • Higher layers β†’ applications

πŸ”Ή TCP/IP Model (Real-World Model)

Simplified networking model used in practice.

Layers:

  1. Network Interface
  2. Internet
  3. Transport
  4. Application

Mapping to OSI:

  • TCP/IP combines multiple OSI layers

Why it matters:
Real-world protocols operate in this model.

πŸ”Ή Network Architecture & Design

Secure architecture is about designing networks that limit risk.

Key Concepts:

  • Defense in Depth
    • Multiple layers of security controls
    • If one fails, others protect
  • Segmentation
    • Dividing network into smaller parts
    • Limits lateral movement
  • Isolation
    • Separating critical systems completely
  • Redundancy
    • Backup systems to ensure availability

DMZ (Demilitarized Zone)

  • A separate network segment for public-facing systems
  • Example: web servers

Purpose:

  • Protect internal network
  • If compromised, attacker cannot directly access internal systems

πŸ”Ή Network Devices (Detailed)

Firewall

  • Filters traffic based on rules
  • Can allow/deny traffic

Router

  • Directs packets between networks
  • Uses IP addressing

Switch

  • Connects devices within a LAN
  • Uses MAC addresses

IDS (Intrusion Detection System)

  • Monitors traffic
  • Alerts on suspicious activity
  • Does NOT block

IPS (Intrusion Prevention System)

  • Detects AND blocks threats
  • Inline with traffic

Proxy

  • Acts as intermediary
  • Can filter, log, and anonymize traffic

πŸ”Ή Secure Communication Channels

Protects data while in transit.

Key Concepts:

  • Encryption
    • Prevents eavesdropping
  • Integrity
    • Ensures data not modified
  • Authentication
    • Verifies identity

Examples:

  • HTTPS β†’ secure web
  • VPN β†’ encrypted tunnel
  • TLS β†’ encryption protocol

Why it matters:
Data in transit is highly vulnerable.

πŸ”Ή Secure vs Insecure Protocols

Insecure:

  • HTTP
  • FTP
  • Telnet

Secure:

  • HTTPS (HTTP + TLS)
  • SFTP (SSH File Transfer)
  • SSH (secure remote login)
  • IPsec (network-level security)

Exam insight:
Always choose secure protocols.

πŸ”Ή Network Attacks (Detailed)

DoS / DDoS

  • Overloads system with traffic
  • Causes downtime

Man-in-the-Middle (MITM)

  • Attacker intercepts communication
  • Can modify data

Spoofing

  • Fake identity (IP, MAC, DNS)

Sniffing

  • Capturing packets from network

Why it matters:
Understanding attacks helps design defenses.

πŸ”Ή Segmentation & Isolation

VLANs

  • Logical network separation

Subnets

  • IP-based segmentation

Air Gap

  • Physically isolated system

Why it matters:
Limits attacker movement inside network.

πŸ”Ή Wireless Security (Detailed)

Wireless networks use radio signals β†’ easy to intercept.

Risks:

  • Eavesdropping
  • Rogue access points
  • Unauthorized access

Protections:

  • WPA2 / WPA3 encryption
  • Strong authentication
  • Network monitoring

Exam insight:
Wireless = inherently less secure than wired.

🧠 3. Manager Mindset

  • Protect communication channels
  • Assume networks are hostile
  • Segment critical assets
  • Use layered defenses

πŸ‘‰ Think: How do we reduce exposure and limit attack spread?

