Hardening your network means reducing its attack surface and securing its services. In this episode, we look at three high-priority hardening practices: securing SNMP, managing router advertisements, and implementing port security. You’ll learn how to disable or reconfigure SNMPv1/v2 in favor of SNMPv3, ensuring encrypted and authenticated device monitoring. Misconfigured SNMP can expose internal IP structures and community strings to attackers, so locking it down is critical.

We also cover rogue router advertisements that can redirect traffic or disrupt IPv6 networks. Using tools like RA Guard helps control these threats. Finally, we revisit port security at the switch level, limiting MAC addresses and monitoring for violations. This episode gives you actionable configurations that prevent unauthorized access, reduce visibility to attackers, and tighten your network’s defensive perimeter.

Security doesn’t stop at the firewall—physical access and social manipulation play a major role in network compromise. In this episode, we explore phishing in its many forms, including spear phishing, whaling, and smishing (SMS-based phishing). You’ll learn how attackers use psychological manipulation and trust to trick users into revealing credentials, clicking malicious links, or running unsafe software. We break down email indicators, user training techniques, and technical defenses like SPF, DKIM, and DMARC.

We also discuss physical threats such as tailgating, unauthorized badge access, and exposed server rooms. Security must include badge readers, mantraps, visitor logs, and camera systems to prevent intruders from walking into sensitive areas. This episode reinforces the idea that true cybersecurity includes awareness, training, and environmental controls—not just software and firewalls.

Some of the most dangerous network threats don’t rely on malware—they rely on deception. In this episode, we explore IP spoofing, a method where attackers forge source IP addresses to disguise their origin or impersonate trusted devices. You’ll learn how spoofed packets can bypass access controls, flood systems, or launch man-in-the-middle and amplification attacks. We also examine deauthentication attacks, which disrupt wireless connections by tricking clients into disconnecting from access points, making them vulnerable to interception.

We then shift focus to social engineering tactics—attacks that manipulate people rather than systems. These include pretexting, baiting, impersonation, and tailgating. Social engineering bypasses technical defenses by targeting the human element, often as a precursor to larger attacks. This episode ties technical and psychological attack strategies together, helping you recognize the signs and reinforce both your infrastructure and your users against manipulation.

Malicious software remains one of the most common and destructive threats to networks and users alike. In this episode, we examine different types of malware, focusing on ransomware, spyware, and trojans—each with unique goals and attack vectors. You’ll learn how ransomware encrypts data and demands payment, often targeting entire organizations with devastating speed. We also cover how malicious payloads are delivered, from phishing emails to drive-by downloads, and how endpoint protection systems attempt to detect and contain these threats.

In addition, we explore password-related attacks such as brute force, dictionary attacks, credential stuffing, and keylogging. These methods exploit weak authentication practices and can lead to unauthorized access, data breaches, and privilege escalation. The episode concludes with prevention strategies including password complexity policies, account lockouts, MFA, and user awareness training. Understanding these threats and how to defend against them is essential for maintaining both personal and enterprise network security.

When devices pretend to be something they’re not, serious security problems can follow. This episode focuses on spoofing attacks—specifically ARP spoofing and MAC address spoofing—that allow attackers to intercept or redirect traffic within a local network. You’ll learn how ARP spoofing poisons the ARP table of nearby devices to reroute traffic through a malicious host. We also explain MAC spoofing, where attackers change their device's MAC address to impersonate a trusted device or bypass access controls.

The episode then addresses rogue devices, such as unauthorized wireless access points, DHCP servers, or other unvetted hardware added to the network. You’ll learn how to detect these threats using scanning tools, logs, and port security features, and how to respond with monitoring and isolation. These tactics are among the most common used in internal breaches, and this episode prepares you to stop them in their tracks.

VLANs offer segmentation—but they’re not invulnerable. In this episode, we look at how attackers can bypass VLAN boundaries using VLAN hopping techniques like double-tagging and switch spoofing. You’ll learn how misconfigured trunk ports, native VLANs, and default switch behaviors create opportunities for unauthorized access between VLANs.

We also explore other Layer 2 vulnerabilities, including MAC flooding and CAM table exhaustion, which can disrupt switch behavior or enable packet sniffing. The episode includes hardening tips like disabling unused ports, setting the native VLAN to an unused ID, and restricting VLAN access to known interfaces. This is essential material for defending against internal threats and securing your switch infrastructure.

On-path attacks, formerly known as man-in-the-middle attacks, are some of the most dangerous network threats. In this episode, we explain how attackers insert themselves into the communication path between devices to intercept, modify, or impersonate data. You’ll learn about ARP spoofing, rogue gateways, and SSL stripping—each with their own vector and risk level. These attacks are difficult to detect and often used in credential theft or session hijacking.

We also cover DNS poisoning (or cache poisoning), which manipulates DNS resolution to redirect users to malicious servers. We discuss how attackers poison recursive resolvers and how DNSSEC (Domain Name System Security Extensions) helps prevent these types of attacks. This episode prepares you to identify, prevent, and respond to one of the most subtle yet devastating types of network compromise.

Denial-of-Service attacks aim to disrupt services by overwhelming a system’s resources—and understanding how they work is key to protecting against them. This episode covers the types of DoS attacks, including protocol, volumetric, and application-layer variants. We then examine how Distributed DoS (DDoS) attacks scale the damage by launching traffic from multiple compromised systems, often part of a botnet.

You’ll also learn about common symptoms, such as service unavailability, bandwidth saturation, and abnormal traffic patterns. We discuss mitigation strategies such as rate limiting, geo-blocking, traffic scrubbing, and use of third-party DDoS protection services. These attacks are common and often high-profile, so knowing how to defend against them is critical for maintaining availability and earning your Network Plus certification.

Every security decision is about balancing risk, and in this episode, we dive into how organizations identify, measure, and manage those risks. You’ll learn the components of a risk management framework, including risk identification, assessment, mitigation, and ongoing monitoring. We explain the difference between qualitative and quantitative assessments and how they guide policy decisions, investment, and mitigation efforts.

We also cover security assessment tools such as vulnerability scanners and penetration testing, as well as how SIEM (Security Information and Event Management) platforms aggregate logs, detect anomalies, and trigger alerts. A strong risk management and assessment program ensures that network security isn't just reactive—it’s proactive and well-documented. This episode gives you the language and logic to speak confidently about organizational security posture.

802.1X is the gatekeeper of modern enterprise networks, ensuring only authenticated users and devices can connect. This episode explains how 802.1X works as a port-based network access control mechanism, acting as the foundation for many secure wireless and wired deployments. You’ll learn about the three roles in 802.1X: the supplicant (client), the authenticator (switch or access point), and the authentication server (typically RADIUS).

We also dive into the Extensible Authentication Protocol (EAP), which provides flexibility by supporting various authentication methods such as EAP-TLS (certificate-based), EAP-PEAP (password-based), and EAP-TTLS. This episode is essential for understanding how network security extends all the way to the edge, particularly in BYOD and guest access scenarios. It’s a must-know topic for both the exam and real-world configuration.