Network Security: Architecting the Foundation
Network Security provided by the SDSU Global Campus is a course designed to build the skill set needed to secure, manage, and operate network communication equipment and systems for a variety of organizational types. Network security is part of the foundation of any businesses’ security posture and allows you the capability to build security policies and procedures for any size company.
This network security course, provided by ThriveDX, teaches the necessary skills to architect a network with “least privilege” security controls in place that monitor and protect the users and the network.
| SDSU Global Campus | Network Security |
|---|---|
| Classroom Hours: | 39.5 |
| Completion Date: | 12/6/2021 |
| Skills Practiced: | IDS, IPS, SSH, firewall rules, port forwarding, ncrack, hping3 |
Final Project:
You are the new SOC analyst for a company network and your responsibilities are to manage the service and security tickets. You must organize the tasks, configure services, customize rules and perform security measures required to resolve the detected issues. You must configure everything with best security practices in mind.
Resolution:
Using Virtual Box, there are four virtual machines required to replicate the environment of the final project.
- pfSense – configured as a router and firewall with Suricata installed for IPS and IDS and OpenVPN installed for remote connections. This is the backbone for the internal network.
- Kali – configured as an attacker on an external network from the simulated internal network.
- Debian – represents a workstation in the simulated internal network.
- Ubuntu – represents a web server in the simulated internal network.
Task 1: Block Unwanted Traffic
Configure the pfSense firewall to block a specific type of traffic to the internal workstation. ICMP traffic is used to represent unwanted network traffic, like gaming of gambling.
Task 2: Quick Solution for Remote Access
Configure the Ubuntu machine to allow SSH connections from an external source. Create a NAT port forwarding rule in pfSense that directs external traffic to your internal services. Setup a firewall rule to allow the external traffic only on specific ports and protocols.
Task 3: The All-Seeing Eye
Using Suricata and pfSense, set up alerts that notify a system administrator of a SSH brute force attack or a HTTP DoS attack. These alerts will then be configured to display into the pfsense dashboard, and eventually would be synchronized with an internal SIEM like Splunk, even though that part is out of the scope of this class. We then validated our configuration using the Kali machine to perform a DoS attack with hping3 on the Ubuntu server in the internal network and used ncrack to simulate the brute force attack.
In Conclusion….
Graduates of the Network Security Course show a basic understanding of protecting endpoint mechanisms through a layered approach with traffic analysis. The use of authentication systems and port security to help prevent certain exploits in a network in both layer two and three with the help of firewalls, IPS, and IDS.
Learners have shown skill in applying network security for an enterprise environment including hardening network devices, firewall setup, TACACS+ and RADIUS protocol for AAA, VPN set up for Enterprises, and disabling insecure and legacy network protocols.
The Network Security Course includes synchronous content combined with asynchronous
content by Stanford: Network Security, which covers the following topics:
- Application security measures
- How to identify operating system holes
- The important relationship between privacy and digital rights management
- Trends in malware, privacy, and security for mobile devices
- Ways to prevent network attacks and gaps in security policy