Network Security Architecture
Network security architecture encompasses the design and implementation of controls at layers 1–4 to protect data in transit, limit lateral movement, and enforce access policy across the enterprise network.
In this section
| Page | What it covers |
|---|---|
| Physical & Layer 2 Security | Port security, MAC filtering, STP hardening, physical access controls |
| VLANs & PVLANs | VLAN design, trunk security, Private VLANs for host isolation |
| Layer 3 Attacks & Mitigation | IP spoofing, routing protocol attacks, uRPF, prefix filtering |
| Routers & Firewalls | On-premises and cloud firewall patterns, stateful inspection, ACLs |
| Macro, Micro & Identity Segmentation | Segmentation tiers and identity-based policy |
| Network vs Access Segmentation | Comparing network-layer and access-layer control models |
| Web & SMTP Proxy Security | Explicit and transparent proxies, TLS inspection, mail security |
| Layer 2 & 3 Benchmarks & Auditing | CIS benchmarks, network auditing tools and techniques |
| Securing SNMP & NTP | SNMPv3, NTP authentication, and management plane hardening |
| Bogon Filtering, Blackholes & Darknets | Bogon prefix lists, RTBH, darknet monitoring |