Tutorials › Cybersecurity and AI Security › Network Security

Network Security

5 min read Quiz at the end

TLS 1.3, HSTS, firewall rules, network segmentation — harden network communications end-to-end.

Network Security

# TLS configuration (Nginx)
ssl_protocols       TLSv1.2 TLSv1.3;
ssl_ciphers         ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
ssl_session_cache   shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling        on;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';

# Check TLS config
# ssllabs.com/ssltest — comprehensive grade
# testssl.sh https://mysite.com — CLI tool

# Firewall rules (iptables)
# Allow only necessary ports
iptables -A INPUT  -p tcp --dport 443 -j ACCEPT
iptables -A INPUT  -p tcp --dport 80  -j ACCEPT
iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT  -j DROP  # block everything else

# Port scanning detection
# nmap -sV -sC target  (authorised testing)

# Network segmentation
# VLAN 10: web servers
# VLAN 20: app servers
# VLAN 30: databases (NO direct internet access)
# DMZ: public-facing services

← Cryptography Essentials Next: Security Headers →

Quick Access

Network Security

Network Security