Essential Network Security Q&A: From Fundamentals to Advanced Threats

1. What is network security?

Network security refers to the measures taken to protect networks from attacks, intrusions, disruptions, damage, and unauthorized use, ensuring stability, reliability, data integrity, confidentiality, and availability (see China Cybersecurity Law).

2. What are the basic attributes of network security?

Confidentiality : Prevent information exposure to unauthorized entities (e.g., encrypt sensitive data during transmission).

Integrity : Ensure only authorized parties can modify data and detect tampering (e.g., use hash functions to verify file integrity).

Availability : Authorized users can access resources when needed (e.g., servers must remain operational under load).

Controllability : Ability to control information dissemination and content (e.g., content‑filtering systems).

Authenticity : Received information truly originates from the claimed source and is unaltered (e.g., digital signatures).

3. What are the main sources of network security threats?

External attackers : Hackers or malicious individuals exploiting vulnerabilities (e.g., DDoS attacks).

Insiders : Employees or partners causing accidental or malicious incidents (e.g., data leakage).

System vulnerabilities : OS or application flaws (e.g., Windows vulnerabilities).

Natural disasters and accidents : Earthquakes, fires, power failures causing damage or data loss.

4. What are the three basic elements of network security?

Confidentiality : Ensure information is not accessed by unauthorized parties (e.g., symmetric encryption).

Integrity : Protect information from alteration, deletion, or loss (e.g., hash verification).

Availability : Ensure authorized users can access resources when needed (e.g., redundant server design).

5. What are the five core functions of network security?

Protection : Safeguard systems and data (e.g., firewalls).

Detection : Identify security events and anomalies (e.g., IDS monitoring).

Response : React promptly to detected events (e.g., antivirus removal).

Recovery : Restore normal operation after incidents (e.g., data backup restoration).

Education : Raise user awareness (e.g., security training).

6. What is a Denial‑of‑Service (DoS) attack?

A DoS attack overwhelms a service with excessive legitimate‑looking requests, exhausting resources so legitimate users cannot receive responses (e.g., massive traffic causing website outage).

7. How does Distributed DoS (DDoS) differ from DoS?

DDoS uses many compromised machines (botnets) to generate traffic, amplifying the attack compared to a single source.

8. What is a Man‑in‑the‑Middle (MITM) attack?

Attackers insert themselves between communicating parties to intercept, modify, or forge traffic, often using ARP spoofing or DNS hijacking (e.g., public Wi‑Fi interception).

9. How to prevent MITM attacks?

Use encrypted protocols such as HTTPS.

Secure network devices to block ARP spoofing (e.g., static MAC bindings).

Deploy trusted security software like firewalls and IDS.

10. What is phishing?

Phishing tricks users by impersonating legitimate sites or emails to steal credentials, credit card info, etc. (e.g., fake bank email prompting a link).

11. How to identify phishing?

Check sender address for legitimacy.

Hover over links to verify real URLs.

Watch for grammatical or spelling errors.

Contact the organization via official channels.

12. What is malware?

Malicious software designed to damage, disrupt, or gain unauthorized access to systems (e.g., viruses, ransomware).

13. Difference between viruses and trojans?

Viruses self‑replicate by attaching to executables; trojans disguise as legitimate software and open backdoors for remote control.

14. How to mitigate malware?

Install reputable antivirus and keep signatures updated.

Avoid downloading unknown software.

Be cautious with email attachments and links.

Regularly back up important data.

15. What is SQL injection?

Attackers inject malicious SQL statements into input fields or URLs to bypass authentication or access databases (e.g., entering "' OR 1=1--" in a login field).

16. How to prevent SQL injection?

Validate and sanitize user input; use parameterized queries or prepared statements.

Employ secure frameworks and DBMS with built‑in protections.

Conduct regular security audits and vulnerability scans.

17. What is Cross‑Site Scripting (XSS)?

Attackers inject malicious scripts into web pages, which execute in victims' browsers to steal data or alter content (e.g., malicious JavaScript in forum posts).

18. How to prevent XSS?

Encode user input to HTML entities (e.g., convert < to <).

Implement Content Security Policy (CSP) to restrict script sources.

Secure rich‑text editors and other input tools.

19. What is a zero‑day vulnerability?

A security flaw with no publicly available patch; both attackers and vendors may be unaware of it.

20. How to handle zero‑day vulnerabilities?

Vendors should strengthen secure development processes and maintain rapid incident response.

Users must keep systems updated and use security tools until patches are released.

