Essential Network Security FAQ: 100+ Key Concepts Explained

1. What is network security?

Network security refers to the set of measures taken to prevent attacks, intrusions, disruptions, destruction, and unauthorized use of networks, ensuring stable and reliable operation while protecting data confidentiality, integrity, and availability (as defined in the China Cybersecurity Law).

2. What are the basic attributes of network security?

Confidentiality : Ensure information is not exposed to unauthorized entities (e.g., encrypt sensitive data during transmission).

Integrity : Only authorized parties can modify data and tampering can be detected (e.g., verify file integrity with hash functions).

Availability : Authorized users can access services when needed (e.g., servers must remain operational under load).

Controllability : Ability to control the propagation and content of information (e.g., content‑filtering systems).

Authenticity : Received information truly originates from the claimed source and is unaltered (e.g., digital signatures).

3. What are the main sources of network security threats?

External attackers : Hackers or malicious individuals exploiting vulnerabilities (e.g., DDoS attacks).

Insiders : Employees or partners causing accidental or intentional security issues (e.g., data leakage).

System vulnerabilities : Bugs or backdoors in operating systems or applications (e.g., Windows exploits).

Natural disasters and accidents : Earthquakes, fires, power failures that damage infrastructure (e.g., data‑center fire).

4. What are the three basic elements of network security?

Confidentiality : Prevent unauthorized access (e.g., symmetric encryption for communication).

Integrity : Protect data from tampering, deletion, or loss (e.g., hash verification).

Availability : Ensure authorized users can access resources when needed (e.g., redundant server design).

5. What are the five core functions of network security?

Protection : Safeguard systems and data (e.g., firewalls).

Detection : Identify security events and anomalies (e.g., IDS).

Response : React promptly to detected events (e.g., antivirus activation).

Recovery : Restore normal operation after incidents (e.g., data restoration from backups).

Education : Raise user awareness (e.g., security training).

6. What is a Denial‑of‑Service (DoS) attack?

A DoS attack consumes excessive service resources with legitimate‑looking requests, preventing legitimate users from receiving responses (e.g., flooding a website with traffic).

7. How does Distributed DoS (DDoS) differ from DoS?

DDoS uses many compromised machines (botnets) to generate traffic, amplifying the attack compared to a single‑source DoS.

8. What is a Man‑in‑the‑Middle (MITM) attack?

An attacker inserts themselves between two communicating parties to intercept or modify traffic (e.g., ARP spoofing on public Wi‑Fi).

9. How to prevent MITM attacks?

Use encrypted protocols such as HTTPS.

Secure network devices to block ARP spoofing (e.g., static MAC bindings).

Deploy trusted security software like firewalls and IDS.

10. What is phishing?

Phishing impersonates legitimate websites or emails to steal credentials, credit‑card numbers, etc. (e.g., fake bank email prompting a login link).

11. How to identify phishing?

Check sender’s email address.

Hover over links to verify real URLs.

Watch for grammatical or spelling errors.

Contact the organization through official channels.

12. What is malware?

Malicious software designed to damage, disrupt, or gain illegal access to systems (e.g., viruses, worms, trojans, ransomware).

13. Difference between viruses and trojans?

Viruses self‑replicate by attaching to executables; trojans disguise themselves as legitimate programs and open backdoors.

14. How to defend against malware?

Install reputable antivirus and keep signatures updated.

Avoid downloading unknown software.

Be cautious with email attachments and links.

Regularly back up important data.

15. What is SQL injection?

An attack that injects malicious SQL statements into input fields or URLs to bypass authentication or access databases (e.g., entering "' OR 1=1--" in a login box).

16. How to prevent SQL injection?

Validate and sanitize user input; use parameterized queries or prepared statements.

Employ secure frameworks and DBMS that provide built‑in protections.

Conduct regular security audits and vulnerability scans.

17. What is Cross‑Site Scripting (XSS)?

An attack that injects malicious scripts into web pages, allowing attackers to steal data or manipulate content (e.g., posting malicious JavaScript in a forum).

18. How to mitigate XSS?

Encode user input, converting special characters to HTML entities (e.g., < becomes <).

Use Content Security Policy (CSP) to restrict script sources.

Securely configure rich‑text editors to block script injection.

19. What is a zero‑day vulnerability?

A security flaw that has no publicly available patch; both attackers and defenders are unaware of a fix.

20. How to handle zero‑day vulnerabilities?

Vendors should strengthen secure development processes and establish rapid‑response mechanisms.

Users must keep systems updated and use security tools until patches are released.

