Network Security Fundamentals Cheat Sheet
Covers core network security concepts including segmentation, defense-in-depth, common attack vectors, and essential hardening practices.
2 PagesBeginnerJan 25, 2026
Attacks by OSI Layer
Common attack types mapped to the layer they target.
- Layer 2 (Data Link)- ARP spoofing, MAC flooding, VLAN hopping
- Layer 3 (Network)- IP spoofing, ICMP flood, route poisoning
- Layer 4 (Transport)- SYN flood, port scanning, session hijacking
- Layer 7 (Application)- SQL injection, XSS, HTTP flood, DNS tunneling
- Physical- Cable tapping, rogue device insertion, hardware keyloggers
Core Security Principles
Foundational concepts every network defender should apply.
- Defense in depth- Layer multiple independent controls so no single failure exposes the network
- Least privilege- Grant only the access required to perform a task, nothing more
- Network segmentation- Split networks into zones (VLANs/subnets) to contain breaches
- CIA triad- Confidentiality, Integrity, Availability — the three pillars of security
- Zero trust- Never trust, always verify, regardless of network location
- Attack surface reduction- Disable unused services, ports, and protocols
Basic Linux Network Hardening
Quick commands to inspect and reduce exposure on a Linux host.
bash
# List listening ports and owning processesss -tulnp# Show active connectionsss -tan state established# Disable IP forwarding (unless acting as a router)sysctl -w net.ipv4.ip_forward=0# Enable SYN cookies to mitigate SYN flood attackssysctl -w net.ipv4.tcp_syncookies=1# Check open ports from outside using nmapnmap -sS -p- 192.168.1.10
Key Network Controls
Common technologies used to secure network perimeters and traffic.
- Firewall- Filters traffic by rules (IP, port, protocol, state)
- IDS/IPS- Detects (IDS) or blocks (IPS) malicious traffic patterns
- VPN- Encrypts traffic between endpoints over untrusted networks
- NAC- Network Access Control enforces device compliance before granting access
- DMZ- Isolated segment for public-facing services, separate from internal LAN
Pro Tip
Segment your network so that a compromised IoT or guest device can never reach management interfaces — put them on isolated VLANs with explicit deny-by-default rules between zones.
Was this cheat sheet helpful?
Explore Topics
#NetworkSecurityFundamentals#NetworkSecurityFundamentalsCheatSheet#Cybersecurity#Beginner#AttacksByOSILayer#CoreSecurityPrinciples#BasicLinuxNetworkHardening#KeyNetworkControls#Networking#Security#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech
Professional Web Designing Services
- Responsive Websites
- E-commerce Solutions
- SEO Friendly Design
- Fast & Secure
- Support & Maintenance