21. What is symmetric encryption?

Encryption and decryption use the same secret key (e.g., AES for file encryption).

22. What is asymmetric encryption?

Uses a public key for encryption and a private key for decryption (e.g., RSA for digital signatures).

23. Differences between symmetric and asymmetric encryption?

Symmetric is fast and suitable for large data but requires secure key exchange.

Asymmetric simplifies key management, supports signatures and key exchange, but is slower.

24. What is a digital signature?

Uses a private key to sign data; the corresponding public key verifies authenticity and integrity (e.g., signing a contract PDF).

25. What is Public Key Infrastructure (PKI)?

Framework managing digital certificates, CAs, and RAs to verify identities and public keys (e.g., browsers validating website certificates).

26. What are SSL/TLS protocols?

Provide encrypted communication and mutual authentication for secure data transfer over networks (e.g., online banking).

27. Difference between SSL and TLS?

TLS is the modern, more secure successor to SSL, offering stronger ciphers and better session management.

28. What is a cryptographic hash function?

Transforms arbitrary data into a fixed‑size hash value used for integrity verification (e.g., MD5, SHA‑1, SHA‑256).

29. Differences among MD5, SHA‑1, and SHA‑256?

MD5 produces 128‑bit hashes, SHA‑1 160‑bit, SHA‑256 256‑bit; MD5 and SHA‑1 are vulnerable to collisions, while SHA‑256 offers higher security.

30. What is a digital certificate?

An electronic document issued by a CA that binds an identity to a public key, containing holder info, public key, issuer, and validity period.

31. What is a self‑signed certificate?

A certificate generated and signed by its own holder without a trusted CA, often used for testing.

32. What is a Certificate Revocation List (CRL)?

A list of revoked certificates published by a CA to indicate that they are no longer trustworthy.

33. What is Elliptic Curve Cryptography (ECC)?

Public‑key cryptography based on elliptic curves, offering comparable security to RSA with shorter keys, suitable for constrained devices.

34. What is homomorphic encryption?

Allows computations on encrypted data without decryption; results remain encrypted and match the plaintext computation (e.g., cloud analytics on encrypted data).

35. What is quantum encryption?

Uses quantum mechanics principles (e.g., photon polarization) to secure communication, making eavesdropping detectable.

36. What is a network security policy?

A set of rules and practices governing protection of an organization’s networks and information systems (e.g., access controls, encryption requirements).

37. What is access control?

Mechanisms that restrict who can access which resources based on identity, role, or attributes.

38. What is Discretionary Access Control (DAC)?

Resource owners set permissions for other users (e.g., file owners granting read/write rights).

39. What is Mandatory Access Control (MAC)?

System‑enforced controls based on security labels or levels, often used in government or military contexts.

40. What is Role‑Based Access Control (RBAC)?

Permissions are assigned to roles; users acquire permissions by being assigned roles (e.g., teacher vs. student access).

41. What is security auditing?

Recording and analyzing system and network activities to detect threats and policy violations.

42. What is an Intrusion Detection System (IDS)?

Monitors network traffic and system logs to identify suspicious activities and raise alerts.

43. What is an Intrusion Prevention System (IPS)?

Detects intrusions and automatically blocks malicious traffic in real time.

44. What is Security Information and Event Management (SIEM)?

Aggregates, stores, and analyzes security logs from multiple sources to provide situational awareness.

45. What is vulnerability scanning?

Automated tools scan systems for known vulnerabilities and suggest remediation.

46. What is penetration testing?

Simulated attacks performed by professionals to uncover security weaknesses.

47. What is an incident response plan?

A predefined procedure for detecting, reporting, analyzing, and mitigating security incidents.

48. What is a disaster recovery plan?

Strategies for restoring IT systems and data after major failures or disasters.

49. What is Business Continuity Planning (BCP)?

Ensures an organization can continue operations during and after disruptive events.

50. What is supply‑chain security management?

Assessing and controlling security risks throughout the product or service supply chain.

51. What is network segmentation?

Dividing a large network into smaller sub‑networks to improve security and manageability.

52. What is a firewall policy?

Rules that define allowed or denied traffic based on source, destination, ports, etc.

53. What is network segmentation?

Same as 51 – separating a network into isolated zones to reduce attack surface.

54. What is the principle of least privilege?

Users and processes receive only the minimum permissions necessary to perform their tasks.

55. What is content filtering?

Blocks access to undesirable content such as malicious sites or inappropriate material.

56. What is security awareness training?

Educates employees on recognizing and responding to security threats.

