Engineers, are constantly building, optimizing, and shipping, while cybersecurity gets pushed to the background until something breaks. The problem? Threats are evolving faster than our code deployments, and without clear encryption policy standards in place, we’re leaving critical systems and sensitive data exposed. Whether you’re designing infrastructure, writing backend logic, or managing endpoints, understanding how modern threats exploit weak encryption and policy gaps is no longer optional, it’s part of our job. This 2025 guide breaks down the cybersecurity threats that matter right now and outlines practical encryption policy standards that actually make sense in real-world engineering environments.

Asides from TCP and IP there are other protocols also here. So the internet protocol suite commonly known as TCP/IP is the set of communication protocols used in internet and similar computer networks and the current foundational protocols in the suite are TCP and IP. This model is also also called the DA or the DOD model consists of only four layers as opposed to the OSI model’s seven layers. So if we see so these are the different protocols that happen in the different layers in the TCP/IP protocol. On the left side we can see the OSI protocol model where there are seven layers and in the TCP/IP protocol some of those layers are clubbed into one. For example, the application presentation in section in OSI model is just the application layer here and the data link and the physical layer in the OSI is just the link layer and in these layers all these protocols mentioned happen in the different layers here.

Structure of Transferred Data and Data Encapsulation

Now let’s see how the transfer data is structured. So the message is formed and passed to the application layer from a program and sent down through the protocol stack. So each protocol at these layers adds its own information to the message and passes it down to the next layer. So this activity is referred to as data encapsulation. So when a data needs to be transferred from the application layer to the different layers what happens is on each layer different protocols are present and these protocols add their own information to the data and the data can be split up into different packages and it adds all this information to this data and this is called data encapsulation.

Data Decapsulation and TCP Overview

Encapsulation data is decapsulated in the way that is mentioned in the right side of the slide. So first of all there will be different data frames and then it will be packets and then segments and finally we can get the data. So what are these protocols that take place or sit in between these layers so let’s talk about one the transmission control protocol or TCP. So the TCP is referred to as a connection-oriented protocol because before any user data is actually sent handshaking takes place between the two systems that want to communicate. So before a proper transfer of data is happening there is a TCP handshake that happens between the systems that are going to communicate or transfer data. So once the handshaking completes successfully a virtual connection is set up between the two systems. So what happens at the TCP handshake? So the TCP must set up a virtual connection between the two hosts before any data is sent. This means the two hosts must agree on certain parameters data flow windowing error detection and option. So this is what happens at the handshake where the systems agree on how the data should be sent, what are the parameters, what are the error detection processes and other options. So the TCP application has HTTP or HTTPS, FTP, SSS and SMTP.

Now the next protocol that we talk about is user datagram protocol or UDP. So UDP is also a transport layer protocol considered connectionless because it does not go through any handshake. So like the TCP there is no handshake happening here. So what happens is UDP sends out messages without first contacting the destination computer and does not know if the packets were received properly or prop. Whereas in a TCP connection or PCP setting the computers will very well know if the data is reaching there because they are already agreeing on how the data will be reached and all those things. So the UDP application has DNS, DHCP, SNMP and NTP.

So we’ll compare the differences between a TCP and UDP. So the properties that we are going to compare are reliability, connection, packet, sequencing, congestion control, usage and speed. So talking about reliability in TCP it uses ACKs to ensure all packets have reached. But in UDP lost packets cannot be recovered and it does not have any ACKs. In connection, TCP is connection oriented but UDP is not connection oriented. In packet sequencing, TCP uses sequence numbers to ensure that the packets are ordered but in UDP there is no sequencing done and it does not ensure any proper ordering. In congestion control, it uses window system to control congestion but in UDP there is no congestion control. In usage, it can be used when reliable delivery is must. But UDP cannot be used when reliable delivery is a must but it can be used when high amount of data is sent and speed is more important than reliability. Comparing about speed the TCP has comparatively slow speed while the UDP has a relatively much faster and is very lightweight also.

