Security+: Network Security Devices and Technologies (SY0-401)
Please note: this article is based on information about the previous version of the Security+ exam (SY0-401), which expired in May of 2018. For updated information, please see our up-to-date Security+ listing.
Are you preparing to take the CompTIA Security+ exam and earn your certification? This entry-level credential is an excellent way to start working up to a rewarding career in the information security industry. However, if you have little experience with IT security concepts, hardware and devices, you’ll find that the learning curve can be quite steep.
You’ll need to learn about concepts ranging from ransomware to UTM security appliances in order to pass the exam. Below, we’ll explore some of the more important concepts to understand about securing network devices and technologies in order to pass the Security+ exam.
What Networking Security Devices Do You Need to Study for the Security+ Exam?
In the network environment, security is a crucial consideration. A number of devices are used to prevent unauthorized access to the network itself, as well as to individual databases, specific devices connected to the network and more. Some of the most important network security devices to study for the Security+ exam include the following:
Routers: If you have a wireless network at home, then you’re familiar with what a router does. It provides a bridge between multiple devices and a single Internet connection. Once upon a time, devices had to connect directly to a hub or modem, but today, routers provide flexibility, connectivity and, to an extent, security.
Essentially, a router just links multiple computers to the Internet, allowing one connection point to be shared, while also ensuring that data transmission happens via the fastest available channel.
Switches: Switches are superficially similar to routers in that they connect devices. However, while a router connects networks, switches actually create the network. They bridge the gap between different devices within the network, such as printers, servers and workstations, allowing those devices to communicate with one another. There are both managed and unmanaged switches in use today, as well.
Managed switches are more flexible, and can be configured manually, and offer greater control over the network. Unmanaged switches need no configuration, but you sacrifice control for that convenience. Note that unmanaged switches are more common in home networks than within business networks.
VPNs: VPN stands for virtual private network. These are important tools for security for all businesses, regardless of size or industry. They can also be used with private networks (home networks).
VPNs make use of advanced encryption to protect data while it is in transit – outside of your in-house network. Think of it as a mask applied to your entire network, including remote offices, mobile users and stationary users.
What Network Security Technologies to Know for the Security+ Exam
In addition to network security devices, you’ll need to know more about network security technologies in use today to pass the Security+ exam. Some of the most important technologies to know include the following:
Firewalls: In the world of networks, a firewall is a like a shield that protects a workstation or other device from unauthorized access, but still allows information to flow from the workstation to the outside.
Firewalls can be found in most operating systems today, and consumers use them, just as businesses and organizations do. With that being said, commercial firewalls are more robust than what home users have access to. Note that firewalls can be software, or actual physical hardware. There are multiple types in use around the world today, including the following:
- Proxy firewalls
- Stateful inspection firewalls
- Unified threat management firewalls (UTM)
- Next generation firewalls
- Threat-focused firewalls
Load Balancers: Network servers and applications can see very high usage demands. Load balancers were created to, well, balance that demand. Really, a load balancer works like a reverse proxy, and is responsible for sending traffic across a number of different servers in order to achieve maximum availability, reliability and capacity.
You’ll find both Layer 4 and Layer 7 load balancers in the market today, and they work in different ways. For instance, Layer 4 balancers only act on data within network or transport layer protocols, while Layer 7 load balancers work on date in application layer protocols. By using a load balancer, the network operates faster, resources are under less strain, and the entire networks is more reliable.
Proxies: A proxy server is basically a separate hub that allows another server to connect. Usually, the connection is to the Internet. In this instance, the server would request information, and send that request through the proxy server. The proxy would ultimately send the request to the Internet connection.
These are powerful tools for privacy, anonymity and security. They can also limit access to certain types of information online, and this is another reason they are used in corporate settings (to hopefully eliminate access to potentially harmful sites or content, for instance).
However, there are other benefits to using a proxy server, including speeding up Internet access by caching specific files. This reduces bandwidth consumption, which is an important benefit for larger corporations.
Spam Filters: We’ve all become all-too familiar with spam – that unwanted, often potentially harmful, junk email that collects in our inboxes. A spam filter is a piece of software that is designed to help weed out spam from legitimate emails.
Messages noted as being spam are relegated to a specific folder of the email account. Limiting or even eliminating spam from reaching the inbox is an important consideration in today’s world with the increasing prevalence of threats like phishing emails and virus-laden attachments.
Protocol Analyzers: A protocol analyzer can be a physical tool, or a piece of software. It’s used for many different reasons in a business network, including troubleshooting problems, detecting malware, identifying traffic patterns, working with an IDS, analyzing network traffic and more.
