Congratulations on the
progress you’ve made so far! In this section,
you’ll learn about how networks operate using
tools and protocols. These are the concepts
that you’ll use every day in your work as
a security analyst. The tools and protocols you’ll
learn in this section of the program will
help you protect your organization’s
network from attacks. Did you know that malicious
actors can take advantage of data moving from one device
to another on a network? Thankfully, there are tools and protocols to ensure the network stays protected against
this type of threat. As an example, I once
identified an attack based solely on
the fact they were using the wrong protocol. The network traffic
volumes were right, and it was coming from a trusted IP, but it was on the wrong protocol, which tipped us off
enough to shut down the attack before they
caused real damage. First, we’ll discuss some
common network protocols. Then we’ll discuss virtual
private networks, or VPNs. And finally, we’ll learn about firewall security zones
and proxy servers. Now that you have an
idea of where we’re headed, let’s get started.

Tutorial on Network Protocols in Cybersecurity

What are network protocols?

Network protocols are a set of rules that govern how devices on a network communicate with each other. They define the format of the data that is transmitted, the order in which it is transmitted, and how errors are handled. Network protocols are essential for the operation of networks, and they play a vital role in security.

Common network protocols

There are many different types of network protocols, each with its own specific purpose. Some common network protocols include:

• TCP (Transmission Control Protocol): TCP is responsible for ensuring that data is delivered reliably and in order.
• UDP (User Datagram Protocol): UDP is a simpler protocol than TCP and is not responsible for ensuring reliable delivery of data. It is often used for applications where speed is more important than reliability, such as streaming video or audio.
• IP (Internet Protocol): IP is responsible for routing packets of data across a network.
• ICMP (Internet Control Message Protocol): ICMP is used to send error messages and other control messages between devices on a network.
• HTTP (Hypertext Transfer Protocol): HTTP is the protocol used to transfer web pages and other resources over the internet.
• HTTPS (Hypertext Transfer Protocol Secure): HTTPS is a secure version of HTTP that encrypts data using SSL/TLS.
• DNS (Domain Name System): DNS is used to translate domain names, such as www.google.com, to IP addresses.

Network protocols and security

Network protocols play an important role in security by helping to protect data from being intercepted or modified by malicious actors. For example, HTTPS encrypts data transmitted between a web browser and a web server, making it difficult for eavesdroppers to intercept the data.

Network protocols can also be used to implement security controls, such as firewalls and intrusion detection systems. Firewalls can be used to block unauthorized traffic from entering a network, while intrusion detection systems can be used to monitor network traffic for suspicious activity.

How to learn more about network protocols

There are many resources available to help you learn more about network protocols. Some good places to start include:

• The RFC (Request for Comments) repository: The RFC repository contains the official specifications for most network protocols.
• The IETF (Internet Engineering Task Force) website: The IETF is the organization responsible for developing and maintaining internet standards.
• Books and online courses: There are many books and online courses available that teach about network protocols.

Conclusion

Network protocols are an essential part of cybersecurity. By understanding how network protocols work, you can better protect your networks and data from cyberattacks.

Which protocol allows two or more devices to form a connection and stream data?

Transmission Control Protocol (TCP)

TCP is an internet communication protocol that allows two devices to form a connection and stream data.