Now let’s talk about ports at the software level within an operating system. Port is a logical construct that identifies a specific process or a type of a network service. So a port is identified for each transport protocol and address combination by a 16 bit unsigned number known as the port number. So port numbers can be classified as the first one well-known ports which are 0 to 1023 and these are used by all the well-known services like telnet port 23, SMTP port 25, HTTP port 80, SNMP ports 161 and 162, FTP ports 21 and 20 etc. Then there are registered ports ranging from 1024 to 49151. So these ports can be registered with the internet corporation for assigned names and numbers ICN for a particular use. Then there are dynamic ports ranging from 49152 to 65535 which are available to be used by any application on as base.

Asynchronous and Synchronous Transmission

To each other. So as synchronous system there is no timing component and it surrounds each bite with processing bits and the parity is used for error control and each bite here requires three bits of instruction like start, stop and parity and in a synchronous type here timing component for data transmission is very important and it is used for data synchronization or transmission synchronization. Then there are robust error checking through cyclic redundancy checking and these are used for high-speed high volume transmissions and there is minimal overhead compared to asynchronous communication. Now let’s compare the differences between a broadband and a bassband. So first one is a bassband. So those are typically used for digitally signaling over a single wire and the digital signal used in a bassband transmission occupies the entire bandwidth of the network media to transmit a single data signal and it is bidirectional. However, the sending and receiving function cannot occur at the same wire at the same time and Ethernet networks use bassband transmission. Example are 10 base T or 10 base L FL and using bassband it is possible to transmit multiple signals on a single cable by using multiplexing and broadband uses time division multiplexing which divides a single channel into time shorts and then there is broadband and broadband uses analog signals in the form of optical or electromagnetic waves over multiple transmission frequencies and for signals to be both sent and received the transmission media is split into two channels alternating TV two tables can be used also one to send and one to receive transmissions and multiple channels are created in the broadband system by using a multiplexing technique known as frequency division multiplexing FDM and FDM allows broadband media to accommodate traffic going in different directions on a single media at the same time.

Types of Network Cabling

Now we’ll see the different types of cabling that is used so the first one is twisted pair here it consists of two insulated wires that are arranged in a regular spiral pattern. So here the wires can be shielded or unshielded and it can span up to 100 m and then we need amplifying devices that are used to amplify the signals. So cat 5, cat 6 and cat 7 are the commonly used wires in these days. Then there are coaxial cables. So this consists of a hollow outer cylindrical conductor and these are expensive and resistant to electromagnetic interference EMI. So there are thin net cables that span distances of 185 m and throughput of about 110 Mbps and then there are thick net also known as 10 base 5 where the span is 500 m and the throughput is of 10 Mbps. Now finally fiber optic cables these carry data over glass as light waves. So this uses our principle of total internal reflection to carry light from one end to another. So the glass core is surrounded by a protective piecing which is enclosed in an inside and outer jacket. The higher transmission speed allows signals to travel over long distances. So since we are transferring data plus light, it can travel at the speed of light which is very high and it is much more secure than the UTP or coaxial cable. So there are two modes. The first one is single mode where a small glass core is used to transfer data on a long distance. This is less susceptible to attenuation. And then there are multiple modes which where a large glass core can transfer more data but only up to a shorter distance where because attenation can happen here.