What to Know about NIDS and NIPS for the Security+ Exam
In the world of information security, NIDS stands for network intrusion detection system, and NIPS stands for network intrusion protection system. These are not single items, but rather collections of different software and hardware that allow the detection and prevention of unauthorized intrusion into the network.
In some cases, these two system types can be combined into a single solution called an IPDS, or intrusion prevention and detection system. A NIDS is only capable of detecting intrusion. It cannot do anything about the intruder. An intrusion detection system may operate based on knowledge (a signature-based system where activities are compared to the signatures of known attack types) or behavior (normal or anomalous activity).
Likewise, a NIPS is needed to stop an attack. It might do this in one or a combination of different ways, including blocking an IP address (or addresses), changing firewall settings, or eliminating particular data packets.
A NIDS will constantly monitor the network for suspicious activity based on traffic patterns, queries, event logs and other means, and then alert the system administrator(s) if an intrusion is detected. In many of these instances, the NIDS will classify activity as either normal, or an anomaly. Anomalous activity will be reported or acted on. In a combined IPDS, the system will automatically take a prescribed action when an intrusion is detected.
What UTM Security Appliances to Know for the Security+ Exam
UTM, or unified threat management, security appliances are important tools for safeguarding a business’ network. There are several different appliances you’ll need to understand for the Security+ exam, including the following:
URL Filter: URL filtering is an important solution for organizations to prevent access to potentially harmful (or unwanted) websites. It is used for a couple of different reasons. For instance, it ensures that users are unable to access unauthorized websites, such as social networks, and thus boost productivity.
However, it can also be used to prevent data loss, lack of compliance with regulations and potential security threats. Filtering can be done in a couple of different ways. For instance, you can create URL profiles that specifies a particular action for each category of URL, or a URL category can be added to match criteria to block only specific types of URLs.
This allows the blocking of known malware sites, as well as those known for credential phishing. Controls can be tailored to specific requirements, and full threat inspections can be performed in situations where it would otherwise be impossible.
Content Inspection: Content inspections are important solutions for increasing security within a network. Essentially, as data passes an inspection point, it is inspected for a wide variety of threats, including viruses and malware, specific patterns that might indicate sensitive data is being transmitted.
You’ll find this solution used in situations where compliance with regulations is of paramount importance, including HIPAA compliance, PPI, and PCI. Through the introduction of content inspection, automated data loss prevention solutions can also be implemented to encrypt sensitive information and protect it against unauthorized access or interception.
Malware Inspection: In the course of normal business responsibilities, and often through personal use of company workstations to access social media or other sites, content is downloaded from the Internet. Some of this content may contain threats, such as viruses and malware.
Malware scanning is a technique used to filter data based on specific rules. Note that this inspection technique only works with HTTP protocol data. All such data is inspected no matter what type of HTTP header is being used. If malware is found in a file, cleaning may be attempted.
However, this is sometimes not possible. In that case, the file will be deleted (along with the malware), and replaced with a text file notifying the system administrator (or the user in some instances) that the file could not be repaired.
Understanding the Difference between Web Application Firewalls and Network Firewalls
Firewalls have become ubiquitous today. There’s not a home PC or corporate workstation that should be in operation without a firewall being in place. However, there are multiple types of firewalls, as mentioned previously. Two of the types you’ll need to understand when preparing for the Security+ exam are web application firewalls and network firewalls.
Web Application Firewalls: Web application firewalls are very different from network firewalls. These are dedicated to monitoring and controlling traffic to a specific web application (or applications in some instances). Think of them as application-specific proxy servers, if you will, allowing the inspection of HTTP data, as well as load balancing and SSL offloading.
Network Firewalls: Network firewalls are probably a more familiar security feature to most. These operate at the network level, and are designed to stand as a barrier between the network itself and unauthorized access from outside. Note that network firewalls do not provide much in the way of protection against threats that arise within the network. They’re primarily designed to protect against outside threats.
Ready to Further Your Career?
The information above is only some of what you’ll need to know in order to pass the Security+ exam. If you’re ready to take the next step and further your career, our Security+ boot camp offers award-winning training and our students enjoy a 95% success rate.
The boot camp covers all six domains within the Strategy+ CBK, and covers five days of training with a one-on-one mentor. We also offer the chance to test your preparedness with practice tests, and gain crucial real-world experience with hands-on labs. If you’re ready to further your career, we invite you to learn more today.