Networks benefit
from having rules. Rules ensure that data sent over the network gets to
the right place. These rules are known
as network protocols. Network protocols are a set of rules used by two
or more devices on a network to describe
the order of delivery and the
structure of the data. Let’s use a scenario
to demonstrate a few different types
of network protocols and how they work
together on a network. Say you want to access your
favorite recipe website. You go to the address
bar at the top of your browser and type in
the website’s address. For example:
www.yummyrecipesforme.org. Before you gain access
to the website, your device will establish communications
with a web server. That communication
uses a protocol called the Transmission Control
Protocol, or TCP. TCP is an internet communications
protocol that allows two devices to form a
connection and stream data. TCP also verifies both devices before allowing any further
communications to take place. This is often referred
to as a handshake. Once communication is established
using a TCP handshake, a request is made
to the network. Using our example,
we have requested data from the Yummy
Recipes For Me server. Their servers will respond
to that request and send data packets back to your device so that you
can view the web page. As data packets move
across the network, they move between network
devices such as routers. The Address Resolution
Protocol, or ARP, is used to determine the MAC address of the next router or
device on the path. This ensures that the data
gets to the right place. Now the communication has been established and the
destination device is known, it’s time to access the
Yummy Recipes For Me website. The Hypertext Transfer
Protocol Secure, or HTTPS, is a network protocol that
provides a secure method of communication between
client and website servers. It allows your web browser
to securely send a request for a webpage to the Yummy
Recipes For Me server and receive a webpage
as a response. Next comes a protocol called the Domain Name System, or DNS, which is a network
protocol that translate internet domain names
into IP addresses. The DNS protocol sends the domain name and
the web address to a DNS server that retrieves the IP address of the website
you were trying to access, in this case, Yummy
Recipes For Me. The IP address is included
as a destination address for the data packets traveling to the Yummy Recipes
For Me web server. So just by visiting one website, the device on your networks are using four different protocols: TCP, ARP, HTTPS, and DNS. These are just some
of the protocols used in network communications. To help you learn more about
the different protocols, we’ll discuss them further in an upcoming course material. But how do these protocols
relate to security? Well, on the Yummy Recipes
For Me website example, we used HTTPS, which is a secure protocol that requests a webpage
from a web server. HTTPS encrypts data using the Secure Sockets Layer and
Transport Layer Security, otherwise known as SSL/TLS. This helps keep the
information secure from malicious actors who want to
steal valuable information. That’s a lot of information and a lot of protocols to remember. Throughout your career
as a security analyst, you’ll become more familiar with network protocols and use them
in your daily activities.

[MUSIC] My name is Antara, I work on the Enterprise Infrastructure
Protection Team at Google. And our main job
responsibility is to protect the infrastructure that all
the amazing Google products run on. I didn’t start with a background in
computers, and I did my undergrad in electronics and communication,
which is far away from computers. I took up the challenge to actually
pivot into computers with my first job. That actually led me to explore
the security world even more. And that’s how it led to doing my masters
in security, getting expertise in that area and then come to Google
as a security engineer. A typical day in the life of
an entry-level network security engineer would start with solving a problem. Maybe you’re trying to debug, why is
this particular endpoint flooded with so much traffic? Or why is this endpoint
actually slowing down? And you would start with, okay,
let me get to the endpoint. Let me capture some traffic
on the endpoint and see what kind of traffic is coming in and
going out through this endpoint. So I would typically go back,
think about the problem during lunch. Sometimes things would click. When you’re thinking you might not have
thought about a problem from a different perspective, you might want to
actually see how it looks like. So you would go about maybe
doing a lab recreate. Let me connect these endpoints and
let me try to reproduce the issue. You might see some things in the lab
recreate that you might have not thought of. And you might need to actually consult
with experts from different domains who might know better about this area. Get their view on what the problem is,
analyze, show them everything that you have done. You might get your solution
just by talking to people. It’s a pretty busy day, but
it’s also a very fun day. It’s like solving puzzles all the time,
which is pretty exciting. Some of the best practices in network
security that I’ve learned are, don’t try to always reinvent the wheel. There are certain protocols, there are certain algorithms
that have been tried, tested, analyzed, and they have been deemed secure
for being used in network security. The time that you spend on reinventing
the wheel is not going to give you the benefits that you need. So it’s always good to think about
the unsolved challenges instead of trying to solve the same
problem in a different way. I feel cybersecurity is actually a great
field to get into right now, because, as you see, we are in this information
age where tech is exponentially growing. Just getting into this field is just
going to be exciting because there are amazing new challenges
coming up in this field.

Tutorial on Wireless Protocols in Cybersecurity

What are wireless protocols?

Wireless protocols are a set of rules that govern how devices on a wireless network communicate with each other. They define the format of the data that is transmitted, the order in which it is transmitted, and how errors are handled. Wireless protocols are essential for the operation of wireless networks, and they play a vital role in security.

