Network-Based Firewall
Network-based firewall → security device placed at the network perimeter that filters inbound and outbound traffic based on rules such as Internet Protocol addresses, ports, and protocols to prevent unauthorized access.
UTM
Unified threat management (UTM) → all-in-one security appliance, sometimes called a web security gateway, that combines firewalling, intrusion prevention, antivirus, web filtering, and other security functions into a single device.
NGFW
Next-generation firewall (NGFW) → advanced firewall that operates at Open Systems Interconnection layer 7, allowing it to inspect application-level traffic, enforce user-based policies, and detect modern threats beyond simple port filtering.
WAF
Web application firewall (WAF) → firewall designed to protect web applications by filtering and monitoring Hypertext Transfer Protocol traffic, defending against attacks such as structured query language injection and cross-site scripting.
VPN
Virtual private network (VPN) → secure communication method that creates an encrypted tunnel over an untrusted network, allowing remote users or networks to communicate as if they were directly connected.
VPN Concentrator
VPN concentrator → dedicated device or integrated firewall feature that manages and terminates large numbers of virtual private network connections, handling encryption, authentication, and session management.
IPsec
Internet Protocol security (IPsec) → suite of protocols used to encrypt and authenticate Internet Protocol traffic, providing confidentiality, integrity, and authentication at the network layer.
SSL/TLS VPN
Secure sockets layer and transport layer security virtual private network (SSL/TLS VPN) → virtual private network that uses browser-based or client-based encrypted connections, commonly used for remote user access without full network exposure.
Site-to-Site IPsec VPN
Site-to-site Internet Protocol security virtual private network → permanent encrypted tunnel that securely connects two networks over the internet, allowing systems at both locations to communicate as if on the same internal network.
SD-WAN
Software-defined wide area network (SD-WAN) → wide area network technology optimized for cloud use that dynamically routes traffic across multiple links based on performance, cost, and application needs.
SASE
Secure access service edge (SASE) → A next generation VPN with firewalls, zero trust features, and SD-WAN (cloud based networking)
-
Security Controls10
-
The CIA Triad & Non-Repudiation8
-
AAA & Gap Analysis10
-
Zero Trust12
-
Physical Security8
-
Deception & Disruption4
-
Change Management9
-
Technical Change Management9
-
Public Key Infrastructure & Encrypting Data24
-
Key Exchange & Encyption Technology10
-
Obfuscation8
-
Hashing & Digital Signatures9
-
Digital Certificates12
-
Threat Actors8
-
Common Threat Vectors12
-
Common Social Engineering Attacks9
-
Application & Memory-Based Attacks9
-
SQL Injections & Cross-site Scripting6
-
Operating System & Hardware Vulnerabilities7
-
Virtualization & Cloud-specific Vulnerabilities10
-
Supply Chain & Misconfiguration Vulnerabilities10
-
Mobile Device & Zero-day Vulnerabilities7
-
An Overview of Malware14
-
Viruses, Worms, Spyware & Bloatware10
-
Other Malware Types & Physical Attacks9
-
Denial of Service & DNS Attacks10
-
Wireless & On-Path Attacks:6
-
Replay Attacks & Malicious Code9
-
Cryptographic & Password Attacks8
-
Indicators of Compromise10
-
Segmentation, Access Control & Mitigation Techniques10
-
Hardening Techniques10
-
Cloud Infrastructures9
-
Network Infrastructure Concepts14
-
Infrastructure Considerations15
-
Intrusion Prevention7
-
Network Appliances & Port Security16
-
Firewall Types & Secure Communication11
-
Data Types & Classifications12
-
States of Data & Protecting Data14
-
Resiliency9
-
Capacity Planning, Backups & Recovery Testing9
-
Infrastructure Hardening & Secure Deployment11
-
Wireless Security Settings11
-
Application Security7
-
Asset Management, Vulnerability Scanning & Threat Intelligence14
-
Penetration Testing & Analyzing Vulnerabilities14
-
Vulnerability Remediation & Security Monitoring10
-
Security Tools10
-
Secure Protocols, OS & Email Security15
-
Monitoring Data & Endpoint Security13
-
Identity & Access Management8
-
Access Controls10
-
Incident Response & Planning10
-
Digital Forensics & Log Data17
-
Security Policies, Standards, Procedures & Considerations12
-
Data Roles, Risk Analysis & Management Strategies14
-
Business Impact Analysis & Agreement Types15
-
Compliance, Privacy, Audits & Assessments11
-
Penetration Testing, Security Awareness & User Training10
