Network Security
Design, harden, and monitor secure networks with firewalls, segmentation, VPNs, and IDS/IPS.
1. Network Security Principles
Defense in depth for networks, zoning, segmentation, and traffic flows.
2. Firewalls and ACL Design
Packet/stateful/NGFW concepts, ACL best practices, and change control.
3. Lab: Firewall Policy Build
Create and test layered firewall rules with logging and least privilege.
4. VPNs and Secure Remote Access
Site-to-site vs remote access, IPSec basics, TLS VPN concepts, and hardening.
5. Intrusion Detection/Prevention
IDS/IPS fundamentals, signatures vs anomaly, placement, and tuning.
6. Lab: Deploy IDS/IPS
Set up an IDS/IPS, capture alerts, tune noise, and validate detections.
7. Network Monitoring and Response
NetFlow/PCAP basics, SIEM ingestion, alert triage, and incident playbooks.
8. Assignment: Secure Network Build
Design a segmented network with firewall, VPN, IDS/IPS, and monitoring.
9. Quiz: Network Security
Assess firewall, VPN, IDS/IPS, and monitoring knowledge.
10. TCP/IP Deep Dive for Defenders
Understand packet flow, transport behavior, and protocol weaknesses that drive network attack paths.
11. Routing and Switching Security
Learn VLAN security, trunk hardening, secure routing protocols, and common misconfiguration risks.
12. Lab: Segment and Secure VLANs
Create segmented VLAN design, apply ACLs, and test whether unauthorized traffic is blocked.
13. DNS and DHCP Security
Cover poisoning risks, rogue DHCP, DNS filtering, and defensive hardening for critical network services.
14. Secure Firewall Architecture
Design layered firewall zones, egress controls, management plane security, and rule lifecycle practices.
15. Lab: Firewall Rule Quality Review
Audit a firewall policy for shadowed, redundant, and overly permissive rules; propose safe improvements.
16. Secure Remote Access Architecture
Evaluate VPN patterns, posture checks, MFA enforcement, and privileged remote administration controls.
17. Wireless Security Fundamentals
Understand WPA2/WPA3, rogue AP detection, guest isolation, and wireless hardening strategies.
18. Lab: Wireless Security Hardening Plan
Design a secure wireless blueprint including authentication method, segmentation, and monitoring controls.
19. Network Traffic Analysis Basics
Learn packet capture fundamentals, protocol decoding, and early anomaly detection in baseline traffic.
20. SIEM Correlation for Network Alerts
Build simple correlation logic to reduce noise and prioritize meaningful network security events.
21. Lab: Alert Triage and Escalation
Analyze network alerts, classify severity, and apply escalation rules with response guidance.
22. Threat Hunting in Network Data
Use hypotheses and indicators to hunt suspicious patterns in logs and flow records.
23. Lab: Threat Hunt Exercise
Perform a guided hunt using predefined hypotheses and validate findings with evidence.
24. Network Security Metrics and Reporting
Define useful KPIs such as MTTR, block rates, false positive ratio, and trend reporting for leadership.
25. Capstone: Enterprise Network Defense Design
Create an end-to-end secure network design with segmentation, firewall, VPN, IDS/IPS, monitoring, and response playbooks.