Domain 6 - Network and Communications Security

---

Goals

• [ ]
• [ ]
• [ ]

TCP/IP Networking

• TCP-IP
  • Transmission Control Protocol (TCP)
  • TCP Handshake and Teardown
  • User Datagram Protocol (UDP)
• Open Systems Interconnection (OSI) Model
• IPv4 Address
• IPv6 Address
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Common TCP and UDP Ports
• ping command
• tracert and traceroute
• Network Topology
• Networking Concepts

Network Security Devices

• Switches
• Routers
• Bridge
• Firewall
• Demilitarized Zone (DMZ)
• Next-Generation Firewall (NGFW)
• Proxy Server
• Load Balancers
• Virtual Private Network (VPN)
• Site-to-Site VPNs
• Internet Protocol Security (IPSec)
• Intrusion Detection Systems (IDS)
• Intrusion Prevention System (IPS)
• Protocol Analyzer
• Content Delivery Network (CDN)
• Traffic Shaping
• Unified Threat Management (UTM)

Secure Network Design

• Public and Private IP Addressing
• Network Address Translation (NAT)
• Port Address Translation (PAT)
• Subnetting
• Subnet Masks
• Security Zones
• North-South Traffic and East-West Traffic
• Virtual LAN (VLAN)
• Security Appliance Placement
  • Port Mirroring
• Software-Defined Networking (SDN)
• Overlay Network
• Software-Defined WAN (SD-WAN)

Network Security Technologies

• Rule-Based Access Control (RuBAC)
• Role-Based Access Control (RBAC)
• Network Access Control (NAC)
  • IEEE 802.1X
• Remote Authentication Dial-In User Service (RADIUS)
• Terminal Access Controller Access Control System (TACACS+)
• Security Rules and ACL Configuration
• Switch Security
  • VLAN Hopping Attack
  • Port Security
  • DHCP Snooping
• Spanning Tree Protocol (STP)
• Port Guards
  • BDPU Guard
• Networking Monitoring
  • Log Data
  • Flow Data
  • Packet Capture
  • Security Information and Event Management (SIEM)
• Simple Network Management Protocol (SNMP)
• Jump Box

Remote Network Access

• Secure Shell (SSH)
• Remote Desktop Protocol (RDP)
• Desktop Virtualization
• Application Virtualization

Wireless Networking

• 802.11n (Wi-Fi 4)
• Wi-Fi 5 (802.11ac)
• Wi-Fi 6 (802.11ax)
• Wi-Fi Protected Access (WPA)
• Wi-Fi Personal Authentication
• Wi-Fi Enterprise Authentication
• Extensible Authentication Protocol (EAP)
  • EAP variants:
    • LEAP
    • EAP
      • EAP-TLS
      • EAP-TTLS
      • EAP-FAST
      • EAP-MD5
    • PEAP
• Guest Networks and Captive Portal
• Antenna Types
• Multiuser MIMO (MU-MIMO)
• Wireless Surveys and Heat Maps
• Wireless Access Point (WAP)
• Wireless Controllers
• Wi-Fi Analyzers

Network Attacks

• Denial of Service (DoS) Attack
  • Teardrop Attack
  • Ping of Death
• Distributed DoS (DDoS) Attack
  • Ping Flood Attack
• Smurfing
• Eavesdropping Attack
  • Man-in-the-Middle Attack (On-Path)
  • Replay Attack
  • SSL Stripping
  • Fraggle
• DNS Attacks
  • Typosquatting
  • Domain Hijacking
  • URL redirection
• ARP Attacks
  • ARP Spoofing and ARP Poisoning
  • MAC Flooding Attack
• MAC Spoofing and IP Spoofing
• Wireless Attacks
  • WEP Attack
  • WPS insecurity
• War Driving
• Rogue Access Point
• Deauthentication Attack
  • aka disassociation attack
• Bluejacking and Bluesnarfing