Domain introduction
This domain focuses on how systems communicate and how those communications are protected. It covers network architectures, protocols, segmentation, encryption in transit, and monitoring controls.
For ICT students, the key is understanding how data moves through networks and where controls such as firewalls, VPNs, and secure protocols should be applied.
Outcome 1
Understand layers
Explain OSI and TCP/IP models and where controls apply.
Outcome 2
Secure traffic
Use TLS, VPNs, and secure protocols to protect data in transit.
Outcome 3
Segment networks
Limit attack spread using segmentation and zoning.
Figures and mental models
Figure 1 — Network layers (simplified)
ApplicationHTTP, DNS, SMTP
TransportTCP, UDP, TLS
NetworkIP, routing
LinkEthernet, Wi‑Fi
Figure 2 — Secure data path
ClientUser device initiates request
TLSEncrypt channel
FirewallFilter traffic
AppProcess request
LogsMonitor & record
Case examples
Case 1 — Public web application
A company hosts a public website accessed globally.
- Controls: HTTPS (TLS), WAF, load balancer, logging.
- Design: DMZ, segmented internal network.
- Question: What happens if TLS is misconfigured?
Case 2 — Remote workforce
Employees connect from home networks to internal systems.
- Controls: VPN, MFA, endpoint checks.
- Risk: insecure home networks.
- Question: When is zero trust better than VPN?
Glossary — 50 core terms
| # | Term | Definition |
|---|---|---|
| 1 | Network Architecture | Design of networks including devices, paths, protocols, and controls enabling secure communication. |
| 2 | OSI Model | Seven-layer framework describing how data moves through networks from physical transmission to applications. |
| 3 | TCP/IP Model | Four-layer model used on the internet defining data transmission and routing. |
| 4 | Network Protocol | Rules governing how devices communicate and exchange data. |
| 5 | Packet | Small unit of data transmitted across networks and reassembled at destination. |
| 6 | Firewall | Filters network traffic based on rules to prevent unauthorized access. |
| 7 | Packet Filtering | Filters packets using headers like IP and port. |
| 8 | Stateful Firewall | Tracks connections and filters traffic based on session state. |
| 9 | Application Firewall | Inspects application-layer traffic for attacks. |
| 10 | DMZ | Network zone for public-facing systems separated from internal network. |
| 11 | Segmentation | Dividing networks to limit attack spread. |
| 12 | Isolation | Separating systems to prevent unauthorized interaction. |
| 13 | VPN | Encrypted tunnel for secure remote access. |
| 14 | Encryption in Transit | Protecting data while traveling across networks. |
| 15 | TLS | Protocol securing communication with encryption and integrity. |
| 16 | SSH | Secure remote administration protocol. |
| 17 | HTTPS | HTTP over TLS providing secure web communication. |
| 18 | DNS | Translates domain names to IP addresses. |
| 19 | DNSSEC | Adds integrity and authenticity to DNS responses. |
| 20 | NAT | Maps private addresses to public addresses. |
| 21 | Routing | Determining paths for packets across networks. |
| 22 | Router | Forwards packets between networks. |
| 23 | Switch | Connects devices within a LAN. |
| 24 | Load Balancer | Distributes traffic across servers. |
| 25 | Proxy | Intermediary handling requests and filtering traffic. |
| 26 | NAC | Controls device access to networks. |
| 27 | IDS | Detects suspicious network activity. |
| 28 | IPS | Blocks malicious traffic automatically. |
| 29 | Monitoring | Observing network activity continuously. |
| 30 | Logging | Recording network events for analysis. |
| 31 | Wireless Network | Communication using radio signals instead of cables. |
| 32 | Wireless Encryption | Protecting Wi‑Fi traffic with encryption. |
| 33 | WPA3 | Modern Wi‑Fi security protocol. |
| 34 | Wireless Authentication | Verifying users/devices on Wi‑Fi. |
| 35 | Hardening | Reducing attack surface through configuration. |
| 36 | DPI | Inspecting packet contents for threats. |
| 37 | Perimeter | Boundary between trusted and untrusted networks. |
| 38 | Gateway | Connects networks and translates protocols. |
| 39 | Bandwidth | Maximum data transmission capacity. |
| 40 | Latency | Delay in network communication. |
| 41 | Multicast | Sending data to multiple recipients efficiently. |
| 42 | Reliability | Consistent delivery of network services. |
| 43 | Availability | Ensuring network services remain accessible. |
| 44 | Traffic Analysis | Examining patterns for anomalies. |
| 45 | Network Forensics | Investigating traffic after incidents. |
| 46 | Secure Routing | Protecting routing protocols. |
| 47 | SDN | Centralized software-based network control. |
| 48 | Infrastructure | Physical and logical network components. |
| 49 | Service Availability | Ensuring uptime of services. |
| 50 | Secure Communication | Ensuring confidentiality, integrity, and authenticity in data transmission. |
Review questions
- Why is segmentation important for limiting attacks?
- What is the difference between IDS and IPS?
- Why is TLS critical for web security?
- What risks exist in wireless networks?
- How does zero trust change network design?