MOO WebTech
Networks & Securitytheory-practicebeginner

L34 — Network Security Measures

How do firewalls, HTTPS, and encryption protect data as it travels? We explore the tools networks use to stay secure and test what's actually protected on our own connection.

80 min21.04.2026L34

🎯Learning Objectives

  • Explain what a firewall does and where it sits in a network
  • Describe what encryption means in plain language
  • Explain the difference between HTTP and HTTPS and why it matters
  • Check whether a website is using HTTPS correctly
  • Understand what a certificate is and why browsers warn about invalid ones

📖Theory

1. The Problem: Data Travels Through Many Hands

When you send a message or visit a website, your data passes through many routers, cables, and servers before reaching its destination. At any point along that route, someone with the right tools could read it — if it's not protected.

Think of it like sending a postcard vs a sealed letter:

  • HTTP = postcard: anyone handling it can read what's written
  • HTTPS = sealed, signed letter: only the recipient can open it

Network security is the set of tools and practices that turn your postcards into sealed letters.

2. Firewall — The Network Gatekeeper

A firewall is software or hardware that monitors network traffic and blocks anything that doesn't follow the rules.

Code
Internet
   ↓
[Firewall]  ← checks every packet: allowed or blocked?
   ↓
Your computer / network

Rules a firewall might have:

  • Block all incoming connections on port 23 (Telnet — an old, insecure protocol)
  • Allow incoming connections on port 443 (HTTPS) only
  • Block traffic from specific IP addresses known for attacks
  • Prevent any program from connecting to the internet without permission

Types of firewalls:

  • Software firewall — runs on your computer (Windows Firewall, built-in)
  • Hardware firewall — a dedicated box between the router and the LAN (used in offices and schools)
  • Cloud firewall — runs in the cloud, protects cloud servers

Important: a firewall stops unwanted incoming traffic. It doesn't protect you from downloading a virus yourself (that's antivirus software's job) or from sending your password to a phishing site (that's your job).

3. Encryption — Making Data Unreadable

Encryption transforms readable data into scrambled data that can only be unscrambled with the correct key.

Simple analogy: a Caesar cipher shifts each letter by a fixed number.

Code
Original:  HELLO
Key: shift by 3
Encrypted: KHOOR

H → K, E → H, L → O, L → O, O → R

Modern encryption (AES-256) works on the same idea but with math so complex that cracking it would take longer than the age of the universe — even with all the computers on Earth working together.

Symmetric encryption — sender and receiver use the same key. Fast, but how do you safely share the key?

Asymmetric encryption (Public Key) — each person has two keys:

  • Public key — shared with everyone, used to encrypt
  • Private key — kept secret, used to decrypt

Anyone can encrypt a message with your public key. Only you can decrypt it with your private key. This is how HTTPS works.

4. HTTPS — Secure Web

HTTP (HyperText Transfer Protocol) — the original web protocol. Data is sent in plain text.

HTTPS — HTTP + TLS (Transport Layer Security) encryption. The connection is encrypted between your browser and the server. No one in between can read or modify the data.

How you see it in the browser:

  • 🔒 Lock icon + https:// in the address bar = encrypted and authenticated
  • ⚠️ Warning icon = something is wrong — maybe the certificate is expired or fake

Rule: never enter a password or payment info on a site that doesn't show the 🔒 lock. Without HTTPS, your password goes over the network as plain readable text.

5. SSL/TLS Certificates

The lock icon appears only if the site has a valid SSL/TLS certificate — a digital document issued by a trusted organisation (Certificate Authority) that proves:

  • This website really is who it says it is (not a fake)
  • The connection is encrypted

How to inspect a certificate:

  • Click the 🔒 lock in the browser → "Connection is secure" → "Certificate is valid"
  • You'll see: issued to (the website's name), issued by (e.g. Let's Encrypt, DigiCert), valid until (expiry date)

When a certificate is invalid:

  • Expired — was real but not renewed
  • Mismatched — certificate is for bank.com but you're visiting bank.co
  • Self-signed — not issued by a trusted authority

The browser shows a big red warning. Do not click "proceed anyway" on banking or sensitive sites — that warning is serious.

6. What HTTPS Doesn't Protect

HTTPS encrypts the connection between you and the website. It does not:

  • Guarantee the website itself is legitimate (phishing sites can have HTTPS too!)
  • Protect your data once it reaches the server (the server can still leak it)
  • Protect you from malware you downloaded

Common misunderstanding: "The site has a lock, so it's safe." Not necessarily. A phishing copy of your bank's website can have a valid HTTPS certificate. The lock means the connection is encrypted — not that you're talking to the right person.

7. Antivirus and Updates

Two more essential network security layers:

Antivirus software — scans files and programs for known malware patterns. Good free options: Windows Defender (built into Windows, adequate for most users), Malwarebytes (free scanner).

Software updates — most malware exploits known vulnerabilities that have already been patched. Keeping your OS and browsers updated closes those gaps. The WannaCry ransomware attack (2017) infected 200,000 computers — all were running unpatched Windows.

Rule: enable automatic updates. If an update is available, install it today, not "later".

💻Code Examples

Example A — Checking HTTPS in the browser

  1. Open any website: https://wikipedia.org
  2. Click the 🔒 lock in the address bar
  3. Click "Connection is secure" → "Certificate is valid"
  4. Read: Issued to (who owns this certificate), Issued by (which CA), Valid from / until

Now try: go to http://example.com (no S). Check if the lock appears. In modern browsers, Chrome will show "Not secure" in the address bar for HTTP sites.

