Quick review: Network Security – ISC2 CC

What you really need to know

Network security concerns the protection of traffic, devices and logical boundaries between systems. For ISC2 CC, you need to know the role of the main network controls and understand how they reduce risk.

Key concepts

• Firewall: filters traffic based on defined rules.
• IDS: detects suspicious activity and generates alerts.
• IPS: detects and can block potentially malicious traffic.
• VPN: protects communications by creating an encrypted tunnel.
• DMZ: a separated zone used to expose services to the Internet while reducing risk to the internal network.
• Segmentation: divides the network into logical areas to limit lateral movement.
• ACL: allows or denies traffic based on criteria such as IP address, port and protocol.
• Network monitoring: observes traffic, events and anomalies to detect suspicious behavior.

Differences not to confuse

Concept	Main function
Firewall	Filters traffic
IDS	Detects and alerts
IPS	Detects and blocks
VPN	Encrypts the connection
DMZ	Isolates exposed services
Segmentation	Limits lateral movement
ACL	Allows or denies traffic according to rules
Monitoring	Observes events and anomalies

Firewall

A firewall applies security rules to network traffic. It can allow or block communications based on IP addresses, ports, protocols or connection state. In a basic ISC2 CC context, you should remember that a firewall is a preventive control: it helps reduce the likelihood that unauthorized traffic reaches internal systems or sensitive services.

IDS and IPS

An IDS, Intrusion Detection System, detects suspicious activity and generates alerts. It does not necessarily block traffic.

An IPS, Intrusion Prevention System, can detect and block suspicious or malicious traffic.

The key difference is:

• IDS = detects and reports;
• IPS = detects and intervenes.

VPN

A VPN creates an encrypted tunnel between two communication endpoints. It is useful for remote access, site-to-site connections and protecting traffic over untrusted networks. However, a VPN does not automatically make everything secure: strong authentication, access control, patching, firewalls and monitoring are still required.

DMZ

A DMZ is a separate network zone where services exposed to the Internet are placed, such as web servers or public portals. The goal is to prevent an exposed system from being placed directly inside the more sensitive internal network.

Network segmentation

Segmentation divides the network into logical or physical areas. It is used to limit lateral movement, reduce the impact of a compromise and apply different controls to zones with different risk levels.

Common quiz mistakes

• Confusing IDS and IPS.
• Thinking that a VPN replaces firewalls and authentication.
• Confusing firewalls and antivirus software.
• Forgetting that segmentation is useful even after a compromise.
• Thinking that a DMZ is a completely secure network.
• Considering monitoring useless if a firewall already exists.

Mini exam scenario

An organization needs to publish a web server accessible from the Internet, but wants to avoid placing the server directly in the internal network. The most appropriate solution is to place it in a DMZ, applying firewall rules between the Internet, the DMZ and the internal network.

Mini checklist before the quiz

Before starting the quiz, you should be able to explain:

• the difference between IDS and IPS;
• why a DMZ is used;
• what a VPN is used for;
• why segmentation reduces the impact of an attack;
• what a firewall does;
• why network monitoring is important;
• why no single control is enough on its own.