Certified: The CISSP Prepcast

Welcome to The Bare Metal Cyber CISSP Prepcast. This series helps you prepare for the ISC squared CISSP exam with focused explanations and practical context.
In this episode, we will cover Network Architecture, specifically focusing on Local Area Networks, Wide Area Networks, and the Internet. These three layers of network connectivity form the backbone of digital communication. Whether you are deploying internal applications, connecting remote users, or securing global infrastructure, understanding the structure, functionality, and security implications of LANs, WANs, and the Internet is essential for effective cybersecurity management.
Let’s begin with the basics of network architecture. Network architecture refers to the design and arrangement of communication systems that allow data to be transmitted between computing devices. This includes hardware like switches and routers, software like network protocols and firewalls, and logical structures like addressing schemes, segmentation models, and security zones.
A well-architected network balances performance, scalability, and security. It ensures that devices can exchange information efficiently while preventing unauthorized access, preserving data integrity, and minimizing potential disruptions. Network architecture also defines how traffic is routed, how faults are detected and managed, and how different environments—such as a corporate office, a branch site, or a cloud service—can communicate securely.
Key components in this architecture include the Local Area Network, or L A N; the Wide Area Network, or W A N; and connectivity to the broader Internet. Each component has its own set of challenges, vulnerabilities, and best practices. As a future C I S S P, it is your responsibility to understand how these environments interact and how to apply security principles to protect them.
Let’s begin with Local Area Networks. A Local Area Network connects computers and devices within a relatively small area, such as an office, a department, or a building. LANs are typically characterized by high bandwidth, low latency, and centralized control.
Common technologies used in LANs include Ethernet cabling, wireless access points, switches, and local routers. Devices within the LAN may include desktop computers, printers, file servers, and Vo I P phones. The LAN is usually managed by the organization itself and is the foundation for most internal communication and application access.
LANs offer efficiency, but they also introduce risks. Unauthorized devices may connect to the network if port security is not enforced. Unsecured wireless access points may allow eavesdropping or man-in-the-middle attacks. Malware introduced through a single endpoint can propagate rapidly if segmentation is weak or monitoring is inadequate.
To secure the LAN, implement strong access control mechanisms. Use authentication protocols such as 8 0 2 point one X to require credentials before granting network access. Apply network segmentation to isolate sensitive departments or systems. Secure switch and router configurations, disable unused ports, and monitor for unauthorized changes.
Wireless LANs require additional precautions. Ensure that strong encryption—such as Wi-Fi Protected Access Three—is enabled. Change default access point credentials and broadcast names. Implement network access control systems that enforce security posture checks before allowing devices to join the LAN.
Regular monitoring is critical. Use network detection systems to identify anomalies, such as unexpected traffic patterns or unauthorized connections. Log access attempts and review network behavior routinely. Apply patches and firmware updates to all network equipment to mitigate known vulnerabilities.
Now let’s move to Wide Area Networks. A W A N connects multiple L A Ns over long distances. It may link branch offices, remote sites, or partner organizations to central headquarters. Unlike LANs, which are generally confined to a single building or campus, WANs span cities, regions, or even continents.
WANs can be built using leased lines, broadband connections, satellite links, or virtual private networks, often layered over the public Internet. Technologies such as Multiprotocol Label Switching—also known as M P L S—allow traffic to be prioritized and routed efficiently across carriers.
Security challenges in WAN environments include data interception during transit, misconfigured VPNs, insecure remote sites, and limited control over third-party infrastructure. To address these risks, start with encryption. All traffic across the WAN should be encrypted using secure tunneling protocols like IPsec or Transport Layer Security. VPN gateways must be hardened, kept up to date, and monitored for suspicious activity.
Authentication is also key. Remote users and branch sites must be authenticated using strong credentials or certificate-based mechanisms. Multi-factor authentication adds an additional layer of defense, especially when sensitive systems are accessible through the WAN.
Redundancy and failover planning are essential in wide-area environments. Use multiple communication paths, backup connections, and automatic rerouting mechanisms to maintain connectivity during outages or attacks. Monitor WAN traffic continuously for unusual patterns, route hijacking, or denial-of-service attempts.
For more cyber-related content and books, please visit cyberauthor dot me. You'll find best-selling books, training tools, and resources tailored specifically for cybersecurity professionals. You can also find additional study materials and episode guides at Bare Metal Cyber dot com.
Now let’s talk about the Internet. The Internet is a vast global network that connects millions of public and private systems. It provides unmatched accessibility and scalability—but it also introduces the greatest level of risk.
Internet exposure places systems within reach of malicious actors, automated bots, and scanning tools. It exposes web applications, email servers, APIs, and remote access services to constant probing and attack attempts. Organizations must assume that any Internet-facing system is under regular surveillance by adversaries.
Securing Internet-connected systems begins with defining the attack surface. This includes every public-facing I P address, open port, domain name, and service endpoint. Use firewall rules to restrict traffic to only what is absolutely necessary. Close unused ports. Block suspicious countries or known botnets using geofencing and threat intelligence feeds.
Use intrusion detection systems and intrusion prevention systems to monitor for and block known attack patterns. Deploy secure web gateways that filter web traffic for malware, inappropriate content, or data leakage. Use content delivery networks to absorb D D O S attacks and cache web content closer to users.
All data transmitted over the Internet must be encrypted using strong protocols. HTTPS with Transport Layer Security is essential for websites. Email servers should use S M T P Secure and Domain-based Message Authentication Reporting and Conformance. When sending or receiving data between systems, use secure file transfer protocols and digital signatures.
Vulnerability assessments and penetration tests should be conducted regularly to identify weaknesses in Internet-facing systems. Unpatched software, outdated frameworks, or misconfigured settings can be quickly discovered and exploited by automated tools. Address findings promptly and retest to confirm remediation.
Let’s now turn to continuous improvement. Network environments are dynamic. Devices are added, services are updated, users change roles, and attackers adapt their techniques. This means that network architecture and its associated security controls must be reviewed and improved regularly.
Begin with regular security assessments. Review access logs, intrusion alerts, and firewall configurations. Conduct internal and external scans. Evaluate how new technologies—such as cloud services or remote collaboration platforms—are impacting your architecture.
Incident analysis is another powerful tool. When a breach or near miss occurs, ask what the network design contributed to the situation. Was there a lack of segmentation? Was a device exposed unnecessarily to the Internet? Did the incident move laterally from one segment to another? Use those insights to revise your controls.
Cross-functional collaboration is essential. Security teams must work with network engineers, cloud architects, system administrators, and compliance officers. Network security cannot be siloed. It affects every department and every business function.
Provide regular training. Staff must know how to secure and manage LANs, WANs, and Internet services. They must understand the basics of network protocols, the principles of access control, and the importance of secure configurations. Refresher courses and hands-on labs help keep knowledge current and actionable.
Finally, be adaptive. As new threats emerge—such as zero-day exploits or novel attack vectors—your network defenses must evolve. Monitor threat intelligence feeds. Join industry working groups. Engage in tabletop exercises. Test your defenses continuously.
Thank you for tuning into the CISSP Prepcast by Bare Metal Cyber. Visit baremetalcyber.com for additional episodes, comprehensive CISSP study resources, and personalized certification support. Strengthen your understanding of Network Architecture, including LANs, WANs, and the Internet, and we’ll consistently support your journey toward CISSP certification success.