Connect and Protect: Networks and Network Security
Course 3 of the Coursera Google Cybersecurity Professional Certification program is where we see some action—well, figuratively speaking, that is. The course starts with the basics of a network and the different devices that usually make one up. It also discusses the layers that data goes through when communicated over a network. From there, it covers network protocols (and there’s a good number of them) and the essential factors in network operations, types of network attacks and how these are carried out, and finally, ways on how organizations can strengthen defenses against network intrusions.
The specific modules for Connect and Protect: Networks and Network Security are:
- Module 1: Network architecture
- Module 2: Network operations
- Module 3: Secure against network intrusions
- Module 4: Security hardening
Key Concepts Learned and Skills Acquired
I think that for any of the Coursera cybersecurity courses, a fundamental part of them should be all about networks. In this regard, the Google Cybersecurity Certificate did not disappoint. I learned all about the elements of a network—the physical hardware that may also be replicated in a software-defined network, and the network communication layers both for the TCP/IP and OSI models. One thing that also stood out for me and is a learning that will be carried out over the next courses, is how security professionals should pay attention to network bandwidth and speed when observing data packets. This is because any irregularities that stand out could be indicative of attempts to attack the network.
The lessons on network protocols ran a bit long because not only are there multiple protocols for different information exchanges, but the widely-used ports for common protocols were also talked about. There were basic discussions on firewalls, VPNs, proxy servers, and wireless protocols as well. The lectures on Wi-Fi protocols provided more than just the fundamentals as it covered the development of wireless internet and the security implications with each version. Using wireless internet is something that is integrated into the daily life of most individuals and it was good to be reminded that not all Wi-Fi is created equal.
The last two modules of the Google Cybersecurity Program Course 3 touched on how network attacks are carried out, and how to harden your network against these attacks. This included a detailed look at common attack vectors, such as Distributed Denial of Service (DDoS) attacks and IP spoofing attacks. Additionally, the course emphasized best practices for network defense, like implementing multi-layered security controls and regularly monitoring network traffic for anomalies. These lessons emphasizedthe importance of proactive network security measures to prevent potential breaches.
Course Structure and Learning Materials
Course 3—Networks and Network Security utilized various learning methods. The main instructor for this course, the Chief Information Security Officer at Google Fiber, led the discussions in most topics through video. Additional readings to expound on the topic then followed as well as interactive exercises to visualize the lessons. For instance, there was an activity where we had to design a local area network, putting the various components (wireless access point, router, device, switch) where they should belong while also considering the server and firewalls. This was a very basic exercise but one that really let me think about how data travels in the network.
There were also the practice quizzes and end-of-module challenges, as well as more advanced activities usch as one that required me to evaluate the security practices of a fictional company and to identify where potential vulnerabilities could be found. There was a portfolio activity as well that involved creating a security incident report using the NIST Cybersecurity Framework as a guide. I appreciated how the exercises progressed from the easy (like matching network devices to their function), to the more advanced (like the activities I described above). This really allowed me to develop my observation and analytical skills as the course continued.
What I Found Most Interesting/Enjoyable
Among the most enjoyable discussions for me was the one on network intrusion tactics and how to defend against them. When data breaches and security attacks are reported, we often hear about DDOS attacks, botnets, and man-in-the-middle attacks as being the usual causes. It was exciting to have a clearer idea as to how these incidents actually start and progress. Another concept I found interesting was the fact that packet sniffing—capturing and observing packet data as it moves across a network, can be used by both security analysts (to monitor traffic for suspicious activity) and malicious actors (to read data not intended for them).
Getting to know the different defense techniques was also very enlightening. OS hardening practices such as patch updating, performing backups, strong password policies, etc., are things that a business organization should be doing at the minimum. Learning about network hardening strategies and tools like SIEM, IDS and IPS solutions was interesting as well. While these were not covered in great depth, it was continually emphasized that familiarity with these tools is a huge part of being a security analyst.
What I Found Most Challenging
Course 3 of Coursera’s Google Cybersecurity Certification was loaded with lessons and exercises relevant to networks and network security; that’s a good thing. But then again, for someone like me who has minimal knowledge on networks at the outset, it did give me a kind of information overload. I struggled trying to remember the protocol/port pairings and which of these used secure connections. At any rate, I realized that I don’t actually need to remember everything all at once and simply understand how networks work and what the important aspects are from a security perspective.
Another aspect of this course that I found challenging was learning to analyze network traffic using a network protocol analyzer (or packet sniffer) such as tcpdump. Here’s a sample tcpdump log output presented in a spreadsheet file for the activity:
The fact that the logs are color-coded to indicate which are normal network activity helped me follow along as to what happened and at what point the TCP connections started to fail. However, doing this, i.e. interpreting log output to identify a potential attack, outside of an exercise and without clear guidance would definitely be tough. The exercise was a good introduction to network traffic analysis but not something you can do without more experience and practice with actual live data.
In Their Words: Insights from a Google Professional
Here’s what Emmanuel, an offensive security engineer at Google, says about the type of skills one would need in network security:
“An entry-level cybersecurity analyst would look at using command lines, log parsing, and network traffic analysis in their everyday scope of work…With this network traffic analysis, there may be times where you need to figure out why is my Internet going slow? Why is traffic not being routed to the appropriate destination? What can I do to ensure that my network is up and running? Network traffic analysis is looking at networks across various applications and network layers and seeing what that traffic is doing, how we can secure that traffic, as well as identify any vulnerabilities and concerns. “
Google CyberSecurity Certification Course 3: Final Thoughts
Course 3 of the Google Cybersecurity Certification offered a comprehensive dive into network fundamentals and security measures that are crucial for any aspiring cybersecurity professional. Moving beyond the foundational knowledge covered in the first two courses, Connect and Protect: Networks and Network Security was a great way to kick off the hands-on portion of this Coursera cybersecurity program.
While I found certain topics challenging like interpreting network traffic logs, it was also inspiring to really take on the job of a network analyst, even for just a practice activity. Overall, the exercises plus the lessons were invaluable for providing me with a solid foundation in network security and developing my analytical skills. And the learning doesn’t stop here because the next course is just as exciting. Stick around for it.