> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/google-cybersecurity-professional-cert/3.-connect-and-protect-networks-and-network-security/module-4/network-hardening/network-hardening-practices.md).

# Network hardening practices

#### ADHD-Friendly and Fun Notes on Network Hardening 🌐🛡️

***

#### **1. What is Network Hardening?**

* **Network hardening** = making your network super tough, like adding armor to protect it from bad guys (hackers).
* It's about securing **ports, access privileges**, and using **encryption** (making data unreadable to intruders).

***

#### **2. Regular Tasks (Like Brushing Your Teeth for Security)** 🦷✨

These are done **ALL the time** to keep things running smoothly:

* **Firewall Rules Maintenance**: Think of firewalls as gatekeepers. They decide who’s allowed in or out. You update their rules regularly.
* **Network Log Analysis**: Logs are like your network’s diary. You peek into it to see if anything weird happened (using cool tools like **SIEM**).
  * **SIEM** (Security Info & Event Management) gathers logs from everywhere and shows them on a **dashboard** (aka "single pane of glass").
  * SIEM tells you which problems are **urgent** and which ones can wait.
* **Patch Updates**: Like putting band-aids on vulnerabilities. Keep the network software updated so bad guys don’t find a way in!
* **Server Backups**: Copy everything just in case something bad happens. This way, you can restore the network like it never happened.

***

#### **3. One-Time Tasks (Do Once, Then Update As Needed)** 🔐💾

Set up these defenses once, but check them occasionally:

* **Port Filtering**: Think of it like closing windows you don’t need. Only keep the necessary ports open, and close everything else to stop intruders.
  * Example: If your network only needs port 80 (web traffic), block the rest.
* **Network Access Privileges**: Only give people access to what they **need**. No need to give the marketing team access to finance files.
  * You can use **network segmentation** to separate different departments (like dividing rooms in a house). That way, one department’s problem won’t affect everyone else.
  * **Restricted Zones**: Special areas in your network that need **extra** security—think of them like the vault where you keep the **most valuable treasures** (data).
* **Encryption**: It’s like turning your messages into a secret code. Anyone who tries to intercept the message won’t be able to read it.
  * Use the **latest encryption** standards, especially in those restricted zones where extra protection is needed.

***

#### **4. Key Tools for Network Hardening**

* **Firewall**: The bouncer at the club, deciding who gets in and who doesn’t.
* **SIEM Tool**: Your security dashboard showing all the action in real-time.
* **Encryption**: Turning your messages into uncrackable codes.

***

#### **5. The Big Takeaway** 💡

Knowing how to harden a network is key to being an awesome cybersecurity analyst. These regular and one-time tasks protect your network like armor, and mastering them will keep your career on track! 🔒
