Network Security

This section explains the language of network defense: firewalls, segmentation, VPNs, traffic inspection, trust zones, and secure access patterns.

Use it when the term is about controlling or protecting network communication. It is especially useful for security engineers, cloud teams, IT administrators, and anyone trying to decide where a control belongs in the traffic path.

Start Here

• Firewall
• Network Segmentation
• Network Access Control
• Zero Trust Network Access
• Network Telemetry

Control Connectivity And Exposure

• Firewall
• Allowlist
• Denylist
• Egress Filtering
• Network Segmentation
• Microsegmentation
• Demilitarized Zone
• East-West Traffic

Admit Devices And Users Safely

• Network Access Control
• Virtual Private Network
• Zero Trust Network Access
• Bastion Host
• SSH

Inspect And Investigate Traffic

• Intrusion Detection System
• Intrusion Prevention System
• Deep Packet Inspection
• Full Packet Capture
• Network Telemetry

Protect External Entry Points

• Web Application Firewall
• TLS
• DNS Filtering
• Domain Name System Security Extensions
• Email Security
• Email Authentication
• Man-in-the-Middle Attack

Related Foundations

Network terms connect back to Attack Surface, Defense in Depth, TLS, and Multi-Factor Authentication because network security is strongest when identity, transport protection, and traffic controls reinforce each other.

Choose The Right Access-And-Enforcement Path

If the question is about deciding where to enforce trust on the network, use this route:

1. Firewall
2. Allowlist
3. Denylist
4. Network Access Control
5. Zero Trust Network Access

Observe And Investigate Traffic

If the question is about seeing suspicious behavior and deciding how much detail to collect, use this route:

1. Network Telemetry
2. Intrusion Detection System
3. Intrusion Prevention System
4. Deep Packet Inspection
5. Full Packet Capture

In this section

• Bastion Host Access
  A bastion host is a specially hardened system used as a controlled access point into sensitive environments.
• Deep Packet Inspection (DPI)
  Deep packet inspection examines packet contents and metadata more closely than basic header-based traffic filtering.
• Demilitarized Zone
  A demilitarized zone is a network area used to place externally reachable services away from more sensitive internal systems.
• DNS Filtering for Domain Blocking
  DNS filtering controls domain resolution so users and systems are blocked from reaching risky destinations.
• DNSSEC for DNS Integrity
  DNSSEC adds authenticity and integrity checks to DNS data so resolvers can detect tampering or spoofing.
• East-West Traffic Flows
  East-west traffic is network communication between internal systems, services, or workloads rather than traffic crossing into or out of the environment.
• Egress Filtering Controls
  Egress filtering is the network-control practice of restricting which outbound connections internal systems or workloads are allowed to make.
• Email Authentication for Sender Trust
  Controls that help mail systems verify whether a message came from an authorized sender.
• Email Security Controls and Defenses
  Controls that protect email systems, users, and workflows from fraud, malware, and data exposure.
• Full Packet Capture (FPC)
  Full packet capture is the recording of complete network packets so teams can inspect the contents and context of network communication in detail.
• Intrusion Detection System (IDS)
  Monitors traffic or activity for suspicious patterns and generates alerts without necessarily blocking the activity.
• Intrusion Prevention System (IPS)
  Inspects traffic for suspicious patterns and can automatically block activity that matches prevention logic.
• Man-in-the-Middle Attacks (MITM)
  Interception attack where an attacker sits between parties to observe, alter, or relay traffic.
• Network Access Control
  Network access control decides whether a user or device can join a network and what level of access it receives based on identity, posture, or policy.
• Network Firewall
  A firewall is a security control that filters network traffic based on defined rules so unauthorized or unnecessary communication can be limited.
• Network Microsegmentation
  Microsegmentation applies very granular traffic controls between workloads or services so access is limited to specific allowed communications.
• Network Segmentation Strategy
  Network segmentation divides networks into smaller zones so traffic can be controlled more tightly and security incidents are easier to contain.
• Network Telemetry Data
  Network telemetry is the operational data that describes network activity, health, communication patterns, and security-relevant traffic behavior.
• Secure Shell (SSH)
  SSH, or Secure Shell, is a protocol used to securely administer remote systems and move command-line traffic over an encrypted connection.
• Security Allowlist
  An allowlist permits only explicitly approved users, devices, applications, addresses, or destinations and blocks everything else by default.
• Security Denylist
  A denylist blocks specified users, files, addresses, domains, or other items while leaving other activity permitted by default.
• Virtual Private Network (VPN)
  Creates protected connectivity between devices or networks over a less trusted path such as the public internet.
• Web Application Firewall
  A web application firewall inspects HTTP and HTTPS requests to help detect or block suspicious web traffic before it reaches an application.
• Zero Trust Network Access (ZTNA)
  Provides narrower, identity-aware access to applications without assuming network location alone should grant trust.