• Network Security: Subdomain of cybersecurity that is the superset of all operations to protect devices on a network.
• Network Traffic Analysis: A subdomain of network security that focuses on analyzing the data on a network.

Task 2 - Network security and network data:

• Core concepts of network security: authentication and authorization.
• Base network security control level: physical, technical, and administrative.
• Main approaches: access control (set of controls to ensure authentication and authorization) and threat control (detecting and preventing malicious activities on the network).
• Key elements of access control: firewall protection, network access control, identity and access management, load balancing, network segmentation, VPN, and zero trust model.
• Key elements of threat control: intrusion detection/prevention systems, data loss prevention, endpoint protection, cloud security, security information and event management, security orchestration automation and response (SOAR), network traffic analysis, and network detection and response.

Task 3 - Traffic Analysis:

• Main techniques of traffic analysis: flow analysis (statistical results through data summary from networking devices rather than packet analysis) and packet analysis (collects all available network data for in-depth analysis).

Activity: A mock site that shows IP addresses connected to a network interacting via a switch.

• Identified and blocked two suspicious IP addresses trying to access TCP/UDP information as suggested by their behavior in the IDS/IPS table.

• Identified three suspicious ports in the destination sockets.

Task 4 - Conclusion:

• This room taught me the basic theory and importance of traffic analysis as well as its use in network security and security analysis roles.