Common wireless protocols

Some common wireless protocols include:

• IEEE 802.11 (Wi-Fi): IEEE 802.11 is the most common wireless protocol and is used in a wide variety of devices, including laptops, smartphones, and tablets.
• Bluetooth: Bluetooth is a wireless protocol that is used for short-range communication between devices such as smartphones, headphones, and speakers.
• Zigbee: Zigbee is a wireless protocol that is used for low-power communication between devices in smart homes and other applications.
• Cellular: Cellular networks are used for mobile communication between devices such as smartphones and cell towers.

Wireless protocols and security

Wireless protocols play an important role in security by helping to protect data from being intercepted or modified by malicious actors. For example, WPA3 and WPA2 are Wi-Fi security protocols that encrypt data transmitted between devices, making it difficult for eavesdroppers to intercept the data.

However, wireless protocols can also be vulnerable to attack. For example, older Wi-Fi security protocols such as WEP are relatively easy to crack. Additionally, wireless networks can be susceptible to denial-of-service attacks, which can flood the network with traffic and make it unavailable to legitimate users.

Security best practices for wireless networks

Here are some security best practices for wireless networks:

• Use the latest security protocols, such as WPA3 and WPA2 for Wi-Fi.
• Use strong passwords or passphrases for your wireless networks.
• Keep your router’s firmware up to date.
• Enable MAC address filtering to restrict access to your network to known devices.
• Disable SSID broadcasting to make your network less visible to attackers.
• Consider using a VPN when connecting to public Wi-Fi networks.

By following these security best practices, you can help to protect your wireless networks from cyberattacks.

Additional tips

Here are some additional tips for improving the security of your wireless networks:

• Place your router in a central location to maximize its range and minimize dead spots.
• Use a directional antenna to focus your router’s signal in the desired direction.
• Change the default username and password for your router.
• Disable remote administration of your router unless you need it.
• Monitor your network traffic for suspicious activity.

By following these tips, you can help to create a more secure wireless network.

What is IEEE 802.11 commonly known as?

Wi-Fi

IEEE 802.11 is commonly known as Wi-Fi. It is a set of standards that define communication for wireless LANs.

So far, you’ve learned about a variety of network protocols, including communication
protocols like TCP/IP. Now we’re going to
go more in depth into a class of
communication protocols called the IEEE802.11. IEEE802.11, commonly
known as Wi-Fi, is a set of standards
that define communications for
wireless LANs. IEEE stands for the Institute of Electrical
and Electronics Engineers, which is an organization that
maintains Wi-Fi standards, and 802.11 is a suite of protocols used in
wireless communications. Wi-Fi protocols have adapted over the years to become
more secure and reliable to provide the same level of security as a wired connection. In 2004, a security protocol called
the Wi-Fi Protected Access, or WPA, was introduced. WPA is a wireless
security protocol for devices to connect
to the internet. Since then, WPA has evolved into newer versions,
like WPA2 and WPA3, which include further
security improvements, like more advanced encryption. As a security analyst, you might be responsible
for making sure that the wireless connections in
your organization are secure. Let’s learn more about
security measures.

Firewalls and network security measures in Cybersecurity

Firewalls and network security measures are essential components of any cybersecurity strategy. Firewalls help to protect networks from unauthorized access, while network security measures can help to mitigate a wide range of cyber threats, including malware, data breaches, and denial-of-service attacks.

What are firewalls?

A firewall is a network security device that monitors and controls incoming and outgoing network traffic. Firewalls can be hardware-based, software-based, or cloud-based. They use a variety of techniques to block malicious traffic, such as port filtering, packet inspection, and intrusion detection.

Different types of firewalls

• Hardware firewalls: Hardware firewalls are physical devices that sit between a network and the internet. They inspect all incoming and outgoing traffic and block any traffic that does not meet the firewall’s rules.
• Software firewalls: Software firewalls are programs that are installed on individual computers or servers. They work in the same way as hardware firewalls, but they are less expensive and easier to deploy.
• Cloud-based firewalls: Cloud-based firewalls are hosted by a third-party provider and can be accessed through a web interface. They are a good option for organizations that do not have the resources to manage their own firewalls.

How do firewalls work?

Firewalls work by inspecting each packet of data that passes through them. They compare the packet against a set of rules to determine whether to allow or block it. Firewall rules can be based on a variety of factors, such as the source and destination IP addresses, the port numbers, and the type of traffic.

