Category 04: Network Security (60 Facts)

CIA Triad = Confidentiality, Integrity, Availability — core security goals (Domain 4.1).
Defense in Depth uses multiple layers of security controls (Domain 4.1).
Least privilege ensures users get only the access they need (Domain 4.1).
Zero Trust assumes no implicit trust for devices or users (Domain 4.1).
AAA framework = Authentication, Authorization, Accounting (Domain 4.1).
Authentication verifies identity (password, biometric, token) (Domain 4.1).
Authorization grants access to resources based on policies (Domain 4.1).
Accounting logs user activities for auditing (Domain 4.1).

DoS (Denial of Service) floods a resource to make it unavailable (Domain 4.2).
DDoS uses many compromised devices to overwhelm targets (Domain 4.2).
Man-in-the-middle (MITM) intercepts and alters communication (Domain 4.2).
Phishing tricks users into revealing credentials via fake emails (Domain 4.2).
Spear phishing targets specific individuals with tailored messages (Domain 4.2).
Whaling targets high-profile executives (Domain 4.2).
Ransomware encrypts data until payment is made (Domain 4.2).
Logic bombs execute malicious actions when triggered (Domain 4.2).
Password attacks include brute force, dictionary, and rainbow tables (Domain 4.2).
Social engineering manipulates people into giving up info (Domain 4.2).

Firewalls filter traffic based on rules (Domain 4.3).
Host-based firewalls protect individual devices (Domain 4.3).
Next-Generation Firewalls (NGFW) add deep packet inspection (Domain 4.3).
IDS (Intrusion Detection System) alerts on suspicious activity (Domain 4.3).
IPS (Intrusion Prevention System) blocks malicious traffic (Domain 4.3).
SIEM (Security Information and Event Management) aggregates logs and alerts (Domain 4.3).
Proxy servers obscure client identity and filter content (Domain 4.3).
Content filters block malicious or unwanted websites (Domain 4.3).
DLP (Data Loss Prevention) stops unauthorized data exfiltration (Domain 4.3).
NAC (Network Access Control) enforces endpoint compliance before access (Domain 4.3).

RADIUS provides centralized AAA for network access (UDP 1812/1813) (Domain 4.4).
TACACS+ is Cisco’s AAA protocol using TCP 49 (Domain 4.4).
Kerberos uses tickets for authentication in Windows domains (Domain 4.4).
LDAP/LDAPS provides directory-based authentication (Domain 4.4).
MFA (Multi-Factor Authentication) combines two or more factors (Domain 4.4).
Something you know = password, PIN (Domain 4.4).
Something you have = smart card, token, phone (Domain 4.4).
Something you are = biometric (fingerprint, retina) (Domain 4.4).
Geolocation can be used as an authentication factor (Domain 4.4).
SSO (Single Sign-On) allows one login for multiple apps (Domain 4.4).

HTTPS (443) secures web traffic with TLS (Domain 4.5).
SSH (22) provides encrypted remote access (Domain 4.5).
SFTP uses SSH for secure file transfer (Domain 4.5).
FTPS adds TLS encryption to FTP (Domain 4.5).
SNMPv3 encrypts management traffic, unlike v1/v2c (Domain 4.5).
IPsec encrypts IP traffic with AH/ESP headers (Domain 4.5).
IKE (Internet Key Exchange) establishes IPsec VPN sessions (Domain 4.5).
TLS is the standard encryption protocol for data-in-transit (Domain 4.5).
DNSSEC adds authentication to DNS lookups (Domain 4.5).
SMTP with STARTTLS secures email transport (Domain 4.5).

WEP is insecure and deprecated (Domain 4.6).
WPA uses TKIP encryption, less secure than WPA2 (Domain 4.6).
WPA2 uses AES-based CCMP encryption (Domain 4.6).
WPA3 adds forward secrecy and stronger handshakes (Domain 4.6).
Open networks provide no encryption, only convenience (Domain 4.6).
Enterprise Wi-Fi uses 802.1X authentication with RADIUS (Domain 4.6).
Pre-shared key (PSK) is used for home/small office Wi-Fi (Domain 4.6).
Captive portals require login before internet access (Domain 4.6).
Rogue APs are unauthorized access points (Domain 4.6).
Evil twin attacks mimic real APs to steal credentials (Domain 4.6).

📊 Category Total: 60 Facts (threats, controls, protocols, wireless, and physical security fully covered)

Provide feedback