Overview of Internet and network security protocols and architectures.
Network and Internet security is about authenticity, secrecy, privacy, authorization, non-repudiation, data integrity and protection from denial of service (DOS) attacks.
In the early days of the Internet, security was not a concern so most protocols were developed without protection from various kinds of attacks in mind. The Internet is now infested with malware like worms, viruses, trojan horses and killer packets. Unprotected hosts run the risk of being seized by hackers and become part of botnets to launch even more elaborate attacks.
Careful protection of hosts in a network is therefore of paramount importance. Hosts that need not be reachable from the Internet are typically placed in a protected LAN. Hosts with reachability requirements like mail and web servers are placed in a special network zone called DMZ (DeMilitarized Zone).
Firewalls protect the different networks. Firewall functionality ranges from simple port and address filters up to stateful application and deep packet inspection firewalls that provide more protection.
In general, security policies should be as restrictive as reasonable possible. So usually something not explicitly allowed should be classified as forbidden and thus be blocked.