Benefits of using firewalls

Firewalls offer a number of benefits, including:

• Protection from unauthorized access: Firewalls can help to protect networks from unauthorized access by blocking traffic from unknown sources.
• Malware prevention: Firewalls can help to prevent malware infections by blocking traffic from known malicious websites and IP addresses.
• Data breach prevention: Firewalls can help to prevent data breaches by blocking traffic that attempts to exfiltrate sensitive data from the network.
• Denial-of-service attack protection: Firewalls can help to protect networks from denial-of-service attacks by blocking large volumes of unwanted traffic.

Network security measures

In addition to firewalls, there are a number of other network security measures thatorganizations can implement to protect their networks from cyber threats. These measures include:

• Intrusion detection systems (IDS): IDS monitor network traffic for suspicious activity and alert administrators to potential threats.
• Intrusion prevention systems (IPS): IPS work like IDS, but they can also take action to block malicious traffic.
• Content filtering: Content filtering can be used to block access to malicious websites and other harmful content.
• VPNs: VPNs encrypt network traffic, making it more difficult for attackers to intercept and eavesdrop on communications.
• Network segmentation: Network segmentation can be used to divide a network into smaller segments, making it more difficult for attackers to move laterally through the network if they breach one segment.

Best practices for network security

Here are some best practices for network security:

• Keep your software up to date: Software updates often include security patches that can help to protect your systems from known vulnerabilities.
• Use strong passwords and multi-factor authentication: Strong passwords and multi-factor authentication can help to prevent unauthorized access to your systems and accounts.
• Educate your employees about cybersecurity: Employees are often the weakest link in the cybersecurity chain. It is important to educate them about cyber threats and how to protect themselves and the organization.
• Implement a layered security approach: A layered security approach involves using multiple security measures to protect your network. This helps to mitigate the risk of a successful attack.

By following these best practices, organizations can help to protect their networks from cyber threats and keep their data safe.

Which class of firewall operates based on predefined rules and does not keep track of information from data packets?

Stateless

Stateless firewalls are a class of firewall that operates based on predefined rules and does not keep track of information from data packets.

In this video, you’ll learn about different
types of firewalls. These include hardware, software, and
cloud-based firewalls. You’ll also learn the
difference between a stateless and
stateful firewall and cover some of the
basic operations that a firewall performs. Finally, you will explore how proxy servers are used to add a layer of security
to the network. A firewall is a network
security device that monitors traffic to
and from your network. It either allows
traffic or it blocks it based on a defined
set of security rules. A firewall can use
port filtering, which blocks or allows certain port numbers to limit
unwanted communication. For example, it could have a rule that only allows
communications on port 443 for HTTPS or port 25 for email and blocks
everything else. These firewall settings
will be determined by the organization’s
security policy. Let’s talk about a few
different kinds of firewalls. A hardware firewall is
considered the most basic way to defend against
threats to a network. A hardware firewall inspects each data packet before it’s allowed to enter the network. A software firewall performs the same functions as
a hardware firewall, but it’s not a physical device. Instead, it’s a software program installed on a computer
or on a server. If the software firewall is
installed on a computer, it will analyze all the traffic received by that computer. If the software firewall
is installed on a server, it will protect all the devices
connected to the server. A software firewall
typically costs less than purchasing a
separate physical device, and it doesn’t take
up any extra space. But because it is a
software program, it will add some
processing burden to the individual devices. Organizations may choose to
use a cloud-based firewall. Cloud service providers
offer firewalls as a service, or FaaS,
for organizations. Cloud-based firewalls
are software firewalls hosted by a cloud
service provider. Organizations can configure
the firewall rules on the cloud service
provider’s interface, and the firewall will perform
security operations on all incoming traffic before it reaches the organization’s onsite network. Cloud-based firewalls also
protect any assets or processes that an organization might be using in the cloud. All the firewalls we
have discussed can be either stateful or stateless. The terms “stateful” and “stateless” refer to how the
firewall operates. Stateful refers to a class of firewall that keeps track of information passing through it and proactively
filters out threats. A stateful firewall analyzes network traffic for
characteristics and behavior that appear suspicious and stops them from
entering the network. Stateless refers to a class of firewall that
operates based on predefined rules and does not keep track of information
from data packets. A stateless firewall
only acts according to preconfigured rules set by
the firewall administrator. The rules programmed by the
firewall administrator tell the device what to accept
and what to reject. A stateless firewall doesn’t
store analyzed information. It also doesn’t discover suspicious trends like a
stateful firewall does. For this reason, stateless
firewalls are considered less secure than
stateful firewalls. A next generation
firewall, or NGFW, provides even more security
than a stateful firewall. Not only does an NGFW provide stateful inspection of
incoming and outgoing traffic, but it also performs more in-depth security functions like deep packet inspection
and intrusion protection. Some NGFWs connect to cloud-based threat
intelligence services so they can quickly update to protect against
emerging cyber threats. Now you have a
basic understanding of firewalls and how they work. We learned that firewalls
can be hardware or software. We also discussed the
difference between a stateless and
stateful firewall and the security benefits
of a stateful firewall. Finally, we discussed
next generation firewalls and the security
benefits they provide. Coming up, we’ll learn more
about virtual networks.

Virtual private networks (VPNs) in Cybersecurity

A virtual private network (VPN) is a network security service that encrypts your internet traffic and routes it through a server in another location. This makes it appear as if you are connecting to the internet from that location, even though you are actually connecting from your current location.

How VPNs work

When you connect to a VPN, your device creates an encrypted tunnel between itself and the VPN server. All of your internet traffic is then routed through this tunnel, which makes it unreadable to anyone who intercepts it.

VPNs use a variety of encryption protocols, such as OpenVPN and IKEv2. These protocols are very secure and make it very difficult for attackers to break into your VPN connection.

Benefits of using a VPN

VPNs offer a number of benefits, including:

• Security: VPNs encrypt your internet traffic, making it unreadable to anyone who intercepts it. This is especially important when using public Wi-Fi networks, as these networks are often unsecured.
• Privacy: VPNs hide your IP address and make it appear as if you are connecting to the internet from another location. This can help to protect your privacy and make it more difficult for advertisers and other third parties to track your online activity.
• Bypassing geo-restrictions: VPNs can be used to bypass geo-restrictions. This means that you can access content that is only available in certain countries, such as Netflix and Hulu.

Choosing a VPN

When choosing a VPN, it is important to consider the following factors:

• Encryption protocol: Choose a VPN that uses a strong encryption protocol, such as OpenVPN or IKEv2.
• Server network: Choose a VPN with a large server network, so that you can connect to a server in a location that is convenient for you.
• Logging policy: Choose a VPN that does not log your internet activity. This will help to protect your privacy.

How to use a VPN

To use a VPN, you will need to download and install a VPN client on your device. Once you have installed the VPN client, you can create an account and connect to a VPN server.

Once you are connected to a VPN server, all of your internet traffic will be routed through the VPN tunnel. This means that your IP address will be hidden and your internet traffic will be encrypted.

VPNs in cybersecurity

VPNs can be used to improve cybersecurity in a number of ways. For example, VPNs can be used to:

• Protect remote workers: VPNs can be used to protect remote workers who are connecting to the company network from public Wi-Fi networks.
• Prevent data breaches: VPNs can be used to prevent data breaches by encrypting all data that is transmitted between the company network and remote devices.
• Block malicious traffic: VPNs can be used to block malicious traffic from entering the company network.

Conclusion

VPNs are a valuable tool for improving cybersecurity. By encrypting your internet traffic and hiding your IP address, VPNs can help to protect you from a variety of online threats.

Here are some tips for using VPNs in cybersecurity:

• Use a VPN whenever you are using a public Wi-Fi network.
• Choose a VPN that uses a strong encryption protocol, such as OpenVPN or IKEv2.
• Make sure to keep your VPN client up to date.
• Be careful about what information you share online when using a VPN. Even though your internet traffic is encrypted, it is still possible for attackers to track your online activity if you share your personal information.

By following these tips, you can use VPNs to improve your cybersecurity and protect your privacy online.

Fill in the blank: ____ is a process performed by a VPN service that protects data in transit by wrapping sensitive data in other data packets.

Encapsulation

A VPN service performs encapsulation to protect data in transit. Encapsulation protects data by wrapping it in other data packets.

