🚀 Early Adopter Price: $39/mo for lifeClaim Your Price →
Network Security Basics
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
SecurityAssociateFreeComing Soon

Network Security Basics

The Network Security Basics course teaches how to defend networks against common threats — perimeter and internal segmentation, firewalls, IDS/IPS, secure protocols, VPNs, wireless security, and DDoS mitigation — with practical guidance for designing and operating defensible networks.

Who Should Take This

Entry-level network engineers, IT generalists, and aspiring security professionals who understand basic networking (TCP/IP, routing, DNS) and want to apply security to those fundamentals. Learners finish able to design segmented networks, configure baseline firewall rules, recognize common network attacks, and reason about secure protocol selection.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
13 Activity Formats

Course Outline

1Network Security Models
3 topics

Defense in Depth and Layered Controls

  • Define defense in depth and identify network, host, application, and data layers where controls can be applied.
  • Apply layered control selection to a small enterprise scenario, placing controls at perimeter, internal, and host layers.

Segmentation and Trust Zones

  • Define network segmentation and explain how trust zones (untrusted/internet, DMZ, internal, restricted) limit blast radius.
  • Distinguish VLAN-based segmentation from subnet-based segmentation and from microsegmentation, and identify when each is appropriate.
  • Apply segmentation design to a scenario containing public web servers, internal databases, and sensitive HR data.

Threat Models for Networks

  • Identify common network threat actors (external opportunistic, targeted external, malicious insider, compromised insider) and their typical objectives.
  • Analyze a breach scenario and trace the network controls that should have detected, prevented, or contained each step.
2Firewalls and Access Control
3 topics

Stateful Firewalls

  • Describe stateful packet filtering and explain how the connection table tracks established TCP/UDP flows.
  • Apply five-tuple firewall rule design (src IP, dst IP, src port, dst port, protocol) for common services like HTTPS, SSH, and RDP.
  • Analyze a permissive firewall ruleset and identify rules that violate least privilege or contradict the stated policy.

Next-Generation Firewalls and Application Layer

  • Identify NGFW capabilities beyond stateful filtering: TLS inspection, application identification, IDS/IPS, URL filtering, and identity awareness.
  • Compare TLS inspection deployment models (forward proxy, reverse proxy, passive decryption) and the privacy and operational trade-offs of each.

Egress Filtering and Allowlisting

  • Define egress filtering and explain why outbound traffic restrictions reduce data exfiltration and command-and-control success.
  • Apply egress allowlist design for a workload that should reach only known package repositories and a single SaaS API.
3Detection and Monitoring
3 topics

IDS and IPS

  • Distinguish IDS (detection only) from IPS (inline blocking) and identify network-based vs host-based deployments.
  • Compare signature-based detection (Snort/Suricata rules) with anomaly and behavioral detection in terms of false-positive and false-negative profiles.

Network Flow and Packet Capture

  • Identify NetFlow/IPFIX records and full-packet capture as two complementary network telemetry sources.
  • Apply tcpdump or Wireshark to capture and inspect a TCP three-way handshake or a TLS ClientHello, identifying SNI and cipher suites.

SIEM and Alerting

  • Define a SIEM and describe how it ingests logs and network telemetry to produce correlated alerts.
  • Analyze an alerting strategy that suffers from alert fatigue and propose tuning steps grounded in detection-engineering principles.
4Secure Protocols
4 topics

TLS in Practice

  • Identify TLS 1.2/1.3 as the dominant transport security protocol and describe its primary guarantees: confidentiality, integrity, and server authentication.
  • Apply HTTPS configuration best practices: TLS 1.2+ only, strong cipher suites, HSTS, and valid certificates from a trusted CA.

SSH and Remote Access

  • Describe SSH key-based authentication and explain why it is preferred over password authentication for remote access.
  • Apply SSH hardening: disable root login, disable password auth, restrict by source IP, and use ssh-agent forwarding cautiously.

Email Authentication

  • Identify SPF, DKIM, and DMARC and describe what each contributes to email sender authentication and anti-spoofing.
  • Analyze a domain's published DMARC policy (none/quarantine/reject) and evaluate whether it provides effective spoofing protection.

DNS Security

  • Identify DNSSEC, DNS over TLS (DoT), and DNS over HTTPS (DoH) and describe what each protects against.
  • Compare DNSSEC (data origin authentication for resolvers) with DoT/DoH (transport confidentiality between client and resolver) and identify what neither protects against.
5VPNs and Remote Access
3 topics

Site-to-Site VPNs

  • Describe site-to-site IPsec VPN concepts: IKE phases, security associations, ESP, and tunnel vs transport mode.
  • Apply IPsec tunnel design between two corporate sites with overlapping private address spaces, applying NAT or segment renumbering.

Remote-Access VPNs

  • Distinguish SSL/TLS-based remote-access VPNs from IPsec remote-access VPNs and from modern WireGuard deployments.
  • Analyze a 'split tunnel vs full tunnel' policy decision and evaluate the trade-offs in user experience, performance, and DLP coverage.

