Network Security
Common Network Threats
| Threat | Description |
|---|---|
| DoS/DDoS | Denial of Service / Distributed DoS — overwhelms a server with traffic to make it unavailable |
| MITM | Man-in-the-Middle — attacker intercepts communication between two parties |
| Phishing | Fraudulent emails/websites that trick users into revealing credentials |
| ARP Spoofing | Attacker sends fake ARP replies to associate their MAC with a legitimate IP |
| DNS Spoofing | Corrupting DNS cache to redirect users to malicious sites |
| SQL Injection | Injecting malicious SQL into web forms to access/manipulate databases |
| Port Scanning | Probing a host for open ports to find vulnerabilities |
| Packet Sniffing | Capturing network traffic to read unencrypted data |
| Ransomware | Malware that encrypts files and demands payment for decryption |
Firewalls
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predefined security rules.
| Firewall Type | Description | OSI Layer |
|---|---|---|
| Packet Filtering | Inspects packets based on IP, port, protocol. Simple and fast but limited. | Layer 3-4 |
| Stateful Inspection | Tracks connection state. Allows return traffic for established connections. | Layer 3-4 |
| Application Layer (WAF) | Inspects application-level traffic (HTTP, FTP). Can detect SQL injection, XSS. | Layer 7 |
| Next-Generation (NGFW) | Combines stateful inspection with deep packet inspection, IPS, and application awareness. | All layers |
IDS and IPS
- IDS (Intrusion Detection System): Monitors network traffic for suspicious activity and alerts administrators. Passive — detects but does not block.
- IPS (Intrusion Prevention System): Monitors and actively blocks suspicious traffic. Inline — sits in the traffic path and can drop packets.
- HIDS: Host-based IDS — monitors a single host
- NIDS: Network-based IDS — monitors network traffic
VPN - Virtual Private Network
A VPN creates an encrypted tunnel over a public network (Internet), allowing secure communication as if devices were on a private network.
- IPSec VPN: Operates at Layer 3. Encrypts IP packets. Used for site-to-site VPNs. Protocols: AH (Authentication Header), ESP (Encapsulating Security Payload).
- SSL/TLS VPN: Operates at Layer 4-7. Uses HTTPS. Easier to configure, works through firewalls. Used for remote access VPNs.
- OpenVPN: Open-source VPN using SSL/TLS. Highly configurable.
- WireGuard: Modern, fast, simple VPN protocol.
Encryption
| Type | Description | Examples | Use Case |
|---|---|---|---|
| Symmetric | Same key for encryption and decryption. Fast. | AES, DES, 3DES, RC4 | Bulk data encryption |
| Asymmetric | Public key encrypts, private key decrypts. Slower. | RSA, ECC, Diffie-Hellman | Key exchange, digital signatures |
| Hashing | One-way function. Cannot be reversed. | MD5, SHA-1, SHA-256, bcrypt | Password storage, integrity verification |
SSL/TLS Handshake
SSL/TLS secures HTTPS connections. The handshake establishes a secure session:
- ClientHello: Client sends supported TLS versions, cipher suites, and a random number.
- ServerHello: Server selects TLS version and cipher suite, sends its certificate and a random number.
- Certificate Verification: Client verifies the server's certificate against trusted CAs.
- Key Exchange: Client and server exchange keys (using asymmetric encryption) to establish a shared session key.
- Finished: Both sides send a "Finished" message encrypted with the session key. Secure communication begins.
Ready to Level Up Your Skills?
Explore 500+ free tutorials across 20+ languages and frameworks.