In this video, we’re going to discuss how virtual
private networks, or VPNs, add security
to your network. When you connect
to the internet, your internet service
provider receives your network’s requests and forwards it to the correct
destination server. But your internet requests include your private
information. That means if the traffic
gets intercepted, someone could potentially
connect your internet activity with your physical location and your personal information. This includes some information that you want to keep private, like bank accounts and
credit card numbers. A virtual private network, also known as a VPN, is a network security
service that changes your public IP address and hides your virtual location so
that you can keep your data private when you’re
using a public network like the internet. VPNs also encrypt
your data as it travels across the internet
to preserve confidentiality. A VPN service performs encapsulation on your
data in transit. Encapsulation is a
process performed by a VPN service that protects your data by wrapping sensitive data in
other data packets. Previously, you learned how
the MAC and IP address of the destination
device is contained in the header and footer
of a data packet. This is a security
threat because it shows the IP and virtual location
of your private network. You could secure a data
packet by encrypting it to make sure your information
can’t be deciphered, but then network routers
won’t be able to read the IP and MAC address to
know where to send it to. This means you won’t
be able to connect to the internet site or the
service that you want. Encapsulation
solves this problem while still maintaining
your privacy. VPN services encrypt
your data packets and encapsulate them in
other data packets that the routers can read. This allows your
network requests to reach their destination, but still encrypts
your personal data so it’s unreadable
while in transit. A VPN also uses an
encrypted tunnel between your device
and the VPN server. The encryption is unhackable
without a cryptographic key, so no one can access your data. VPN services are
simple and offer significant protection while
you’re on the internet. With a VPN, you have the added assurance
that your data is encrypted, and your IP address and virtual location are unreadable
to malicious actors.

Security zones in Cybersecurity

Security zones are a network security feature that segments a network into different zones, each with its own access permissions and security rules. This helps to protect the internal network from unauthorized access and malicious attacks.

Benefits of using security zones:

• Improved security: Security zones can help to improve security by isolating different parts of the network from each other. This makes it more difficult for attackers to move laterally through the network if they breach one zone.
• Enhanced privacy: Security zones can also help to enhance privacy by keeping sensitive data in a separate zone from the rest of the network. This makes it more difficult for unauthorized users to access sensitive data.
• Increased compliance: Security zones can also help organizations to comply with various regulations, such as the General Data Protection Regulation (GDPR).

Types of security zones:

There are many different ways to segment a network into security zones. Some common types of security zones include:

• Demilitarized zone (DMZ): A DMZ is a public-facing network that contains services that need to be accessible from the internet, such as web servers, mail servers, and DNS servers. The DMZ is typically isolated from the rest of the network by firewalls.
• Internal network: The internal network is a private network that contains the organization’s critical data and servers. The internal network is typically protected from the internet by firewalls.
• Restricted zone: A restricted zone is a highly secure network that contains the organization’s most confidential information. The restricted zone is typically isolated from the rest of the network by firewalls and other security controls.

Designing security zones:

When designing security zones, it is important to consider the following factors:

• The organization’s security requirements: The organization’s security requirements will determine the number and type of security zones that are needed.
• The network architecture: The network architecture will also affect the design of the security zones.
• The organization’s budget: The organization’s budget will also need to be considered when designing security zones.

Implementing security zones:

There are a number of different ways to implement security zones. One common way is to use firewalls to isolate the different zones from each other. Another way to implement security zones is to use VLANs (virtual local area networks). VLANs allow you to create multiple logical networks on a single physical network.

Best practices for security zones:

Here are some best practices for security zones:

• Implement multiple layers of defense: Don’t rely on just one security control to protect your security zones. Use multiple layers of defense, such as firewalls, VLANs, and intrusion detection systems.
• Keep your security zones up to date: Regularly review and update your security zones to make sure that they meet your organization’s security requirements.
• Educate your employees: Educate your employees about the importance of security zones and how to use them properly.

Conclusion

Security zones are an important part of any cybersecurity strategy. By segmenting your network into security zones, you can help to improve security, enhance privacy, and increase compliance.

Which of the following areas are in the controlled zone? Select all that apply.

Demilitarized zone (DMZ)

The DMZ, internal network, and restricted zones are all within the controlled zone. The DMZ contains public-facing services that can access the internet.

