CC Domain 4 — Network Security

Types of Networks

LAN (Local Area Network): Limited geographic area — a floor, building, or campus
WAN (Wide Area Network): Long-distance connections between geographically separated networks
WLAN (Wireless LAN): A LAN using wireless connections (Wi-Fi)
VPN (Virtual Private Network): A secure point-to-point connection over an untrusted network
MAN (Metropolitan Area Network): Covers a city or metropolitan region
PAN (Personal Area Network): Very short range — Bluetooth devices around a person
SAN (Storage Area Network): High-speed network dedicated to storage devices

Network Devices

Hubs: Broadcast all traffic to every connected device. Inefficient and a security liability. Rarely used in modern environments.
Switches: Send traffic only to the intended recipient via MAC address. Can create VLANs. More efficient and more secure than hubs.
Routers: Connect different networks and determine the most efficient path for traffic. Operate at Layer 3 (Network Layer) of the OSI model.
Firewalls: Filter traffic based on defined rules. Deployed at the perimeter and internally to segment network zones.
Servers: Provide services to other network devices — web, email, database, file servers.
Endpoints: The end devices — desktops, laptops, tablets, mobile phones. Often the primary attack surface.

The OSI Model

The OSI model divides network communication into 7 distinct layers. As data moves down the stack, each layer adds a header — this is encapsulation. As data moves back up at the receiving end, each layer removes its header — this is de-encapsulation.

#	Layer	Responsibility	Examples	Mnemonic
7	Application	Interface for users and apps	HTTP, FTP, SMTP, DNS	All
6	Presentation	Data formatting, encryption	JPEG, SSL/TLS	People
5	Session	Managing sessions	NetBIOS, RPC	Seem
4	Transport	End-to-end communication	TCP, UDP	To
3	Network	Routing packets	IP, ICMP	Need
2	Data Link	Framing, MAC addressing	Ethernet, Wi-Fi	Data
1	Physical	Raw bit transmission	Cables, hubs	Processing

Mnemonic (top to bottom): All People Seem To Need Data Processing

Layer

Responsibility

Examples

Mnemonic

Port	Protocol	Secure Alternative	Notes
21	FTP	22 — SFTP	Credentials in plaintext
23	Telnet	22 — SSH	All data in plaintext
25	SMTP	587 — SMTP/TLS	Unencrypted email
53	DNS	853 — DoT	Queries can be intercepted
80	HTTP	443 — HTTPS	Unencrypted web traffic
143	IMAP	993 — IMAPS	Unencrypted email retrieval
161/162	SNMP v1/v2	SNMPv3	Weak authentication
389	LDAP	636 — LDAPS	Directory lookups in plaintext

Term	Definition
OSI Model	7-layer framework for network communication
Encapsulation	Adding headers as data moves down the OSI stack
TCP	Connection-oriented, reliable transport protocol
UDP	Connectionless, faster but unreliable transport protocol
IPv6	128-bit addressing with mandatory IPsec
DoS / DDoS	Attack overwhelming a system with traffic
Spoofing	Faking a source address to disguise identity
MITM	Attacker intercepts communication between two parties
IDS	Monitors and alerts on suspicious activity — passive
IPS	Monitors and blocks threats inline — active
SIEM	Centralised log collection and correlation platform
SaaS / PaaS / IaaS	Cloud service models by level of consumer control
DMZ	Network zone accessible from internet, isolated from internal
VLAN	Logical network segment created by switches
Zero Trust	Never trust, always verify — security at the asset level
NAC	Enforces security policy compliance at point of network connection

Domain 4 — Network Security

Types of Networks

Network Devices

The OSI Model

The TCP/IP Model

IPv4 vs IPv6

Wireless (Wi-Fi) Security

Network Threats and Attack Types

Ports and Protocols — Insecure vs Secure

Identifying and Preventing Threats

On-Premises Data Centers

Cloud Computing

Secure Network Design

Key Terms for the Exam

Follow on LinkedIn