❓ 4. Practice Questions

1

How many layers are in the OSI model?
A. 4
B. 5
C. 7
D. 8

2

Which layer handles IP addressing?
A. Data Link
B. Network
C. Transport
D. Session

3

What is the main role of a firewall?
A. Encrypt data
B. Filter traffic
C. Store data
D. Monitor users

4

What is a DMZ used for?
A. Internal storage
B. Public-facing systems
C. Backup
D. Monitoring

5

What does HTTPS protect?
A. Speed
B. Encryption
C. Storage
D. Monitoring

6

What is a VPN?
A. Storage system
B. Encrypted tunnel
C. Monitoring tool
D. Backup system

7

What is a MITM attack?
A. Data deletion
B. Traffic interception
C. System crash
D. Backup failure

8

What is the difference between IDS and IPS?
A. None
B. IDS detects, IPS prevents
C. IDS blocks, IPS logs
D. IDS encrypts, IPS routes

9

What is network segmentation?
A. Connecting networks
B. Dividing networks
C. Encrypting data
D. Monitoring traffic

10

What is VLAN used for?
A. Encryption
B. Logical segmentation
C. Backup
D. Monitoring

11

What is spoofing?
A. Encryption
B. Impersonation
C. Backup
D. Monitoring

12

What is sniffing?
A. Blocking traffic
B. Capturing packets
C. Encrypting data
D. Monitoring users

13

What is the purpose of IPsec?
A. Backup
B. Encryption
C. Monitoring
D. Routing

14

What is the main risk of wireless?
A. Speed
B. Storage
C. Eavesdropping
D. Performance

15

What does WPA3 provide?
A. Backup
B. Wireless security
C. Routing
D. Monitoring

16

What is the role of a router?
A. Encrypt
B. Route traffic
C. Monitor
D. Store

17

What is defense in depth?
A. One control
B. Multiple layers
C. Encryption
D. Monitoring

18

What is the BEST way to secure communication?
A. Backup
B. Encryption
C. Logging
D. Monitoring

19

What is the biggest advantage of segmentation?
A. Speed
B. Cost
C. Limits attack spread
D. Storage

20

What is the main goal of network security?
A. Performance
B. Cost
C. Secure communication
D. Storage

βœ… 5. Answers + Reasoning

1

C. 7
The OSI model has seven layers, each responsible for a different part of communication, helping standardize networking.

2

B. Network
The network layer handles IP addressing and routing between networks.

3

B. Filter traffic
Firewalls enforce security policies by allowing or blocking traffic based on rules.

4

B. Public-facing systems
A DMZ isolates external services from internal networks, reducing risk of compromise.

5

B. Encryption
HTTPS uses TLS to encrypt data, protecting it from interception.

6

B. Encrypted tunnel
VPNs secure communication over untrusted networks like the internet.

7

B. Traffic interception
MITM attacks intercept and may alter communication between two parties.

8

B. IDS detects, IPS prevents
IDS alerts, IPS actively blocks threats.

9

B. Dividing networks
Segmentation reduces attack spread and improves security.

10

B. Logical segmentation
VLANs create separate networks without physical separation.

11

B. Impersonation
Spoofing tricks systems by pretending to be a trusted entity.

12

B. Capturing packets
Sniffing captures network traffic for analysis or malicious purposes.

13

B. Encryption
IPsec encrypts and secures IP communications.

14

C. Eavesdropping
Wireless signals can be intercepted easily.

15

B. Wireless security
WPA3 improves encryption and authentication for Wi-Fi.

16

B. Route traffic
Routers direct data between networks.

17

B. Multiple layers
Defense in depth ensures redundancy in protection.

18

B. Encryption
Encryption is the most effective way to secure data in transit.

19

C. Limits attack spread
Segmentation prevents attackers from moving laterally.

20

C. Secure communication
Network security focuses on protecting data as it moves across networks.

⚠️ 6. Exam Traps

  • Mixing OSI layers
  • Confusing IDS vs IPS
  • Forgetting segmentation importance
  • Choosing monitoring instead of prevention

πŸ”„ 7. Flash Review

  • OSI = 7 layers
  • Network layer = routing
  • Firewall filters traffic
  • VPN = encrypted tunnel
  • IDS detect / IPS prevent
  • Segment networks

πŸ“Š 8. Score

Score: ___ / 20

  • 16–20 β†’ βœ… Strong
  • 10–15 β†’ ⚠️ Review
  • <10 β†’ ❌ Re-study Domain 4
©J CyberStop