Network Address Translation

• Network Address Translation (NAT)
• Private IP addresses

Virtual Private Networks (VPNs)

• Private line
• Tunnel
• Packet encapsulation
• Virtual Private Network (VPN)
• IPsec (Internet Protocol Security)
• IP Authentication Header (AH)
• Encapsulating Security Payload (ESP)
• Tunnel mode
• Transport mode

Transport-Layer Security (TLS)

• Secure Socket Layer (SSL),
Transport Layer Security (TLS)
• Sub-protocol-1: handshake
• Sub-protocol-2: communicate
• X.509 certificates
• Diffie-Hellman key exchange
• Common key
• HMAC-based Key Derivation Function (HKDF)
• Downgrade attacks

Firewalls

• 1st generation firewall
• Packet filter
• Screening router
• Border router (gateway router)
• Access control list
• Filter chain
• Accept/Drop actions
• Basic firewalling principle
• Default allow
• Default deny
• Ingress vs. egress filtering
• 2nd generation firewall
• Stateful packet inspection (SPI)
• Related traffic
• Bastion host
• Demilitarized Zone (DMZ)
• Micro-segmentation
• Deep packet inspection (DPI)
• Deep Content Inspection (DCI)
• Intrusion Detection System (IDS)
• Intrusion Prevention System (IPS)
• Protocol-based IDS
• Signature-based IDS
• Anomaly-based IDS
• Application proxy
• Dual-homed host
• Deperimeterization
• Zero-trust architecute (ZTA)
• Host-based firewall (personal firewall)