Cable Issues and Network Topologies

Now what are the problems we will face during ging or when we use different types of cable. So the first one is noise. So this is caused by surrounding devices or faults in the cable. Examples are motors, computers, fluescent light, microwave ovens etc. So the noise can come as electromagnetic interference or when it’s a optical fiber it can be light sources also. Then there is attenuation. So atonation is the loss of signal strength as the signal travels along a long web. So atonation increases with higher frequencies and it can also be caused by cable breaks and mileings as well. Then there is cross talk. So this occurs when electrical signals spill over the wires and UTP is more vulnerable than the STP in cross stack. Now we have seen that the physical aspects of network like cabling and all. So we’ll see how this cabling or how the physical wires or connections are used to set up a network known as network topology. So topology refers to the way a network is physically connected. And the difference actually exist between physical network topology and logical topology. A network can be configured as a physical star but work logically as a ring as in a token ring technology. So the first one is ring topology. Here a series of devices are connected by unidirectional transmission links and these links form a closed loop and do not connect to a central system and each node is dependent upon the preceding nodes and if one system fails all other systems should negatively be affected because of this interdependence. Then there is bus topology here a single cable runs the entire length of the network and nodes are attached through drop points on the cable. So there is linear bus topology where a single cable is there and nodes are attached and there are three topology which is branches from the single cable as well. So the main cable itself becomes potential single pain point of failure because since everything is connected to the main cable and if somewhere a failure happens everything can be affected. Then there is topology here all nodes are connected to a central device such as a switch and each node has a dedicated link to the central device as well. So the central device is a potential single point of failure and if one work solution fails it does not affect other systems because there are dedicated connections between each device to the central device and it is the most common topology in use today with ethernet systems. Then there are mesh topologies. So here all systems and resources are connected to each other. So usually a network of interconnected routters and switches are used that provide multiple paths and then there are full mesh connections where every node is directly connected to every other node and then there is partial mesh where every node is not directly connected example the internet.

Understanding Network Media Access, Ethernet, VLANs, and Firewalls: A Complete Guide

Understanding Stateful Firewalls

Vulnerabilities. Then there are stateful firewalls. A stateful firewall is one that monitors the full state of active network connections. This means that the stateful firewalls are constantly analyzing the complete context of traffic and data packets seeking entry to a network rather than discrete traffic and data packets in isolation. This maintains a state table that tracks each communication session and provides a high degree of security. It improves performance and provides data for tracking connectionless protocols such as UDP and ICMP. Stateful inspection firewalls have been the victims of many types of DOS attacks and several types of attacks are aimed at flooding the state table with bogus installation causing the device to crash or fail. The stateful means that it is actually aware of the state of whatever is happening in the network or it is able to constantly analyze the complete context of the traffic and data.

Proxy Firewalls and Their Role

A proxy firewall stands between a trusted and untrusted network and makes the connection on behalf of the hosts. Proxy firewalls break the communication channel and there is no direct connection between the two communicating devices. There are circuit level proxies and application level proxies. In a circuit level proxy firewall, it creates a connection between the two communicating systems and it works at the session layer of the OSI model and monitors traffic from a network-based view. This type of proxy cannot look into the contents of a packet. Thus it does not carry out the packet inspection. SOCKS is an example of a circuit level proxy. About application level proxy, it inspects the packet up through the application layer. It understands the packet as a whole and can make the actual decisions based on the content of the packet.

Advanced Capabilities of Next Generation Firewalls

Next generation firewalls provide capabilities beyond a traditional stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence. There are standard firewall capabilities like stateful inspection and integrated intrusion prevention, application awareness and control to seek and block risky apps. There is threat intelligence sources. There are upgrade paths to include future information feeds and also techniques to address evolving security threats.

Firewall Deployment Methods and Network Security Strategies

What are the firewall deployment methods? Firewalls can be placed in several areas on a network and they can protect an internal network from an external network and act as a checkpoint for all traffic. A firewall can also be used to segment and partition network sections and enforce access controls between them. Firewalls can also be used to provide a DMZ architecture.

What’s the bastion host? This is a special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. Different systems can be considered bastion hosts like mail, web, and DNS since many of these are placed on the outer edges of the networks.

What is a dual home firewall? A dual firewall host architecture is built around the dual home host computer, which is a computer that has at least two network interfaces. Such a host could act as a router between networks and these interfaces are attached to these networks. The network architecture for a dual home host firewall is simple and the dual home host sits between and is connected to the internet and the internal network.

