Network security controls traffic flow and access.
Defense in depth:
- Perimeter (firewalls, WAF)
- Network segmentation (VPCs, subnets)
- Host-level (security groups, iptables)
- Application (TLS, input validation)
Zero trust:
- "Never trust, always verify"
- No implicit trust based on network location
- Authenticate and authorize every request
- Encrypt all traffic (even internal)
Interview question: "Explain zero trust architecture."
Assume the network is hostile. Verify identity for every request. Encrypt everything. Use short-lived credentials. Log and monitor all access.