100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

Network Security Fundamentals Cheat Sheet

Network Security Fundamentals Cheat Sheet

Covers core network security concepts including segmentation, defense-in-depth, common attack vectors, and essential hardening practices.

2 PagesBeginnerJan 25, 2026

Attacks by OSI Layer

Common attack types mapped to the layer they target.

  • Layer 2 (Data Link)- ARP spoofing, MAC flooding, VLAN hopping
  • Layer 3 (Network)- IP spoofing, ICMP flood, route poisoning
  • Layer 4 (Transport)- SYN flood, port scanning, session hijacking
  • Layer 7 (Application)- SQL injection, XSS, HTTP flood, DNS tunneling
  • Physical- Cable tapping, rogue device insertion, hardware keyloggers

Core Security Principles

Foundational concepts every network defender should apply.

  • Defense in depth- Layer multiple independent controls so no single failure exposes the network
  • Least privilege- Grant only the access required to perform a task, nothing more
  • Network segmentation- Split networks into zones (VLANs/subnets) to contain breaches
  • CIA triad- Confidentiality, Integrity, Availability — the three pillars of security
  • Zero trust- Never trust, always verify, regardless of network location
  • Attack surface reduction- Disable unused services, ports, and protocols

Basic Linux Network Hardening

Quick commands to inspect and reduce exposure on a Linux host.

bash
# List listening ports and owning processesss -tulnp# Show active connectionsss -tan state established# Disable IP forwarding (unless acting as a router)sysctl -w net.ipv4.ip_forward=0# Enable SYN cookies to mitigate SYN flood attackssysctl -w net.ipv4.tcp_syncookies=1# Check open ports from outside using nmapnmap -sS -p- 192.168.1.10

Key Network Controls

Common technologies used to secure network perimeters and traffic.

  • Firewall- Filters traffic by rules (IP, port, protocol, state)
  • IDS/IPS- Detects (IDS) or blocks (IPS) malicious traffic patterns
  • VPN- Encrypts traffic between endpoints over untrusted networks
  • NAC- Network Access Control enforces device compliance before granting access
  • DMZ- Isolated segment for public-facing services, separate from internal LAN
Pro Tip

Segment your network so that a compromised IoT or guest device can never reach management interfaces — put them on isolated VLANs with explicit deny-by-default rules between zones.

Was this cheat sheet helpful?

Explore Topics

#NetworkSecurityFundamentals#NetworkSecurityFundamentalsCheatSheet#Cybersecurity#Beginner#AttacksByOSILayer#CoreSecurityPrinciples#BasicLinuxNetworkHardening#KeyNetworkControls#Networking#Security#CheatSheet#SkillVeris