What is a screened host? This is a firewall that communicates directly with a perimeter router and the internal network. The traffic received from the internet is first filtered by an edge router and the traffic that makes it past this phase is sent to the screened host firewall, which applies more rules. The screened host firewall is the only device that receives traffic directly from the router.

What is a screened subnet? A screened subnet architecture adds another layer of security to the screened host architecture. Here, instead of the firewall redirecting the traffic to the internal network, an interior firewall also filters the traffic. The use of these two physical firewalls creates a DMZ.

What is a proxy server? Proxy servers act as an intermediary between the clients that want access to certain services and the servers that provide those services. It can validate the request as safe and then send an independent request to the server on behalf of the user. It may cache the response it receives from the server as well. There are two types. The first one is forward proxy, which is the one that allows the client to specify the server it wants to communicate with. Then there is reverse proxy, which appears to the clients as the original server. The client sends a request to what it thinks is the original server, but in reality this reverse proxy makes a request to the actual server and provides the client with the response.

What is unified threat management or UTM? The UTM appliance provides all the functionalities in a single network appliance like firewalls, anti-malware, anti-spam, intrusion detection system or intrusion prevention system, content filtering, data leak prevention, and VPN capabilities. The goals of UTM are simplicity, streamlined installation and maintenance, centralized control, and the ability to understand the network’s security from a holistic point of view.

What is a content distribution network or CDN? A content distribution network CDN consists of multiple servers distributed across a large region, each of which provides content that is optimized for users closest to it. The different features of this content distribution network are performance. The shorter distance to users will not only reduce latency but also minimize the packet loss resulting in much better performance. Then there is availability. Here the requests are always routed to the nearest available location. If one server is not available, requests are automatically sent to the next.

Understanding Stateful Firewalls
Vulnerabilities. Then there are stateful firewalls. So a stateful firewall is one that monitors the full state of active network connections. This means that the stateful firewalls are constantly analyzing the complete context of traffic and data packets seeking entry to a network rather than discrete traffic and data packets in isolation. So this maintains a state table that tracks each communication session and it provides a high degree of security. It improves performance and it provides data for tracking connectionless protocols such as UDP and ICMP. So what is stateful? So stateful is stateful inspection firewalls have been the victims of many types of DOS attacks and several types of attacks are aimed at flooding the state table with bogus installation causing the device to crash or fail. So the stateful means that it is actually aware of the state of whatever is happening in the network or it is able to constantly analyze the complete context of the traffic and data.

Types of Proxy Firewalls
Now what is a proxy firewall? So a proxy firewall stands between a trusted and untrusted network and makes the connection on behalf of the hosts and so proxy firewalls breaks the communication channel and there is no direct connection between the two communicating devices. So there are circuit level proxies and application level proxies. So in a circuit level proxy firewall it creates a connection between the two communicating systems and it works at the session layer of the OSI model and monitors traffic from a network based view. So this type of proxy cannot look into the contents of a packet. Thus it does not carry out the packet inspection. Socks is an example of a circuit level proxy. And about application level proxy, it inspects the packet up through the application layer. It understands the packet as a whole and can make the actual decisions based on the content of the packet.

Next Generation Firewalls and Features
Now next generation firewalls. So these provide capabilities beyond a traditional stateful firewall. And while a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next generation firewall includes the additional features like application awareness and control, integrated intrusion prevention and cloud delivered threat intelligence. So there are standard firewall capabilities like stateful inspection and integrated intrusion prevention, application awareness and control to seek and block risky apps. There is threat intelligence sources. There are upgrade parts to include future information feeds and also techniques to address evolving security threats.

Firewall Deployment Methods and Security Architecture in Network Systems

Now what are the firewall deployment methods? So firewalls can be placed in several areas on a network and they can protect an internal network from an external network and act as a chalk point for all traffic. A firewall can also be used to segment and partition network sections and enforce access controls between them. Then firewalls can also be used to provide a DMZ architecture. So now we’ll see what’s the bastion host. So this is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application for example a proxy server and all other services are removed or limited to reduce the threat to the computer and different systems can be considered bastion host like mail web DNS since many of these are placed on the outer edges of the networks.

