System and Network Security Cheat Sheet

The core ideas of System and Network Security distilled into a single, scannable reference — perfect for review or quick lookup.

PiqCue — piqcue.com/system-network-security/cheatsheet

Quick Reference

Firewalls

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewalls can be stateless (examining individual packets) or stateful (tracking connection states), and next-generation firewalls (NGFW) add deep packet inspection, application awareness, and integrated intrusion prevention.

Intrusion Detection and Prevention Systems (IDS/IPS)

IDS monitors network traffic or system activities for malicious behavior and generates alerts, while IPS takes active measures to block or prevent detected threats. Both can use signature-based detection (matching known attack patterns) or anomaly-based detection (identifying deviations from normal behavior). IDS is passive and observes; IPS is inline and can drop or modify malicious packets.

Virtual Private Networks (VPNs)

A VPN creates an encrypted tunnel between two endpoints over a public network, ensuring confidentiality, integrity, and authentication of the transmitted data. Common VPN protocols include IPsec, which operates at the network layer, and OpenVPN or WireGuard, which can operate at various layers. VPNs are used for secure remote access and site-to-site connectivity.

Network Segmentation

Network segmentation divides a larger network into smaller, isolated subnetworks (segments or zones) to limit the blast radius of a security breach and control traffic flow between segments. Common techniques include VLANs, subnetting, and creating demilitarized zones (DMZs). Micro-segmentation extends this concept to individual workloads in virtualized and cloud environments.

TLS/SSL Protocols

Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are cryptographic protocols that provide secure communication over a network. TLS uses a combination of asymmetric encryption for key exchange and symmetric encryption for bulk data transfer, along with digital certificates to authenticate server identity. TLS 1.3 is the current standard, offering improved security and performance over earlier versions.

Access Control

Access control is the process of granting or denying specific requests to obtain and use information and related processing services. Models include Discretionary Access Control (DAC), where resource owners set permissions; Mandatory Access Control (MAC), where a central authority enforces policies based on classifications; and Role-Based Access Control (RBAC), where permissions are assigned to roles rather than individual users.

Wireless Security (WPA3)

WPA3 (Wi-Fi Protected Access 3) is the latest wireless security standard, addressing vulnerabilities in WPA2. It uses Simultaneous Authentication of Equals (SAE), which replaces the Pre-Shared Key (PSK) exchange and provides protection against offline dictionary attacks. WPA3 also offers forward secrecy, ensuring that captured traffic cannot be decrypted later if the password is compromised.

Zero Trust Architecture

Zero trust is a security model based on the principle of 'never trust, always verify.' Unlike traditional perimeter-based security, zero trust assumes that threats exist both inside and outside the network and requires continuous verification of every user, device, and application before granting access. Key components include micro-segmentation, least-privilege access, multi-factor authentication, and continuous monitoring.

Defense in Depth

Defense in depth is a cybersecurity strategy that employs multiple layers of security controls throughout an information system. The idea is that if one layer fails, additional layers continue to provide protection. Layers typically include physical security, network security, host security, application security, and data security, along with policies, procedures, and user awareness training.

Key Terms at a Glance

Firewall:A network security device or software that monitors and filters network traffic based on security rules, acting as a barrier between trusted and untrusted networks.

IDS (Intrusion Detection System):A security system that monitors network traffic or system activities for suspicious behavior and generates alerts without taking active blocking action.

IPS (Intrusion Prevention System):A security system deployed inline that monitors traffic and actively blocks or prevents detected threats in real time.

VPN (Virtual Private Network):A technology that creates an encrypted tunnel over a public network, providing secure communication between endpoints through encryption, authentication, and integrity protection.

DMZ (Demilitarized Zone):A perimeter network segment that hosts public-facing services while isolating them from the internal network, typically protected by firewalls on both sides.

TLS (Transport Layer Security):A cryptographic protocol that provides secure communication over a network through encryption, authentication via digital certificates, and data integrity.

IPsec (Internet Protocol Security):A suite of protocols operating at Layer 3 that provides encryption (ESP), authentication (AH), and key management (IKE) for securing IP communications.

RBAC (Role-Based Access Control):An access control model that assigns permissions to organizational roles rather than individual users, simplifying permission management in large organizations.

SIEM (Security Information and Event Management):A platform that aggregates and correlates log data from multiple IT sources to detect security threats, generate alerts, and support incident investigation.

NAC (Network Access Control):A security framework that evaluates a device's security posture and enforces compliance policies before granting network access.

Zero Trust:A security model based on 'never trust, always verify,' requiring continuous authentication and authorization for every access request regardless of network location.

Forward Secrecy:A property of key exchange protocols ensuring that compromise of a long-term key does not compromise past session keys, because each session uses unique ephemeral keys.

ARP Spoofing:An attack technique where an adversary sends falsified ARP messages on a local network to associate their MAC address with another host's IP address, enabling traffic interception.

Get study tips in your inbox

We'll send you evidence-based study strategies and new cheat sheets as they're published.

We'll notify you about updates. No spam, unsubscribe anytime.