====== Network Security (NetSec) ======

===== General tips =====
  * Use VLANs for segmenting the network (guests, file servers, IoT devices)
  * Use separate WLAN SSIDs for guests
  * use 802.1x/RADIUS

===== see also =====
  * in this wiki:
    * [[..:network:|Network]]
    * [[:hacking:|Hacking]]
    * [[..:security:start|Security (Admin)]]
    * [[:guide:opsec|Operational Security]]
    * [[:guide:privacy|Privacy]]
    * [[:de:guide:windows:security|🇩🇪 Windows Security]]
  * Reddit:
    * [[https://reddit.com/r/netsec|r/netsec]]
    * [[https://www.reddit.com/r/AskNetsec|r/AskNetsec]]

===== network security roles =====

==== SOC (Security) Analyst ====
Typically tiered Jr./Sr. or by levels. They are typically SOC monkeys with differing levels of responsibility but they typically stare at a SIEM and close alerts.

==== Security Engineers ====
again typically tiered. This is the team that maintains the security tools. They fix the SIEM or Vulnerability Scanner etc. Thus role typically specializes into a specific tool set such as SIEM, AV, vuln scanners, etc.

==== SecOps Engineers ====
they build custom tools, build plug-ins or other automation tools.

==== Threat Intel ====
they either find their own threat information or correlate existing information into something relevant their soc team or management can use or understand.

====Penetration testers ====
also called a red team. They are the team that actively attacks a defended environment to find gaps, vulnerable systems or misconfigurations that automated tools miss.

==== Incident Responder ====
typically the team that manages or works security events that are escalated to breaches or incidents.

==== Compliance Team ====
typically deals with audits. And ensures that the technical security controls and configurations meet the applicable requirements for requirements.

==== Firewall and/or IDS/IPS Engineers ====
manage the firewall and or IDS/IPS rules and exceptions however this could be done by the network team too... Just depends on the organization.

==== Patch Management ====
could either be a security person or a good systems/application team. This person ensures all patches are applied based on their risk.

==== DLP Analysis ====
checks or verified DLP alerts to ensure the data being sent is a for a valid purpose and/or sent in a secure method.

==== Security Architect ====
designs organizational security architecture, selects products, reviews and recommends staffing skills, reviews and recommends policy. Obviously not many of these folks around, relative to the groups you identified, though.

==== End user education/communication/training ====