Now what is a dual home firewall? So a dual firewall host architecture is built around the dual home host computer which is a computer which has at least two network interfaces. So such a host could act as a router between networks and these interfaces are attached to these networks and the network architecture for a dual home host firewall is simple and the dual home host sits between and is connected to the internet and the internal network. Now what is a screened host? So this is a firewall that communicates directly with a perimeter or router and the internal network. So the traffic received from the internet is first filtered by an edge router and the traffic that makes it past this phase is sent to the screened host firewall which applies more rules. The screened host firewall is the only device that receives traffic directly from the router.

Now what is a screened subnet? A screened subnet architecture adds another layer of security to the screened host architecture. And here instead of the firewall redirecting the traffic to the internal network, an integer firewall also filters the traffic. So the use of these two physical firewalls creates a DMZ. Now let’s see what a proxy server is. So proxy servers act as an intermediary between the clients that want access to certain services and the servers that provide that service. So it can validate the request is safe and then send an independent request to the server on behalf of the user. So it may cache the response it receives from the server as well. So there are two types of the first one is forward proxy which is the one that allows the client to specify the server it wants to communicate with and then there is reverse proxy which appears to the clients as the original server. So the client sends a request to what it thinks is the original server but in reality this reverse proxy makes a request to the actual server and provides the client with the response.

Now what is a unified threat management or UTM? So the UTM appliance provides all the functionalities in a single network appliance like firewalls, anti-malware, anti-spam, intrusion detection system or intrusion prevention system, content filtering, data leak prevention and VPN capabilities. So the goals of UTM are simplicity, streamlined installation and maintenance, centralized control and the ability to understand the network’s security from a holistic point of view.

Now what is a content distribution network or CDN? So a content distribution network CDN consists of multiple servers distributed across a large region each of which provides content that is optimized for users closest to it. So the different features of this content distribution network are performance. So the shorter distance to users will not only reduce latency but also minimize the packet loss resulting in a much better performance. Then there is availability. So here the requests are always routed to the nearest available location. So if one server is not available, requests are automatically sent to the next.

CSU/DSU Devices and Point-to-Point Links
A CSU or DSU is necessary because the signals and frames can vary between the LAN equipment and the VAN equipment used by service providers. The DSU device converts digital signals from routers, switches and multiplexers into signals that can be transmitted over the service provider digital lines. The CSU connects the network directly to the service providers line. Now what are leased lines or point-to-point links? It is a single link that is pre-established for communications between two destinations. It is dedicated meaning only the destination points can communicate with each other. They provide reliable and fast transmission but are more expensive than other WAN technologies. There are two types. The first one is T1 carrier which are dedicated lines that can carry voice and data information over trunk lines. These lines use time division multiplexing. This was first used to digitize the voice over dedicated point-to-point high-capacity connection line. Then there are optical carriers which are high-speed fiber optic connections measured in optical carrier transmission rates and the transmission rates are defined by rate of the bitstream of the digital signal and are designated by an integer value of the multiple of the basic unit of rate.

Switching Technologies and Frame Relay
What is switching? Circuit switching virtual connection that acts like a dedicated link between two systems. ISDN and telephone calls are examples of circuit switching. They are connection-oriented virtual links and they have fixed delays and are mostly used for voice traffic. Then there is packet switching where packets from one connection can pass through several different individual devices instead of all of them following one another through the same device. Example internet and frame relay. Here the traffic is bursty in nature and it can have variable delays and carries data-oriented traffic. What is frame relay? Frame relay is a WAN technology that operates at the data link layer. It is a WAN solution that uses packet switching technology to let multiple companies and networks share the same WAN medium devices and bandwidth. This is an obsolete technology and is not much in use today. There are virtual circuits and the types are permanent virtual circuit and special virtual circuit. In permanent virtual circuit, it works like a private line for a customer with an agreed-upon bandwidth available. When a customer decides to pay for the CIR, a PVC is programmed for that customer to ensure it will always receive a certain amount of bandwidth. In a switched virtual circuit, a circuit must be built dynamically and on demand. Once the connection is no longer needed, the circuit is torn down and the switches forget it ever existed.

