Network Defense
The intent of the Network Defense Knowledge Unit is to provide students with knowledge of the concepts used in defending a network, and the basic tools and techniques that can be taken to protect a network and communication assets from cyber threats.
Topics
- Network security policies as they relate to network defense/security: a. Network Access Control (internal and external)
- Network security policies as they relate to network defense/security:
- Network security policies as they relate to network defense/security: a. Network Access Control (internal and external) b. Network Policy Development and Enforcement
- Network defense/monitoring tools: a. Implementing Firewalls b. DMZs / Proxy Servers c. VPNs d. Honeypots and Honeynets e. Implementing IDS/IPS
- Network Operations a. Network Security Monitoring b. Network Traffic Analysis
- Outline concepts of network defense, such as: a. Defense in Depth b. Network attacks c. Network Hardening d. Minimizing Exposure (Attack Surface and Vectors)
- Explain how network defense tools (firewalls, IDS, etc.) are used to defend against attacks and mitigate vulnerabilities.
- Outline concepts of network defense, such as: a. Defense in Depth b. Network attacks c. Network Hardening d. Minimizing Exposure (Attack Surface and Vectors)
- Network defense/monitoring tools: a. Implementing Firewalls b. DMZs / Proxy Servers c. VPNs d. Honeypots and Honeynets e. Implementing IDS/IPS
- Network Operations a. Network Security Monitoring b. Network Traffic Analysis
- Network security policies as they relate to network defense/security: a. Network Access Control (internal and external) b. Network Policy Development and Enforcement
- Network Operations
- Network defense/monitoring tools:
- Outline concepts of network defense, such as:
- Implementing Firewalls
- DMZs / Proxy Servers
- VPNs
- Honeypots and Honeynets
- Implementing IDS/IPS
- Network Security Monitoring
- Network Traffic Analysis
- Network defense/monitoring tools
- VPN
- b. Network Traffic Analysis
- Network attacks
- Outline concepts of network defense, such as
Outcomes
- Describe the key concepts in network defense (defense in depth, minimizing exposure, etc.).
- Explain how network defense tools (firewalls, IDS, etc.) are used to defend against attacks and mitigate vulnerabilities.
- Analyze how security policies are implemented on systems to protect a network.
- Evaluate how network operational procedures relate to network security.
- Describe the key concepts in network defense (defense in depth, minimizing exposure, etc.)
- Outline concepts of network defense, such as: a. Defense in Depth b. Network attacks c. Network Hardening d. Minimizing Exposure (Attack Surface and Vectors)
- Network defense/monitoring tools: a. Implementing Firewalls b. DMZs / Proxy Servers c. VPNs d. Honeypots and Honeynets e. Implementing IDS/IPS
- Network Operations a. Network Security Monitoring b. Network Traffic Analysis
- Network security policies as they relate to network defense/security: a. Network Access Control (internal and external) b. Network Policy Development and Enforcement
- Explain how network defense tools (firewalls, IDS, etc.) are used to defend against attacks and mitigate vulnerabilities
- Analyze how security policies are implemented on systems to protect a network
- Network Operations
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
| ID | DESCRIPTION |
|---|---|
| K0003 | Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. |
| K0007 | Knowledge of authentication, authorization, and access control methods. |
| K0033 | Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). |
| K0056 | Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). |
| K0157 | Knowledge of cyber defense and information security policies, procedures, and regulations. |
| K0222 | Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities. |
| K0242 | Knowledge of organizational security policies. |
| K0336 | Knowledge of access authentication methods. |
| K0034 | Knowledge of network services and protocols interactions that provide network communications. |
| K0324 | Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. |
| K0334 | Knowledge of network traffic analysis (tools, methodologies, processes). |
| K0272 | Knowledge of network analysis tools used to identify software communications vulnerabilities. |
| K0316 | Knowledge of business or military operation plans, concept operation plans, orders, policies, and standing rules of engagement. |
| K0058 | Knowledge of network traffic analysis methods. |
| K0106 | Knowledge of what constitutes a network attack and a network attack??s relationship to both threats and vulnerabilities. |
| K0167 | Knowledge of system administration, network, and operating system hardening techniques. |
| K0179 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
| K0205 | Knowledge of basic system, network, and OS hardening techniques. |
| K0160 | Knowledge of the common attack vectors on the network layer. |
| K0049 | Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
| K0011 | Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. |
| K0050 | Knowledge of local area and wide area networking principles and concepts including bandwidth management. |
| K0104 | Knowledge of Virtual Private Network (VPN) security. |
| K0180 | Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. |
| K0053 | Knowledge of measures or indicators of system performance and availability. |
| K0006 | Knowledge of specific operational impacts of cybersecurity lapses. |
| K0347 | Knowledge and understanding of operational design. |
| K0499 | Knowledge of operations security. |
| K00013 | Knowledge of cyber defense and vulnerability assessment tools and their capabilities. |
| K0202 | Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). |
| K0161 | Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). |
| K0122 | Knowledge of investigative implications of hardware, Operating Systems, and network technologies. |
| K0612 | Knowledge of what constitutes a ??threat?? to a network. |
| K0487 | Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
| K0493 | Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption). |
| ID | DESCRIPTION |
|---|---|
| S0145 | Skill in integrating and applying policies that meet system security objectives. |
| S0007 | Skill in applying host/network access controls (e.g., access control list). |
| S0059 | Skill in using Virtual Private Network (VPN) devices and encryption. |
| S0079 | Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). |
| S0078 | Skill in recognizing and categorizing types of vulnerabilities and associated attacks. |
| S0121 | Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.). |
| S0084 | Skill in configuring and utilizing network protection components (e.g., Firewalls, VPNs, network intrusion detection systems). |
| S0056 | Skill in using network management tools to analyze network traffic patterns (e.g., simple network management protocol). |
| S0057 | Skill in using protocol analyzers. |
| S0004 | Skill in analyzing network traffic capacity and performance characteristics. |
| S0109 | Skill in identifying hidden patterns or relationships. |
| ID | DESCRIPTION |
|---|---|
| A0052 | Ability to operate network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware. |
| A0062 | Ability to monitor measures or indicators of system performance and availability. |
| A0065 | Ability to monitor traffic flows across the network. |
| A0015 | Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. |
| A0112 | Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance. |
| ID | DESCRIPTION |
|---|