Restricted zone

The DMZ, internal network, and restricted zones are all within the controlled zone. The restricted zone protects highly confidential information that is only accessible to employees with certain privileges.

Internal network

The DMZ, internal network, and restricted zones are all within the controlled zone. The internal network contains private servers and data that the organization needs to protect.

In this section, we’ll
discuss a type of network security feature
called a security zone. Security zones are a
segment of a network that protects the internal
network from the internet. They are a part of a
security technique called network segmentation that divides the network
into segments. Each network segment has its own access permissions
and security rules. Security zones control who can access different
segments of a network. Security zones act as a
barrier to internal networks, maintain privacy within
corporate groups, and prevent issues from
spreading to the whole network. One example of network
segmentation is a hotel that offers
free public Wi-Fi. The unsecured guest network
is kept separate from another encrypted network
used by the hotel staff. Additionally, an organization’s network can be divided into subnetworks, or subnets, to maintain privacy for each
department in a organization. For instance, at a university, there may be a faculty subnet and a separate students subnet. If there is contamination
on the student’s subnet, network administrators
can isolate it and keep the rest of the network
free from contamination. An organization’s network
is classified into two types of security
zones. First, there’s the uncontrolled zone, which is any network outside of the organization’s control,
like the internet. Then, there’s the
controlled zone, which is a subnet that protects the internal network from
the uncontrolled zone. There are several types of networks within the
controlled zone. On the outer layer is
the demilitarized zone, or DMZ, which contains public-facing services that
can access the internet. This includes web servers, proxy servers that host
websites for the public, and DNS servers that provide IP addresses for internet users. It also includes email and file servers that handle
external communications. The DMZ acts as a network perimeter to
the internal network. The internal network
contains private servers and data that the organization
needs to protect. Inside the internal network is another zone called
the restricted zone. The restricted zone protects highly confidential
information that is only accessible to employees
with certain privileges. Now, let’s try to picture
these security zones. Ideally, the DMZ is
situated between two firewalls. One of them filters traffic outside the DMZ, and one of them filters traffic entering the internal network. This protects the
internal network with several lines of defense. If there’s a restricted zone, that too would be protected with another firewall. This way, attacks that penetrate into the DMZ network cannot spread
to the internal network, and attacks that penetrate the internal network cannot
access the restricted zone. As a security analyst, you may be responsible
for regulating access control policies
on these firewalls. Security teams can
control traffic reaching the DMZ and the internal network by restricting IPs and ports. For example, an analyst
may ensure that only HTTPS traffic is allowed to access web
servers in the DMZ. Security zones are an important part of
securing networks, especially in large
organizations. Understanding how
they are used is essential for all
security analysts. Coming up, we’ll learn about
securing internal networks.

What is a proxy server?

A proxy server is a server that acts as an intermediary between a client and the internet. It intercepts all incoming and outgoing requests from the client and forwards them to the appropriate servers. The proxy server can also modify the requests or responses before they are forwarded.

How do proxy servers work?

When a client wants to access a website, it sends a request to the proxy server. The proxy server then forwards the request to the web server. The web server sends the response back to the proxy server, which then forwards it to the client.

Benefits of using proxy servers in cybersecurity

Proxy servers can provide a number of benefits for cybersecurity, including:

• Improved security: Proxy servers can hide the client’s IP address from the internet, which can help to protect the client from cyberattacks.
• Content filtering: Proxy servers can be used to filter content, such as blocking access to malicious websites or websites that are not relevant to the organization.
• Caching: Proxy servers can cache frequently accessed websites, which can improve performance and reduce bandwidth usage.
• Load balancing: Proxy servers can be used to distribute traffic across multiple servers, which can improve performance and reliability.

Types of proxy servers

There are two main types of proxy servers:

• Transparent proxy servers: Transparent proxy servers do not modify the requests or responses that they forward.
• Non-transparent proxy servers: Non-transparent proxy servers modify the requests or responses that they forward. This can be done to hide the client’s IP address, filter content, or cache frequently accessed websites.

