Chapter Four · Defending the Network

Network Security

You know how networks work from the Networking Deep Dive — here you defend one. This chapter segments Meridian's network, filters its traffic with real nftables rules, tunnels remote access, and watches the wire, drawing the perimeter the intruder must cross in Chapter 5. It assumes TCP/IP and recaps only in a sentence.

5 topics

A network is where an attacker's moves become visible and where their reach can be contained. The controls in this chapter decide two things: how far a foothold can travel — through segmentation and firewalls — and how much of the attacker's activity you can see, through monitoring and inspection. Both assume the beginner truth that no perimeter holds forever, so the network is designed to contain and reveal, not just to keep out.

Five topics build Meridian's network defense: filtering traffic with real nftables rules, segmenting and adopting zero-trust so a foothold reaches little, tunnelling remote access, detecting intrusions on the wire, and inspecting encrypted traffic — with its sharp tradeoff between visibility and the guarantees TLS was meant to give.

Two jobs of network defense — contain the attacker, and see them
Contain
Firewalls · segmentation · zero trust · VPNs
See
IDS/IPS · flow logs · TLS inspection

Topics in This Chapter