ATM and MPLS
What is ATM? ATM stands for asynchronous transfer mode and it is another switching technology that uses cell switching method. ATM is a high-speed network technology used for LAN, MAN, WAN and service provider connection. ATM is a connection-oriented switching technology and creates and uses a fixed channel. Here data is segmented into fixed size cells of 53 bytes instead of variable size packets and this provides for more efficient and faster use of the communication paths and ATM sets up virtual circuits which act like dedicated paths between the source and the destination. The ATM technology is used by carriers and service providers and is the core technology of the internet. ATM was the first protocol to provide true QoS. What is point-to-point protocol PPP? PPP is a data link protocol that carries out framing and encapsulation for point-to-point connections. PPP carries out several functions including the encapsulation of multiple protocol packets. They include link control protocol that establishes, configures and maintains the connection, network protocols that are used for network layer protocol configuration, password authentication protocol, challenge handshake authentication protocol, extensible authentication protocol, etc. that provides authentication. What is multi-protocol label switching? MPLS is a routing technique in telecommunication networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows. The labels identify virtual links between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols, hence the multi-protocol reference. MPLS supports a range of access technologies including T1, ATM, frame relay and DSL.

Comprehensive Guide to WAN Technologies, Protocols, and Network Security

The traditional wide area network architecture was limited to enterprise brands and data centers. With cloud-based applications in the form of software as a service, infrastructure as a service, the wide area network architecture experiences an explosion of traffic accessing applications distributed across the globe. So the wide area network expenses can rise with inefficient use of dedicated and backup circuits. The SD-WAN can deliver routing, threat protection, efficient offloading of expensive circuits and simplification of the wide area network management. The benefits of it are better performance, improved security and simplified management. Now let’s talk about voice communication. The different types of voice communication are public switched telephone network. The regular phone system is based on a circuit switch voice-centric network and the PSTN uses circuit switching instead of packet switching. The signal system 7 protocols is what takes care of the connection and signal. Then there is voice over internet protocol or VoIP. These are group of technologies for the delivery of voice communication and multimedia sessions over internet protocol network. It employs the session initiation protocol which sets up and breaks down the call session. It is a packet-oriented switching technology and hence latency delays are possible. It can support video and data transmissions to allow video conferencing and remote collaboration. The components are an IP telephone device, call processing manager, a voicemail system and a voice gateway.

What are VoIP attacks and threats? The first one is vishing which is a fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information. Then there is spam over internet telephone VoIP spam or SPIT which is an unsolicited automatically dialed telephone call over VoIP. Then there are phreaking attacks. A phreaker is someone who breaks into the telephone network illegally typically to make free long-distance phone calls or to tap phone lines. The tools used are black boxes which are used to manipulate line voltages to steal long-distance services and they are often just custom pin circuit boards with the battery and wire clip. There are red boxes that are used to simulate tones of coins being deposited into a pay phone. These are usually just small tape recorders. There are blue boxes that are used to simulate 2,600 Hz tones to interact directly with telephone network trunk systems. This could be a whistle, tape recorder or a digital tone generator and white boxes which are built on multi-frequency generators and can be custom-built devices or one of the pieces of equipment that most telephone repair personnel use.

What is VoIP security? VoIP security keeps patches updated on each network device involved with VoIP transmission. These include the call manager server, the voicemail server and the gateway server. Identify unidentified or rogue telephone devices and implement authentication so only authorized telephone devices are working on the network. Install and maintain stateful firewalls, VPN for sensitive voice data and intrusion detection systems. Disable unnecessary ports and services on routers, switches, PC and IP telephones. Employ monitoring that looks for attacks, tunneling and abusive call patterns through IDS or IPS.