Network Defense (2020)

The intent of the Network Defense Knowledge Unit is to provide students with knowledge of the concepts used in defending a network, and the basic tools and techniques that can be taken to protect a network and communication assets from cyber threats.

Outcomes[edit]

After completing the KU, students will be able to:

1. Evaluate the key concepts in network defense (defense in depth, minimizing exposure, etc.).
2. Analyze how network defense tools are used to defend against attacks and mitigate vulnerabilities.
3. Assess how security policies are implemented on systems to protect a network.
4. Compare how network operational procedures relate to network security.
5. Create and apply network defense mechanisms such as firewalls, VPNs, etc.

Topics[edit]

Because of the nature of the material - All topics and subtopics are required in this KU

1. Outline concepts of network defense, such as:
   • Defense in Depth
   • Network attacks
   • Network Hardening
   • Minimizing Exposure (Attack Surface and Vectors)
2. Network defense/monitoring tools:
   • Implementation of Firewalls
   • DMZs / Proxy Servers
   • VPNs
   • Honeypots and Honeynets
   • Implementation of IDS/IPS
3. Network Operations
   • Network Security Monitoring
   • Network Traffic Analysis
4. Network security policies as they relate to network defense/security:
   • Network Access Control (internal and external)
   • Network Policy Development and Enforcement

Skills[edit]

1. Implement a basic firewall.
2. Create and use a VPN.
3. Create and apply an Access Control List (ACL)

NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

• Health Care Security
• Industrial Control Systems-SCADA Security
• Network Security Administration, Specialization Area

See also[edit]

Related Knowledge Units

• Basic Networking
• Network Technology and Protocols
• Advanced Network Technology and Protocols
• Network Security Administration
• Intrusion Detection/Prevention Systems
• Wireless Sensor Networks

Original Knowledge Unit

• Network Defense (2014)

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

NDF