Zero Trust and ZTNA

  • Define ZTNA (Zero Trust Network Access) and contrast it with traditional VPNs in terms of identity-driven access and per-application segmentation.
  • Apply ZTNA principles to a remote-workforce scenario and identify which legacy VPN concerns it addresses.
6Wireless and DDoS
3 topics

Wi-Fi Security

  • Identify WPA2-Personal, WPA2-Enterprise (802.1X), and WPA3 as the relevant Wi-Fi security modes and describe the differences.
  • Apply WPA2-Enterprise design with RADIUS for an office network and explain why WPA2-Personal is unsuitable above small environments.
  • Identify the SAE handshake in WPA3 and explain why it resists offline dictionary attacks where WPA2-Personal does not.

Common Wireless Attacks

  • Identify rogue APs, evil twin, deauthentication attacks, and KRACK as common Wi-Fi threats.
  • Analyze an evil-twin scenario and evaluate which controls (certificate-pinned EAP-TLS, client-side Wi-Fi profiles) reduce the success rate.

DDoS and Volumetric Attacks

  • Identify the three categories of DDoS attacks: volumetric, protocol, and application-layer, and give an example of each.
  • Apply DDoS mitigation patterns: anycast, scrubbing centers, rate limiting, and CDN-based absorption for volumetric attacks.
  • Analyze a 100 Gbps amplification DDoS scenario and evaluate why on-premises mitigation alone is insufficient.
7Endpoint and Edge Security
7 topics

Endpoint Detection and Response (EDR)

  • Define EDR and identify common capabilities: process tree visibility, behavioral detection, response actions (isolate host, kill process), and centralized telemetry.
  • Distinguish traditional antivirus from EDR/XDR and identify the role of MDR (managed detection and response) services.
  • Apply baseline EDR deployment guidance: full coverage of servers and workstations, telemetry retention sufficient for IR, and integration with SIEM and identity signals.

Network Access Control (NAC)

  • Identify NAC and describe its role in posture-based admission to corporate networks (device health checks, certificate-based identification).
  • Apply 802.1X with EAP-TLS for wired and wireless NAC, and describe how compromised endpoints are quarantined.

Web and Email Filtering

  • Identify Secure Web Gateways (SWG) and Secure Email Gateways (SEG) and describe their role in URL/category filtering, sandboxing, and attachment analysis.
  • Apply layered phishing defense: SEG inbound filtering + SWG egress filtering + endpoint protection + user reporting + DMARC enforcement.

Data Loss Prevention (DLP)

  • Define DLP and identify the three deployment points: endpoint DLP, network DLP, and cloud DLP / CASB-integrated DLP.
  • Apply DLP policy authoring: classify sensitive data, define detection rules (regex, dictionaries, classifiers), and choose enforcement (block, alert, quarantine) per channel.
  • Analyze a DLP scenario with high false-positive rates and propose tuning grounded in classifier confidence, exception lists, and channel scoping.

Web Application Firewall (WAF) and CDN Security

  • Identify WAF capabilities (OWASP CRS rules, virtual patching, bot management) and identify cloud-managed (AWS WAF, Cloudflare, Akamai) and self-hosted (ModSecurity, Coraza) options.
  • Apply WAF deployment: managed rule sets in detection mode first, tuning to reduce false positives, then enforce in blocking mode with allowlists for known traffic.
  • Analyze a 'WAF bypassed via second-order injection' scenario and explain why WAFs are a defense layer, not a substitute for input validation in application code.

Bastion Hosts and Jump Servers

  • Define a bastion / jump host and identify its role in restricting and auditing access to private resources.
  • Apply session-based bastion patterns: short-lived SSH certificates, MFA at the bastion, full session recording, and no shared admin accounts.
  • Analyze why exposing SSH/RDP directly to the internet — even with strong credentials — is generally inferior to bastion + ZTNA + IP-restricted access.

Network Telemetry Correlation

  • Identify how network flow data, EDR events, and identity events are correlated for cross-layer detection and threat hunting.
  • Apply a baseline detection use case: 'EDR malware alert + outbound C2 connection in NetFlow + suspicious authentication' as a high-confidence multi-signal alert.

Scope

Included Topics

  • Network security models (defense in depth, segmentation, zero trust at a conceptual level).
  • Firewalls: stateful packet filtering, NGFW, application-layer filtering, and policy design.
  • Intrusion detection and prevention (signature, anomaly, behavioral) and SIEM integration.
  • Secure protocols: TLS, SSH, IPsec, DNSSEC, DoT/DoH, and DKIM/DMARC/SPF for email.
  • VPN technologies: site-to-site IPsec, remote-access SSL/TLS VPN, WireGuard.
  • Wireless security: WPA2-Personal/Enterprise, WPA3, captive portals, rogue AP detection.
  • Network segmentation: VLANs, subnets, microsegmentation, demilitarized zones (DMZ).
  • Common network attacks: ARP/DNS poisoning, MITM, port scans, lateral movement, DDoS.
  • Mitigations: rate limiting, anycast, scrubbing centers, ingress/egress filtering, port security.

Not Covered

  • Deep protocol implementation details (TCP state machines beyond conceptual depth).
  • Vendor-specific configuration syntax beyond illustrative examples.
  • Advanced threat hunting and DFIR techniques (covered in dedicated specs).

Network Security Basics is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified