Module Review: Security
In this module, we looked at how to protect the stack from the ground up:
- TLS/SSL Handshake: How asymmetric and symmetric cryptography work together to create secure, authenticated tunnels.
- Firewalls & IDS: The perimeter defense that filters packets and monitors for suspicious signatures.
- VPN & Tunneling: Encapsulating private data within public wrappers to enable secure remote access and branch office connectivity.
- DoS & DDoS: The mechanics of volumetric and exhaustion attacks, and the strategies for mitigating them at scale.
- Network Access Control: Managing identity at the port level using 802.1X and the “Never Trust, Always Verify” philosophy of Zero Trust.
1. Flashcards
What is the main difference between IDS and IPS?
An IDS (Intrusion Detection System) only monitors and alerts on suspicious traffic, whereas an IPS (Intrusion Prevention System) resides in-line and can actively block the traffic.
Which encryption type is used for the actual data transfer in a TLS session?
Symmetric Encryption (because it is much faster than asymmetric).
What does ESP (Encapsulating Security Payload) provide in an IPsec tunnel?
Encryption, data integrity, and authentication.
How does a SYN Flood attack work?
The attacker sends a flood of SYN requests but never sends the final ACK, causing the server's connection table to fill up with "half-open" connections.
What is the fundamental mantra of Zero Trust security?
Never Trust, Always Verify.
2. Cheat Sheet
| Concept | Description |
|---|---|
| TLS/SSL Handshake | Process of establishing a secure connection using asymmetric encryption to share a symmetric session key. |
| Firewalls | Network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules (Stateful vs Stateless). |
| IDS vs IPS | IDS detects and alerts on suspicious traffic; IPS detects and actively blocks it. |
| VPN | Creates a secure, encrypted “tunnel” between a device and a remote server. |
| IPsec | Suite of protocols for securing IP communications (AH for auth, ESP for encryption). |
| DoS/DDoS | Attempt to make a machine or network resource unavailable (Volumetric, Exhaustion, SYN Flood). |
| Network Access Control | Managing identity at the port level using 802.1X and Zero Trust (“Never Trust, Always Verify”). |
3. Quick Revision
- Asymmetric Encryption: Uses a public key to encrypt and a private key to decrypt. Slower, used for key exchange.
- Symmetric Encryption: Uses the same key to encrypt and decrypt. Faster, used for data transfer in a TLS session.
- Stateful Inspection: Firewalls that maintain a state table of active connections, allowing reply traffic automatically.
- DMZ (Demilitarized Zone): A physical or logical subnetwork that contains external-facing services to protect the internal network.
- Tunneling: Encapsulating one packet inside another (e.g., placing internal data inside an encrypted wrapper with public IPs).
- Zero Trust: Security model based on identity and continuous verification, rejecting the “Castle and Moat” approach.
4. Next Steps
Security is a continuous battle. In the next module, we move beyond physical hardware to the world of Cloud & SDN (Software Defined Networking), where the network is managed by code.
- Continue to the next module: Cloud & SDN
- Review terms in the Networks Glossary