Example B — Checking open ports with netstat

In the Command Prompt (cmd):

netstat -an

This lists all current network connections on your computer. You'll see lines like:

Code
TCP    0.0.0.0:80     0.0.0.0:0     LISTENING
TCP    192.168.1.5:52341  142.250.74.46:443  ESTABLISHED
  • LISTENING — your computer is waiting for connections on this port
  • ESTABLISHED — an active connection is open
  • Port 443 = HTTPS connection to a Google server

This is exactly what a firewall reads to decide what to allow.

Example C — Free tools for checking security

ToolLinkWhat it checks
SSL Checkssllabs.com/ssltestType any domain, see its HTTPS certificate quality
Virus scanvirustotal.comUpload a file or paste a URL — 70+ antivirus engines check it
Open portsnmap.org/zenmapScan ports on a host (only use on your own network!)

✏️Practice Tasks

Task 1HTTPS certificate inspection
EASY — IN CLASS

For each of these websites, check the HTTPS certificate and fill in the table:

WebsiteLock present?Certificate issued toIssued byValid until
wikipedia.org
google.com
your school's website

Click the lock → Certificate → read the Details tab. Answer: which Certificate Authority issued the most certificates in your list?

💡 Hint
In Chrome: click the lock → "Connection is secure" → "Certificate is valid" → a popup shows the certificate. In the "General" tab you'll see "Issued to", "Issued by", and the validity dates. Let's Encrypt and DigiCert are the most common CAs for free and paid certificates respectively.
Task 2VirusTotal file scan
MEDIUM — IN CLASS
  1. Go to virustotal.com
  2. Click "Choose file" and upload a small, safe file from your computer (a .txt or .jpg from your school work)
  3. Wait for the scan to finish — 70+ antivirus engines check it
  4. Read the results: how many engines flagged it as suspicious?

Then try the URL tab:

  1. Paste http://eicar.org/download/eicar.com — this is the EICAR test virus (not actually harmful — it's a test string that antivirus programs detect)
  2. See how many engines detect it

Answer: what does it mean if 0/70 engines flag a file? What if 5/70 do?

💡 Hint
0/70 means all major antivirus engines consider the file safe. 5/70 might mean it's a new or unknown file that a few engines flag out of caution (false positive), OR that it's a new piece of malware not yet in all databases. Context matters — if it's your own file, it's likely a false positive.
Task 3Home network security audit
HARD — HOMEWORK

Check the security of your home network:

  1. Log into your home router (usually 192.168.1.1 or 192.168.0.1 in the browser)
    • Default credentials are often on a label on the router
  2. Find and check:
    • What Wi-Fi encryption is used? (Should be WPA2 or WPA3 — not WEP or "open")
    • Is the router admin password still the default? Change it if so.
    • How many devices are connected? Are there any you don't recognise?
  3. Go to https://www.ssllabs.com/ssltest and test your school's website
  4. Write a 5-sentence security report: what's good, what could be improved?
💡 Hint
If your router uses WEP (old, very weak) or has no password, flag it to your parents — it should be changed to WPA2/WPA3 immediately. If you see unknown devices on your network, it may mean a neighbour knows your Wi-Fi password. Changing the Wi-Fi password disconnects all devices — they'll need to reconnect with the new one.

⚠️Common Mistakes

Trusting the lock icon completely

The lock means the connection is encrypted. It says nothing about whether the site is legitimate or safe. Phishing sites routinely have valid HTTPS certificates.

Ignoring browser security warnings

"Your connection is not private" is a serious warning. Do not click "Advanced → Proceed" on a site asking for your password or payment card. That warning means either the certificate is invalid or someone is intercepting your traffic.

Leaving router on default admin credentials

admin/admin or admin/password are the first things attackers try. If your router admin password is the default, anyone on your LAN (or on the internet if the admin panel is exposed) can change your network settings.

Skipping updates because "nothing is wrong"

Updates fix known security vulnerabilities. Attackers actively scan the internet for unpatched systems. "I haven't been hacked yet" just means you haven't been targeted yet.

🎓Instructor Notes

⚡ How to run this lesson (~80 min)

  • [5 min] Recap L33. "What's the most effective security measure from last lesson?" (2FA)
  • [15 min] Theory: firewall + encryption + HTTPS. Live demo: click the lock on google.com, show the certificate. Then show an HTTP site and the "Not secure" indicator.
  • [10 min] Demo: netstat. Run netstat -an on the projector. Show the ESTABLISHED connection to port 443. Ask: "Is this connection encrypted?"
  • [10 min] Demo: VirusTotal. Upload a safe test file. Show the scan results.
  • [30 min] Tasks 1 + 2 in class. Task 1 = certificate inspection (all students). Task 2 = VirusTotal scan.
  • [5 min] Preview L35. Test 3 — covers L24–L34. Review what we've covered.
  • Assign homework Task 3. Router audit — encourage students to actually change default passwords.

💬 Discussion questions

  • "If HTTPS encrypts your data, can your ISP still see which websites you visit?"
  • "Should it be illegal to run an unencrypted website? What are the trade-offs?"
  • "A company says 'we use military-grade encryption'. What does that actually mean — and is it meaningful?"