Network Defense (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Network Defense Knowledge Unit is to provide students with knowledge of the concepts used in defending a network, and the basic tools and techniques that can be taken to protect a network and communication assets from cyber threats.


After completing the KU, students will be able to:

  1. Evaluate the key concepts in network defense (defense in depth, minimizing exposure, etc.).
  2. Analyze how network defense tools are used to defend against attacks and mitigate vulnerabilities.
  3. Assess how security policies are implemented on systems to protect a network.
  4. Compare how network operational procedures relate to network security.
  5. Create and apply network defense mechanisms such as firewalls, VPNs, etc.


Because of the nature of the material - All topics and subtopics are required in this KU

  1. Outline concepts of network defense, such as:
    • Defense in Depth
    • Network attacks
    • Network Hardening
    • Minimizing Exposure (Attack Surface and Vectors)
  2. Network defense/monitoring tools:
    • Implementation of Firewalls
    • DMZs / Proxy Servers
    • VPNs
    • Honeypots and Honeynets
    • Implementation of IDS/IPS
  3. Network Operations
    • Network Security Monitoring
    • Network Traffic Analysis
  4. Network security policies as they relate to network defense/security:
    • Network Access Control (internal and external)
    • Network Policy Development and Enforcement


  1. Implement a basic firewall.
  2. Create and use a VPN.
  3. Create and apply an Access Control List (ACL)

NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units

Original Knowledge Unit

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]


Reference ID[edit]