21. What is symmetric encryption?

Encryption where the same key is used for both encryption and decryption (e.g., AES).

22. What is asymmetric encryption?

Encryption using a public‑private key pair; the public key encrypts, the private key decrypts (e.g., RSA).

23. Differences between symmetric and asymmetric encryption?

Symmetric encryption is fast and suited for large data but requires secure key exchange.

Asymmetric encryption simplifies key management, is slower, and is used for key exchange and digital signatures.

24. What is a digital signature?

A technique that uses a private key to sign data, allowing the receiver to verify authenticity and integrity with the corresponding public key.

25. What is Public Key Infrastructure (PKI)?

A framework that manages digital certificates, certificate authorities (CA), and registration authorities (RA) to verify identities and public keys.

26. What are SSL/TLS protocols?

Protocols that provide encrypted communication over networks, ensuring data confidentiality and server/client authentication (e.g., online banking).

27. Difference between SSL and TLS?

TLS is the successor to SSL, offering stronger encryption algorithms and improved session management.

28. What is a cryptographic hash function?

A function that maps arbitrary data to a fixed‑size hash value, used for integrity verification (e.g., MD5, SHA‑1, SHA‑256).

29. Differences among MD5, SHA‑1, and SHA‑256?

MD5 produces a 128‑bit hash, SHA‑1 a 160‑bit hash, and SHA‑256 a 256‑bit hash; MD5 and SHA‑1 are considered weak, while SHA‑256 offers higher security.

30. What is a digital certificate?

An electronic document issued by a CA that binds a public key to an entity’s identity (e.g., website certificates).

31. What is a self‑signed certificate?

A certificate generated and signed by its own owner without a trusted CA, often used in testing environments.

32. What is a Certificate Revocation List (CRL)?

A list published by a CA that contains certificates that have been revoked before their expiration.

33. What is Elliptic Curve Cryptography (ECC)?

A public‑key cryptosystem based on elliptic curves that provides comparable security to RSA with shorter keys, suitable for constrained devices.

34. What is homomorphic encryption?

An encryption method that allows computations to be performed on ciphertexts, producing an encrypted result that matches the plaintext computation when decrypted.

35. What is quantum encryption?

Encryption techniques that leverage quantum mechanics (e.g., photon polarization) to achieve security that is theoretically resistant to classical attacks.

36. What is a network security policy?

A set of rules and practices governing the protection of an organization’s network and information systems (e.g., access controls, data encryption).

37. What is access control?

Technology that restricts who can access which resources based on identity, role, or other attributes (e.g., DAC, MAC, RBAC).

38. What is Discretionary Access Control (DAC)?

Access control where resource owners set permissions (e.g., file owners granting read/write rights).

39. What is Mandatory Access Control (MAC)?

System‑enforced access control based on security labels or classifications (e.g., military clearance levels).

40. What is Role‑Based Access Control (RBAC)?

Access control that assigns permissions to roles rather than individuals (e.g., teachers vs. students in a school system).

41. What is security auditing?

The process of recording and analyzing system and network activities to detect threats and policy violations.

42. What is an Intrusion Detection System (IDS)?

A system that monitors network or host activity for suspicious behavior and generates alerts.

43. What is an Intrusion Prevention System (IPS)?

An IPS not only detects intrusions but also blocks them in real time.

44. What is Security Information and Event Management (SIEM)?

A platform that aggregates, stores, and analyzes security logs and events from multiple sources.

45. What is vulnerability scanning?

Automated scanning to identify known security weaknesses in systems or networks.

46. What is penetration testing?

A simulated attack performed by security professionals to discover exploitable vulnerabilities.

47. What is an incident response plan?

A predefined procedure for detecting, analyzing, and mitigating security incidents.

48. What is a disaster recovery plan?

A strategy for restoring IT systems and data after a major outage or catastrophe.

49. What is Business Continuity Planning (BCP)?

Planning to ensure an organization can continue operating during and after disruptive events.

50. What is supply‑chain security management?

Managing security risks throughout the product or service supply chain (e.g., vetting suppliers).

51. What is network segmentation?

Dividing a large network into smaller sub‑networks to improve security and manageability.

52. What is a firewall policy?

A set of rules that control inbound and outbound traffic based on criteria such as IP address, port, and protocol.

53. What is network segmentation? (duplicate entry)

See item 51.

54. What is the principle of least privilege?

Granting users or processes only the minimum permissions necessary to perform their tasks.

55. What is content filtering?

Technology that blocks access to undesirable content such as malicious sites or inappropriate material.

