Network Security

Network security protects the infrastructure that connects systems, applications, and users. It encompasses hardware, software, policies, and practices designed to prevent unauthorised access, misuse, and attacks on network resources.

Defence in Depth

Defence in depth is a layered security strategy — if one control fails, another catches the attack:

┌─────────────────────────────────┐
│  Perimeter (Firewall, WAF)      │
│  ┌───────────────────────────┐  │
│  │  Network (IDS/IPS, Seg.)  │  │
│  │  ┌─────────────────────┐  │  │
│  │  │  Host (EDR, AV)     │  │  │
│  │  │  ┌───────────────┐  │  │  │
│  │  │  │  Application  │  │  │  │
│  │  │  │  ┌─────────┐  │  │  │  │
│  │  │  │  │  Data    │  │  │  │  │
│  │  │  │  └─────────┘  │  │  │  │
│  │  │  └───────────────┘  │  │  │
│  │  └─────────────────────┘  │  │
│  └───────────────────────────┘  │
└─────────────────────────────────┘

Firewalls

Firewalls filter traffic based on rules:

Types of Firewalls

Type	Description
Packet filter	Inspects individual packets (source/destination IP, port, protocol)
Stateful inspection	Tracks connection state — allows return traffic for established connections
Application layer (proxy)	Inspects application-layer content (HTTP, DNS, SMTP)
Next-Generation Firewall (NGFW)	Combines stateful inspection, deep packet inspection, IPS, and application awareness

Firewall Rules (Example)

#	Action	Source	Destination	Port	Protocol
1	Allow	10.0.0.0/24	Any	443	TCP
2	Allow	Any	10.0.1.5	80, 443	TCP
3	Allow	192.168.1.10	10.0.2.0/24	22	TCP
4	Deny	Any	Any	Any	Any

Tip: Always end firewall rules with a default deny rule. Only allow what is explicitly needed.

Intrusion Detection and Prevention Systems

IDS (Intrusion Detection System)

Monitors network traffic and alerts on suspicious activity:

Passive — detects and alerts but does not block
Placed on a span/mirror port to see all traffic

IPS (Intrusion Prevention System)

Actively blocks malicious traffic:

Inline — sits in the traffic path and can drop packets
Can block known attack signatures in real time

Detection Methods

Method	Description
Signature-based	Matches traffic against known attack patterns
Anomaly-based	Detects deviations from normal baseline behaviour
Heuristic	Uses rules and algorithms to identify suspicious behaviour

Popular Tools

Tool	Type	Notes
Snort	IDS/IPS	Open-source, signature-based
Suricata	IDS/IPS	Open-source, multi-threaded, supports Snort rules
Zeek (Bro)	Network Security Monitor	Focus on protocol analysis and logging

VPN (Virtual Private Network)

VPNs create encrypted tunnels for secure communication:

Network Security

Network Security

Defence in Depth

Firewalls

Types of Firewalls

Firewall Rules (Example)

Intrusion Detection and Prevention Systems

IDS (Intrusion Detection System)

IPS (Intrusion Prevention System)

Detection Methods

Popular Tools

VPN (Virtual Private Network)

VPN Types

More in Cybersecurity