🌐 Network Security
Protecting enterprise networks through firewalls, IDS/IPS, segmentation, DDoS protection, VPNs, and comprehensive monitoring strategies.
Overview
Network security encompasses the policies, practices, and technologies designed to protect the integrity, confidentiality, and availability of network infrastructure and data. It covers both perimeter defense (firewalls, DMZ) and internal protection (microsegmentation, NAC, east-west traffic monitoring). Modern network security integrates with SD-WAN, SASE, and zero trust architectures.
Key Concepts
Firewalls (NGFW)
Next-Gen Firewalls provide application-aware filtering, deep packet inspection, SSL decryption, IPS integration, and threat intelligence-driven blocking.
IDS / IPS
Intrusion Detection Systems monitor traffic for suspicious patterns. Intrusion Prevention Systems actively block threats. Signature-based and anomaly-based detection methods.
Network Segmentation
Dividing the network into zones (VLANs, subnets, microsegments) to limit lateral movement and contain breaches. Critical for compliance and zero trust.
DDoS Protection
Volumetric, protocol, and application-layer DDoS mitigation using scrubbing centers, rate limiting, CDNs, and anycast routing.
VPN & ZTNA
Secure remote access via IPsec/SSL VPNs transitioning to Zero Trust Network Access (ZTNA) solutions for identity-based access.
NAC (Network Access Control)
Enforces security policy compliance before allowing devices onto the network. Checks patches, antivirus, and posture compliance.
Network Defense Architecture
Defense-in-Depth Network Architecture
Multiple layers of security controls from perimeter to core
Common Risks & Threats
| Threat | Severity | Description |
|---|---|---|
| Man-in-the-Middle (MitM) | Critical | Intercepting communications between two parties to steal data or inject malicious content |
| DDoS Attacks | Critical | Overwhelming network resources to cause service disruption and outages |
| Lateral Movement | High | Attackers moving between systems within a flat network after initial compromise |
| DNS Attacks | High | DNS spoofing, tunneling, and hijacking to redirect or exfiltrate data |
| Rogue Devices | Medium | Unauthorized devices connecting to the network bypassing security controls |
Interview Preparation
What is the difference between IDS and IPS?
IDS (Intrusion Detection System) passively monitors network traffic and generates alerts for suspicious activity — it's a detective control placed out-of-band. IPS (Intrusion Prevention System) is placed inline and can actively block malicious traffic — it's a preventive control. IDS is lower risk (won't block legitimate traffic) but requires manual response. IPS provides real-time protection but can cause false-positive disruptions. Best practice is to use IPS inline with careful tuning.
Explain network segmentation and microsegmentation.
Network segmentation divides a network into separate zones using VLANs, subnets, and firewalls to limit blast radius and lateral movement. Microsegmentation takes this further — applying security policies at the individual workload or application level, often using software-defined networking (SDN). Example: in a segmented network, the database VLAN is separate from the web VLAN. With microsegmentation, each database server has its own policy controlling which specific applications can connect.
Framework Mapping
| Framework | Relevant Controls |
|---|---|
| NIST | SP 800-53 SC-7 (Boundary Protection), AC-4 (Info Flow), SI-4 (System Monitoring) |
| MITRE | T1040 (Network Sniffing), T1046 (Network Service Scan), T1498 (Network DoS) |
| ISO | A.13.1 (Network Security Mgmt), A.13.2 (Info Transfer), A.9.1 (Access Control Policy) |