Firewalls

• Packet filter
• Screening router
• Border router (gateway router)
• Access control list
• Filter chain
• Accept/Drop actions
• Basic firewalling principle
• Default allow
• Default deny
• Ingress vs. egress filtering
• Stateful packet inspection (SPI)
• 2nd generation firewall
• Related traffic
• Bastion host
• Demilitarized Zone (DMZ)
• Deep packet inspection (DPI)
• Deep Content Inspection (DCI)
• Intrusion Detection System (IDS)
• Intrusion Prevention System (IPS)
• Protocol-based IDS
• Signature-based IDS
• Anomaly-based IDS
• Application proxy
• Dual-homed host
• Deperimeterization
• Host-based firewall (personal firewall)
• Network Address Translation (NAT)
• Private IP addresses

Virtual Private Networks (VPNs)

• Private line
• Tunnel
• Packet encapsulation
• Virtual Private Network (VPN)
• IPsec (Internet Protocol Security)
• IP Authentication Header (AH)
Encapsulating Security Payload (ESP)
• Tunnel mode
• Transport mode
• Sequence number

Transport-Layer Security (TLS)

• Secure Socket Layer (SSL)
Transport Layer Security (TLS)
• Sub-protocol–1: authenticate/establish keys
• Sub-protocol–2: communicate
• ClientRandom, ServerRandom
• X.509 certificates
• Diffie-Hellman key exchange
• Common key
• Master key
• TLS keys used in communication