Network Security Firewall, VPN, SSL/TLS: Tutorial, Examples, FAQs & Interview Tips

Threat	Description
DoS/DDoS	Denial of Service / Distributed DoS - overwhelms a server with traffic to make it unavailable
MITM	Man-in-the-Middle - attacker intercepts communication between two parties
Phishing	Fraudulent emails/websites that trick users into revealing credentials
ARP Spoofing	Attacker sends fake ARP replies to associate their MAC with a legitimate IP
DNS Spoofing	Corrupting DNS cache to redirect users to malicious sites
SQL Injection	Injecting malicious SQL into web forms to access/manipulate databases
Port Scanning	Probing a host for open ports to find vulnerabilities
Packet Sniffing	Capturing network traffic to read unencrypted data
Ransomware	Malware that encrypts files and demands payment for decryption

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predefined security rules.

Firewall Type	Description	OSI Layer
Packet Filtering	Inspects packets based on IP, port, protocol. Simple and fast but limited.	Layer 3-4
Stateful Inspection	Tracks connection state. Allows return traffic for established connections.	Layer 3-4
Application Layer (WAF)	Inspects application-level traffic (HTTP, FTP). Can detect SQL injection, XSS.	Layer 7
Next-Generation (NGFW)	Combines stateful inspection with deep packet inspection, IPS, and application awareness.	All layers

IDS (Intrusion Detection System): Monitors network traffic for suspicious activity and alerts administrators. Passive - detects but does not block.
IPS (Intrusion Prevention System): Monitors and actively blocks suspicious traffic. Inline - sits in the traffic path and can drop packets.
HIDS: Host-based IDS - monitors a single host
NIDS: Network-based IDS - monitors network traffic

A VPN creates an encrypted tunnel over a public network (Internet), allowing secure communication as if devices were on a private network.

IPSec VPN: Operates at Layer 3. Encrypts IP packets. Used for site-to-site VPNs. Protocols: AH (Authentication Header), ESP (Encapsulating Security Payload).
SSL/TLS VPN: Operates at Layer 4-7. Uses HTTPS. Easier to configure, works through firewalls. Used for remote access VPNs.
OpenVPN: Open-source VPN using SSL/TLS. Highly configurable.
WireGuard: Modern, fast, simple VPN protocol.

Type	Description	Examples	Use Case
Symmetric	Same key for encryption and decryption. Fast.	AES, DES, 3DES, RC4	Bulk data encryption
Asymmetric	Public key encrypts, private key decrypts. Slower.	RSA, ECC, Diffie-Hellman	Key exchange, digital signatures
Hashing	One-way function. Cannot be reversed.	MD5, SHA-1, SHA-256, bcrypt	Password storage, integrity verification

SSL/TLS secures HTTPS connections. The handshake establishes a secure session:

ClientHello: Client sends supported TLS versions, cipher suites, and a random number.
ServerHello: Server selects TLS version and cipher suite, sends its certificate and a random number.
Certificate Verification: Client verifies the server's certificate against trusted CAs.
Key Exchange: Client and server exchange keys (using asymmetric encryption) to establish a shared session key.
Finished: Both sides send a "Finished" message encrypted with the session key. Secure communication begins.

Ready to Level Up Your Skills?