Module Review

In this module, we looked at how to protect the stack from the ground up:

  1. TLS/SSL Handshake: How asymmetric and symmetric cryptography work together to create secure, authenticated tunnels.
  2. Firewalls & IDS: The perimeter defense that filters packets and monitors for suspicious signatures.
  3. VPN & Tunneling: Encapsulating private data within public wrappers to enable secure remote access and branch office connectivity.
  4. DoS & DDoS: The mechanics of volumetric and exhaustion attacks, and the strategies for mitigating them at scale.
  5. Network Access Control: Managing identity at the port level using 802.1X and the “Never Trust, Always Verify” philosophy of Zero Trust.

1. Flash Quiz

1. What is the main difference between IDS and IPS?

  • An IDS (Intrusion Detection System) only monitors and alerts on suspicious traffic, whereas an IPS (Intrusion Prevention System) resides in-line and can actively block the traffic.

2. Which encryption type is used for the actual data transfer in a TLS session?

  • Symmetric Encryption (because it is much faster than asymmetric).

3. What does ESP (Encapsulating Security Payload) provide in an IPsec tunnel?

  • Encryption, data integrity, and authentication.

4. How does a SYN Flood attack work?

  • The attacker sends a flood of SYN requests but never sends the final ACK, causing the server’s connection table to fill up with “half-open” connections.

5. What is the fundamental mantra of Zero Trust security?

  • Never Trust, Always Verify.

2. What’s Next?

Security is a continuous battle. In the next module, we move beyond physical hardware to the world of Cloud & SDN (Software Defined Networking), where the network is managed by code.