Firewalls &VPNs

Terms and concepts you should know

Paul Krzyzanowski

April 13, 2022

Network Address Translation

  • Network Address Translation (NAT)
  • Private IP addresses

Virtual Private Networks (VPNs)

  • Private line
  • Tunnel
  • Packet encapsulation
  • Virtual Private Network (VPN)
  • IPsec (Internet Protocol Security)
  • IP Authentication Header (AH)
Encapsulating Security Payload (ESP)
  • Tunnel mode
  • Transport mode

Transport-Layer Security (TLS)

  • Secure Socket Layer (SSL),
Transport Layer Security (TLS)
  • Zero round-trip time (0-RTT)
  • Sub-protocol-1: handshake
  • Sub-protocol-2: communicate
  • X.509 certificates
  • Diffie-Hellman key exchange
  • Common key
  • HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
  • Downgrade attacks

Firewalls

  • 1st generation firewall
  • Packet filter
  • Screening router
  • Border router (gateway router)
  • Access control list
  • Filter chain
  • Accept/Drop actions
  • Basic firewalling principle
  • Default allow
  • Default deny
  • Ingress vs. egress filtering
  • 2nd generation firewall
  • Stateful packet inspection (SPI)
  • Related traffic
  • Bastion host
  • Demilitarized Zone (DMZ)
  • Micro-segmentation
  • Deep packet inspection (DPI)
  • Deep Content Inspection (DCI)
  • Intrusion Detection System (IDS)
  • Intrusion Prevention System (IPS)
  • Protocol-based IDS
  • Signature-based IDS
  • Anomaly-based IDS
  • Application proxy
  • Dual-homed host
  • Deperimeterization
  • Zero-trust architecute (ZTA)
  • Host-based firewall (personal firewall)
Last modified January 17, 2024.
recycled pixels