How to use proxy servers in cybersecurity

Proxy servers can be used in a variety of ways to improve cybersecurity. Here are a few examples:

• Blocking malicious websites: Proxy servers can be used to block access to malicious websites, such as websites that are known to distribute malware or phishing attacks.
• Protecting internal networks: Proxy servers can be used to protect internal networks from cyberattacks by hiding the IP addresses of internal servers.
• Monitoring network traffic: Proxy servers can be used to monitor network traffic for suspicious activity.
• Enforcing policies: Proxy servers can be used to enforce policies, such as blocking access to certain websites or limiting bandwidth usage.

Best practices for using proxy servers in cybersecurity

Here are some best practices for using proxy servers in cybersecurity:

• Use a reputable proxy server provider: Choose a proxy server provider that has a good reputation and offers security features such as encryption and IP filtering.
• Keep your proxy server software up to date: Make sure to keep your proxy server software up to date with the latest security patches.
• Configure your proxy server correctly: Configure your proxy server correctly to ensure that it is providing the desired security features.
• Monitor your proxy server: Monitor your proxy server for suspicious activity and make sure that it is performing as expected.

Proxy servers can be a valuable tool for improving cybersecurity. By following the best practices above, you can use proxy servers to protect your organization from cyberattacks.

Fill in the blank: A(n) _____ regulates and restricts the internet’s access to an internal server.

reverse proxy server

A reverse proxy server regulates and restricts the internet’s access to an internal server.

Previously, we discussed how firewalls,
VPNs, and security zones help to secure networks. Next, we’ll cover how to secure
internal networks with proxy servers. Proxy servers are another system
that helps secure networks. The definition of a proxy server is
a server that fulfills the request of a client by forwarding
them on to other servers. The proxy server is a dedicated server
that sits between the internet and the rest of the network. When a request to connect to
the network comes in from the internet, the proxy server will determine if
the connection request is safe. The proxy server is a public IP address
that is different from the rest of the private network. This hides the private network’s IP address
from malicious actors on the internet and adds a layer of security. Let’s examine how this
will work with an example. When a client receives an HTTPS response,
they will notice a distorted IP address or no IP address rather than the real IP
address of the organization’s web server. A proxy server can also be used to block
unsafe websites that users aren’t allowed to access on an organization’s network. A proxy server uses temporary
memory to store data that’s regularly requested by external servers. This way, it doesn’t have to fetch
data from an organization’s internal servers every time. This enhances security by reducing
contact with the internal server. There are different types of proxy
servers that support network security. This is important for
security analysts who monitor traffic from various proxy servers and
may need to know what purpose they serve. Let’s explore some different
types of proxy servers. A forward proxy server regulates and restricts a person with
access to the internet. The goal is to hide a user’s IP address
and approve all outgoing requests. In the context of an organization, a forward proxy server receives outgoing
traffic from an employee, approves it, and then forwards it on to
the destination on the internet. A reverse proxy server regulates and restricts the internet access
to an internal server. The goal is to accept traffic from
external parties, approve it, and forward it to the internal servers. This setup is useful for
protecting internal web servers containing confidential data from exposing their
IP address to external parties. An email proxy server is
another valuable security tool. It filters spam email by verifying
whether a sender’s address was forged. This reduces the risk of phishing
attacks that impersonate people known to the organization. Let’s talk about a real world
example of an email proxy. Several years ago when I was working
at a large U.S. broadband ISP, we used a proxy server to implement
multiple layers of anti-spam filtering before a message was allowed in for
delivery. It ended up tagging around
95% of messages as spam. The proxy servers would’ve
allowed us to filter and then scale those filters without
impacting the underlying email platform. Proxy servers play an important part in
network security by filtering incoming and outgoing traffic and
staying alert to network attacks. These devices add a layer of protection
from the unsecured public network that we call the internet.

You’ve learned a lot about
some complex topics. I want to congratulate you for
coming this far in the program. Let’s recap what we’ve
covered in this section. First, we discussed common network
protocols like TCP, ARP, HTTPS, and DNS. And then we covered how
virtual private networks, or VPNs, can be used to maintain
privacy on a public network. Finally, we explored how firewalls,
security zones, and proxy servers help to secure
network infrastructure. Overall, network operations is a vast
topic involving various tools, protocols, and techniques that help
networks run smoothly and securely. Feel free to come back and
review these videos at any time. You’ll use this information in any
type of role as a security analyst.