Network Security & Defense
OSI Model & TCP/IP Deep Dive Firewalls, IDS & IPS VPNs, Encryption & Secure Protocols Wireless Security Network Defense Strategies
Progress: 0%
Network Security & Defense

Firewalls, IDS & IPS

50 min

Firewalls

A firewall is a network security device that monitors and controls incoming/outgoing network traffic based on predetermined security rules. It creates a barrier between trusted internal networks and untrusted external networks.

FIREWALL EVOLUTION ────────────────────────────────────────────── Gen 1 Packet Filtering → Examine headers (IP, port) Stateless; easy to bypass Gen 2 Stateful Inspection → Track connection state (TCP 3-way handshake) Standard for most firewalls Gen 3 Application Layer → Inspect payload (layer 7) Understand HTTP, DNS, SMTP Gen 4 NGFW (Next-Gen) → IPS + App ID + User ID + SSL inspection + Threat Intelligence feeds Examples: Palo Alto, Fortinet, Check Point ──────────────────────────────────────────────

Demilitarized Zone (DMZ)

A DMZ is a perimeter network that separates the internal LAN from the external internet. Public-facing servers (web, email, DNS) are placed in the DMZ — accessible from outside but isolated from internal systems.

Intrusion Detection System (IDS)

Monitors network/system activity for malicious events and generates alerts (passive — detects but does not block).

  • NIDS (Network-based) — Monitors traffic on a network segment (e.g., Snort, Suricata)
  • HIDS (Host-based) — Monitors a specific device (e.g., OSSEC, Wazuh)
  • Signature-based — Matches known attack patterns (fast, but misses zero-days)
  • Anomaly-based — Detects deviations from baseline behavior (catches zero-days, more false positives)

Intrusion Prevention System (IPS)

An IPS goes further than IDS — it can actively block or drop malicious traffic in real-time. Inline deployment means all traffic passes through the IPS.

⚠️ IDS vs IPS

IDS = Burglar alarm (alerts you when someone breaks in)
IPS = Electric fence (stops the intruder at the perimeter)

SIEM — Security Information & Event Management

SIEM aggregates log data from across the entire IT infrastructure, correlates events, and generates alerts. Modern SIEMs use AI/ML for threat detection.

  • Products: Splunk, IBM QRadar, Microsoft Sentinel, ELK Stack
  • Key function: Centralized logging + real-time analysis + compliance reporting
Previous
Login to Track Progress Next