Aesigoment

Ahad one the olHoend cloooes o treaurtton olelecdlorn

methocblogies 7.

9Lcaent clostes A aucion lelechion 11ethaclolugsy

DNetokatousionDelecion 4sdern
Netoork intueion oletechion y9ens (NID) aue

set uf ad a lanneel Poind twidhin he neooa Kdo

exoine dradRC o m all olevices. on dhenetwork
Hassinq dradtc
I reriarmS an ob8ervadion 0
notches the rat hat 3
Dn
the enioe Subhet Rnown
Passeol Dn h e Gu bneds do the Collection o
o r Cbnormal
OeletrccKS. Once.on CHack i folerdaeel
leehovieun behavioY 19 obeer alert Can be Derd
veel the
do dhe aominietvodfom An exumple. bd o NIDs s ingtallg3
o n the. Subnet where cuoals Cre locadecl in
Cacuck dhe
oroler do See Someone 5 taying o
rewall

2 Host Tpdousfon DclecHon Systm H1Da)E

(H1DS) u n on
indusion cedechion SyHem
tost
Pele fenolent hoete o ? olevices on
incle the neduork,
A HIDS monitors the intorning DudConing Pac Hets
oolnitntedacdor
olevice Dnly e i l l aleat dhe
horomdhe malicious
9usficibus 0 alert he calminictredor
TH dakes, a Sma Pshot of extstinq
actvihy s olelecleol.
Comfanes 4 t h he oeuious
ByelemRles Hles wee eclieel
nafshot.H he analy-lfcal Syehern
 o the cdminisfaator
or
DY deleAeel, on alert 29 Sent
Con be 9een on

inveatgate. An exomPle of HID3 vSage

niisefon-CstHalmachines, which one not exfecteol o
Chomqe Aheir loyout

3).ulotal basecl Tndousion Delecdian ysdepmlPIDS)

PaoduCol-boseel Tusion Deketion Sy9emPIDS) Comaises
a Byolem 07 09ed dhat uooulol Consiejodly ConSisHonihy
9eSicle9 at he ront enol o e Serve Condaolling
userLalevice S - h e
inderfaedinq he Y9otocolbetoeen.a
wcb Serye by
9 e v e 3 1 6 yinqo Secue he
3
9egWon Ynonito7inq h e HTTFS actoCol 3tzeam
oCcePt he oelodee HTTP aodocol As t11T3 san Dn-
9LDeh
enCmyfheol s beåore ÎnStantN erdeing
oeserdotion lonyer thenhis Indedace, belueeh do
06e theHTTPS

4APPHCaton otocol-baseel Tnmsion Dejecian

yeltm (AP1DS)
APPRCadion avtocol-basedl inusion Dedechion 0ydem
AP1Da) RS a yern 07 agent hodt genenally nesicles
wtthin o aouf o¥ Servers. T idendi¥eg dhe
ndrusfoh9 by mbniHovingq intexPreting he
CormmuniCechion on cfPkcontion- Specthtc Poetocol.
o examfle Ahis oulol monttor the Sal 9hotocol
exflkt to.dhe miolelleucae os 1t 4ranBccts uotth
Ahe cladakese indhe weh eve
DHa Tushn Dedecdianyatn
Hybil ivneion clecBection Syetom maole by he
Combiradhion Tuno o moe oPfacches Dtthe incusion
olelcclion dyshem Tndhe ybnialitusion deBecfion SysHem
6yedem oladas toith neluok
Combineel
host agend r

tndormedion to clevclof a Comlete ved ofhe hetoon

et 6yslem. Hyboiolintnuston olele.clion ydem s ore
ekteckvetn Comftroison do the ohe innusion alejectfon
8ybem
 usion
C2 Ialhot s inusion oledection ystems
cletail1
in
1aevendion ystems ExPlein

ndusion Delecion Gyaiem

Ana Indnusion Delection Sysieme.crze olesignel do be
oleployecl In diHenent envinonmerdS 1ke mamy
Can etthenbe host
CyberSecuriy Saluiong an 1D9
baseel orheto07kbasccls

Host-Bo9eol ID3 (HIDS

199 is dePloyecl bna oHculon endfoiet
host botecl exdernal
Scestqnecl do 9odect 4oqodnet ndenal
dhatad Such e an DS mery h a v e h e abilPhy to
monieto nehook AratHc. to d2om dhemochineobsere
UnningPooceases insfect he Systenms logs.

