–– Meeting 8 —

Network Security

WELCOME!

Attendance

Updates

Opportunities

Elections (11/19)

• Let us know if you have questions about roles

CTF Opportunities

Buckeye CTF - Nov. 7-9th

• Registration link in 10/8 email

Bearcat CTF - Spring

State-wide CTF - Spring

​

Industry Events

Ross Flynn (CrowdStrike) - 11/5

• OSINT Presentation

ISSA Speed Networking - 11/12

• Network with cyber professionals
• Jersey Mike’s catering
• 10 professionals so far
• Network architects
• SOC analysts
• GRC
• DFIR
• And more

​

Agenda

• What is Network Security?
• Core Concepts & Components
• Common Threats & Attack Vectors
• Security Tools & Defenses
• Myths vs. Reality
• Directory Traversal
• Inspect Element
• Modern Trends

​

​

What is Network Security?

Definition: Protecting data and resources during transmission across networks.

Goal: Ensure Confidentiality, Integrity, and Availability (CIA Triad).

Scope: From home Wifi to enterprise and cloud networks.

The CIA Triad

• Confidentiality: Prevent unauthorized access (encryption, VPNS).
• Integrity: Ensure data isn’t altered (hashing, checksums).
• Availability: Keeps services accessible (firewalls, redundancy, DDOS protection).

Key Network Security Components

• Firewalls
• Control traffic based on rules.
• Intrusion Detection/Prevention Systems (IDS/IPS)
• Detect and stop attacks.
• VPNs
• Encrypt communications.
• Network Access Control (NAC)
• Authenticate devices and users.
• Segmentation & VLANs
• Limit lateral movement.

Common Threats

• Malware & Ransomware
• Phishing & Social Engineering
• Man-in-the-Middle (MitM) Attacks
• Denial of Service (Dos/DDoS)
• Insider Threats
• Zero-Day Exploits

Anatomy of a Network Attack

• Reconnaissance
• Scanning for vulnerabilities
• Exploitation
• Using found weaknesses
• Escalation
• Gaining higher privileges
• Lateral Movement
• Spreading within the network
• Exfiltration
• Stealing or encrypting data

​

Network Security Tools

• Wireshark
• Packet analysis
• Nmap
• Network scanning & discovery
• Snort / Suricata
• Intrusion detection
• pfSense / Cisco ASA
• Firewalls
• Metasploit
• Penetration testing

Network Security Myths

Myth:

“My network is too small to target.”

“Firewalls are enough”

“Internal traffic is safe”

“Strong passwords solve everything”

Reality:

Automated attacks target everyone

Layered defense is essential

Insider and lateral threats exist

Passwords alone are not enough – MFA matters

Zero Trust Architecture

• “Never trust, always verify”

​

• Continuous authentication & authorization

​

• Micro-segmentation & least privilege

​

• Essential for remote and hybrid environments

Directory Traversal

Definition:

• A web vulnerability that allows attackers to access files or directories outside the intended folder
• Example: using ../ in a URL to reach sensitive files (e.g., /etc/passwd).

Goal:

• Prevent unauthorized access to server data

Inspect Element

Definition:

• A browser tool used to view and modify a website’s HTML. CSS. and JavaScript in real time.
• Helpful for security testing and understanding how web pages load resources.

Goal:

• Identify exposed information or silent-side vulnerabilities.

Emerging Trends

• AI in Network Defense - Automated anomaly detection
• Quantum-safe Encryption - Preparing for post-quantum threats
• IoT & 5G Security - Expanding the attack surface

Web Exploitation Time

Your Website is the most obvious target

Your website is the most public front facing part of your network. If your not careful it can also be the entry point.

🏕️ Hackett’s Quarry Summer Camp: Counselor… or Hacker?

You didn’t land that fancy summer internship — so instead, you’ve found yourself at Hackett’s Quarry Summer Camp, the next best thing.

The pay’s fine, the lake’s nice… but being stuck miles from town with no Wi-Fi, spotty cell service, and way too many mosquitoes isn’t exactly your dream summer.

While trying to pass the time, you stumble across the camp’s old, clunky website. It looks like it hasn’t been updated since dial-up.

Naturally, you start poking around — and before long, you realize it’s way more insecure than it looks.

You try to warn the Camp Director, but he doesn’t believe you.

So, it’s up to you to prove just how vulnerable this system really is.

If you can dig deep enough and uncover what’s hidden under the surface, maybe you’ll earn your ticket out of the bug bites and sunburn.

There’s just one catch —

the campers arrive in a few hour and the clock is ticking. 🕒

​

Your Information

Your fellow counselor Ryan has been at Hackett’s Quarry for years — great with campers, terrible with passwords.Pinned to the staff board is a bright yellow sticky note…and, of course, it has the generic counselor login written on it. 🙄

​

​

​

Then there’s Travis Hackett — the county sheriff who somehow got stuck managing the camp’s website. He’s not exactly thrilled about it, and let’s just say his “modern tech skills” are a bit… vintage. Still, his admin account “Travis” might just hold the good stuff. 🔐

​