Network Security Technical Controls

Explore the defense-in-depth mechanisms used to protect organizational assets. From network segmentation and firewalls to advanced SIEM analytics and deception technology.

SIEM
Interactive Guide

1 Network Segmentation

Segmentation splits the network into smaller parts to improve security, performance, and containment. Visualize how separating zones protects critical assets.

Zone Architecture Visualizer

Segmentation Types

🔌

Physical Segmentation

Separate hardware (switches/routers). Secure but expensive.

🌐

Logical Segmentation (VLAN)

Virtual separation on shared hardware. Flexible and cost-effective.

☁️

Network Virtualization

Abstracts resources into a single administrative unit. High scalability.

Select a segmentation type above to learn more details from the report.

2 Firewall Defense

Firewalls control incoming and outgoing traffic based on rules. Use the simulator to understand Packet Filtering vs. Application Proxies vs. Next-Generation Firewalls (NGFW).

Firewall Configuration

Packet Filtering checks source/destination IP and ports. It's fast but low security.
Allowed
Blocked
💻
Untrusted Network
(Internet)
🔥
Checking Header...
P
🏢
Internal Network
(Trusted)

Firewall Log

> System Ready. Select a packet to transmit...

3 Intrusion Detection & Prevention

Understand the critical difference between monitoring (IDS) and enforcement (IPS). Toggle the mode to see how they handle a "Signature Match".

👁️

IDS (Detection)

"The Camera". Monitors traffic using signatures or anomaly detection. Alerts admins but does not stop traffic.

Traffic Flow Passive Monitoring
👮

IPS (Prevention)

"The Bouncer". Sits inline with traffic. Can drop packets, reset connections, and block IPs automatically.

Traffic Flow Inline Enforcement

4 Honeypots, VPNs & Proxies

🍯

Honeypots

Decoy systems designed to lure attackers. Click to explore types:

Low-Interaction Basic emulation (KFSensor)
High-Interaction Real systems (Honeynet)
Specialized Malware, Spam, Database

Secure Connectivity

VPN (Tunneling)

🚇
  • Encrypts entire connection.
  • Hides IP address via Tunnel.
  • Protocols: IPsec, SSL, PPTP, L2TP.
  • Used for Remote Access & Site-to-Site.

Proxy Server

🔄
  • Intermediary for specific traffic.
  • Caches content (speed) & filters URLs.
  • Types: Transparent, Reverse, SOCKS.
  • Does not necessarily encrypt all traffic.

5 SIEM & Analytics

Security Information and Event Management (SIEM) aggregates logs from all controls. User Behavior Analytics (UBA) detects insider threats.

The SIEM Funnel

Visualizing the reduction of noise. Logs > Correlation > Alerts.

Data Aggregation Sources

SIEM collects logs from diverse infrastructure components.

🧠

UBA: User Behavior Analytics

Traditional SIEM relies on rules. UBA uses Machine Learning to establish a "Baseline" of normal behavior. It detects anomalies like a user logging in from two countries at once, or accessing sensitive files at 3 AM.