56. What is security awareness training?

Educational programs that teach employees how to recognize and respond to security threats.

57. What is multi‑factor authentication (MFA)?

An authentication method requiring two or more verification factors (e.g., password plus SMS code).

58. What is an account lockout policy?

A security measure that temporarily disables an account after multiple failed login attempts.

59. What is session management?

Techniques for tracking and maintaining user session state securely to prevent hijacking.

60. What are network security standards and frameworks?

Guidelines such as ISO 27001 that help organizations build and maintain effective security programs.

61. What is a zero‑trust architecture?

A security model that assumes no user or device is trusted by default, requiring strict verification for every access request.

62. What is data classification and grading?

Assigning sensitivity levels to data to determine appropriate protection measures.

63. What are privacy‑preserving technologies?

Methods like data masking and anonymization that protect personal information.

64. What is Security Orchestration, Automation and Response (SOAR)?

A platform that automates the collection, analysis, and response to security events.

65. What is threat intelligence?

Information about existing or emerging threats used to improve defensive posture.

66. What is a vulnerability bounty program?

An incentive scheme that rewards external researchers for responsibly reporting security flaws.

67. What is a Secure Development Lifecycle (SDL)?

A methodology that integrates security activities throughout software development phases.

68. What is Dynamic Application Security Testing (DAST)?

Automated testing of running applications to find vulnerabilities like SQL injection or XSS.

69. What is Static Application Security Testing (SAST)?

Static analysis of source code to detect security issues early in development.

70. What is Software Composition Analysis (SCA)?

Identifying and managing open‑source components and their known vulnerabilities.

71. What is penetration testing? (duplicate entry)

See item 46.

72. What is Security Information and Event Management (SIEM)? (duplicate entry)

See item 44.

73. What is container security?

Protecting container images, runtimes, and inter‑container communication (e.g., scanning Docker images).

74. What is supply‑chain security management? (duplicate entry)

See item 50.

75. What is cloud security?

Securing data, applications, and infrastructure in cloud environments (e.g., using CASB).

76. What is Identity and Access Management (IAM)?

A framework for managing user identities and permissions across systems.

77. What is Security Assertion Markup Language (SAML)?

An XML‑based standard for exchanging authentication and authorization data, commonly used for SSO.

78. What is OpenID Connect?

An identity layer built on OAuth 2.0 that enables standardized authentication across applications.

79. What is a bastion host?

A hardened system that mediates and logs access to critical internal resources.

80. What is a honeypot?

A decoy system designed to attract attackers and gather intelligence about their tactics.

81. What is a SOAR platform? (duplicate entry)

See item 64.

82. What is threat hunting?

A proactive approach that searches for hidden threats by analyzing anomalous behavior.

83. What is Endpoint Detection and Response (EDR)?

A solution that monitors endpoint activities, detects advanced threats, and facilitates response.

84. What is Network Traffic Analysis (NTA)?

Monitoring and analyzing network flows to identify abnormal patterns and potential attacks.

85. What is a Hardware Security Module (HSM)?

A physical device that securely generates, stores, and manages cryptographic keys.

86. What is Quantum Key Distribution (QKD)?

A quantum‑mechanics‑based method for sharing encryption keys with provable security.

87. What is a zero‑knowledge proof?

A cryptographic protocol where a prover convinces a verifier of a statement’s truth without revealing any additional information.

88. What is homomorphic encryption? (duplicate entry)

See item 34.

89. What is Secure Multi‑Party Computation (MPC)?

A technique that allows parties to jointly compute a function over their inputs while keeping those inputs private.

90. What is differential privacy?

A method that adds statistical noise to query results to protect individual records while providing useful aggregate data.

91. What is machine‑learning security?

The field focused on defending ML models against adversarial attacks, data poisoning, and model theft.

92. What is an application‑layer firewall?

A firewall that inspects traffic at the application protocol level (e.g., Web Application Firewall protecting against SQL injection).

93. What is database encryption?

Encrypting data at rest within databases to prevent unauthorized reading (e.g., Transparent Data Encryption).

94. What is network segmentation? (duplicate entry)

See item 51.

95. What is Security Orchestration, Automation, and Response (SOAR)? (duplicate entry)

See item 64.

96. What is threat intelligence? (duplicate entry)

See item 65.

97. What is security awareness training? (duplicate entry)

See item 56.

98. What is an incident response plan? (duplicate entry)

See item 47.

99. What is a vulnerability bounty program? (duplicate entry)

See item 66.

100. What is a Secure Development Lifecycle (SDL)? (duplicate entry)

See item 67.