57. What is Multi‑Factor Authentication (MFA)?

Requires two or more verification factors (e.g., password plus SMS code) to authenticate users.

58. What is an account lockout policy?

Locks an account after a number of failed login attempts to prevent brute‑force attacks.

59. What is session management?

Tracks and secures user sessions, preventing hijacking (e.g., using secure session cookies).

60. What are network security standards and frameworks?

Guidelines such as ISO 27001 that help organizations build effective security programs.

61. What is a zero‑trust architecture?

Assumes no implicit trust; every access request is authenticated and authorized regardless of location.

62. What is data classification and grading?

Assigns sensitivity levels to data to determine appropriate protection measures.

63. What are privacy‑preserving technologies?

Techniques like data masking and anonymization that protect personal information.

64. What is Security Orchestration, Automation, and Response (SOAR)?

Platforms that automate collection, analysis, and response to security events.

65. What is threat intelligence?

Information about current or emerging threats used to improve defenses.

66. What is a vulnerability bounty program?

Rewards external researchers for reporting security flaws.

67. What is a Secure Development Lifecycle (SDL)?

Integrates security activities throughout software development phases.

68. What is Dynamic Application Security Testing (DAST)?

Automated scanning of running applications to find vulnerabilities like SQL injection.

69. What is Static Application Security Testing (SAST)?

Analyzes source code for security issues early in development.

70. What is Software Composition Analysis (SCA)?

Identifies open‑source components and their known vulnerabilities.

71. What is penetration testing? (duplicate)

Simulated attacks to evaluate security posture.

72. What is Security Information and Event Management (SIEM)? (duplicate)

Collects and correlates security logs for real‑time monitoring.

73. What is container security?

Protects container images, runtimes, and inter‑container communication (e.g., Docker image scanning).

74. What is supply‑chain security management? (duplicate)

Ensures security across all supply‑chain stages.

75. What is cloud security?

Secures data, applications, and infrastructure in cloud environments (e.g., CASB monitoring).

76. What is Identity and Access Management (IAM)?

Framework for managing user identities and permissions.

77. What is Security Assertion Markup Language (SAML)?

XML‑based standard for exchanging authentication and authorization data, often used for SSO.

78. What is OpenID Connect?

Identity layer on top of OAuth 2.0 that enables single sign‑on across applications.

79. What is a bastion host?

Secure gateway that monitors and controls access to critical systems.

80. What is a honeypot?

Decoy system designed to attract attackers for analysis.

81. What is a SOAR platform? (duplicate)

Automates security workflows and response actions.

82. What is threat hunting?

Proactive search for hidden threats by analyzing anomalous behavior.

83. What is Endpoint Detection and Response (EDR)?

Monitors endpoints for advanced threats and provides response capabilities.

84. What is Network Traffic Analysis (NTA)?

Analyzes network flow data to detect anomalies and threats.

85. What is a Hardware Security Module (HSM)?

Physical device that securely generates, stores, and manages cryptographic keys.

86. What is Quantum Key Distribution (QKD)?

Uses quantum mechanics to exchange encryption keys with provable security.

87. What is a Zero‑Knowledge Proof?

Cryptographic protocol allowing one party to prove a statement true without revealing any additional information.

88. What is homomorphic encryption? (duplicate)

Enables computation on encrypted data while preserving confidentiality.

89. What is Secure Multi‑Party Computation (MPC)?

Allows parties to jointly compute a function without revealing their private inputs.

90. What is differential privacy?

Adds statistical noise to query results to protect individual records while providing useful aggregates.

91. What is machine‑learning security?

Addresses threats to ML models such as adversarial attacks, data poisoning, and model extraction.

92. What is an application‑layer firewall?

Inspects and controls traffic based on application protocols (e.g., Web Application Firewall).

93. What is database encryption?

Encrypts data at rest in databases to prevent unauthorized reading (e.g., Transparent Data Encryption).

94. What is network segmentation? (duplicate)

Divides a network into isolated segments to improve security.

95. What is Security Orchestration, Automation, and Response (SOAR)? (duplicate)

Framework that automates security operations.

96. What is threat intelligence? (duplicate)

Information about current or potential threats used to improve defenses.

97. What is security awareness training? (duplicate)

Programs that teach employees how to recognize and mitigate security risks.

98. What is an incident response plan? (duplicate)

Documented steps for handling security incidents.

99. What is a vulnerability bounty program? (duplicate)

Incentivizes external researchers to report security flaws.

100. What is a Secure Development Lifecycle (SDL)? (duplicate)

Integrates security throughout software development to produce secure applications.