Chapter Four · Defending the Network
Network Security
You know how networks work from the Networking Deep Dive — here you defend one. This chapter segments Meridian's network, filters its traffic with real nftables rules, tunnels remote access, and watches the wire, drawing the perimeter the intruder must cross in Chapter 5. It assumes TCP/IP and recaps only in a sentence.
A network is where an attacker's moves become visible and where their reach can be contained. The controls in this chapter decide two things: how far a foothold can travel — through segmentation and firewalls — and how much of the attacker's activity you can see, through monitoring and inspection. Both assume the beginner truth that no perimeter holds forever, so the network is designed to contain and reveal, not just to keep out.
Five topics build Meridian's network defense: filtering traffic with real nftables rules, segmenting and adopting zero-trust so a foothold reaches little, tunnelling remote access, detecting intrusions on the wire, and inspecting encrypted traffic — with its sharp tradeoff between visibility and the guarantees TLS was meant to give.