2 lehoo.K -oscal TDel Nn)

A neoomkboseol 109 Soludion s desianeol do mbnitor
an efe- entine Papdececl netoork. TH e vistty Spdo
al a H c louing dhanugh the netaok F makes
clelezminaions oaseo ufon cket metodaca Contends.
This wder yteuo foind (aoiclesmore Condextdhe
abitty o cletect wileafeacldhtads, houoeue?, these
ByeAemslack visibi lity indo -theindemals 0dhe
enolloints thad they aodect.

A yslem that monhors netoork trofic tox Susficious

 acltvy
alerts uses when Such acity 1s oltscoveel.
1d
arnso GueP icous achvity taktnq Place, but
cloeSnt cvend

ndnusion oesendion yadema

that montor9 netoo Kdaotc 4alents
oyelern
to SuePrciou acHuty like on 10s. butadso
takes Pae vendediv e acton againet SusPicious auy
Locateel betuween o Comfonys rtuull the taest Df Hs
hetaonk twans D SusPrciou adiuy daking Place
Poeverds TPs alse Potives Con bemoe 90aious
lhen am Ifs mislakes legiimade dafRc. Hor.c-htat
f Sheps the legiimade Aact Hc. dom endezinq h e
netoo K which Coule infact Gny togt D the

D ganiZadion. rod just dhe IT eam

An inusion everdion ysdem s ) S.o
network Decurity dool Culhich Con be a hondwoe oleuice
or Sotuwcne) Ahact Cendinuously mon ftoyS 0 netuoo k
or maicious ackivitytakes ocion n Paevent h
includinq efording, blocking b choPPing t tohen
coes 0Ctur
TA6 moze adNanceol dhan anindmusYon
detechon Syedem (1D9). tohich Smfly oledecis malicious
acivitybut Cannut dakeacHion againgt beyoncl
auleng an aolniníetacdo Tndmeion heverdion ysBem
one orneimes tncucleel c r d D o next-gen6radon
v e n (NGHKI) 0Y Onitiecl thaeatt monagementL0Tra)
Soluion 1ke many nehoork secuaity dechnologies
Ahey muct be Poloerul SCan ahigh Yolume
enough do
h o c wthout 9louwing olouon netoork (Peafomante.
hn u s i o n PacvendionSyeem ts Placeol inline,
9
inAheloo ot nekooKaotc between the Souace
cdectination, uSuxly 9Hs just behinol the Hreual
heae coe Seueaol dechniqueshaut inhusion Paeuerdfon
Systems 08e to elenttshatadS.
 inoamadion meon2
What cloes CIA Tiaol of Secuity
Underedarclinq dhe SigniConce 0 he. thoee doundodiora
infomadion Sécurihy PrinciPles Conthelentiakly Contelentialihy
5 ovailabldy, E labs ealucadiorn orrdicles
fndcgaity basic dhoeat-ncldeel Becuaihy
nep you onelenetanel

AofiCS.
Indhe foovmadion Secuahy (Trdo Sec ) Community
CIA ho9 nohinq do. olo u h C o a i n well-etognize
U9 niellfgenteogen.cy These Thoee 1eHes tanal o
0theaurse
Conkiclendiality 1ndegnidy5 availabi 1y
NnbLon 0s the CIA 9iadl
theoe dhaee Pindples torm he Coneslone
Together
DA any0ganZation9 Secugity mEaos uctunein toc
theu houwel Hunchon a s goal objecHyes ez eveny
So oundational
Secuity aogaam. The CIA aica 1S leakeol, et
Ao infoamection Secuity hat cmyime olata

BnsHtm1 Cdtackecl 0
USe dakes o.Phishing bait, an
daken
accound hijackecl, o tcbete 5nalicious)y
doLon 0Y
onynumbe ot othe 5ecuzity incluoles DCcur
hoat moe hese 2inciPles
you Corm be (oartain one.o
a been uioloadeel
Secusthy Packe6sionals evaluade dhrtads vuneabiliHes
based on the (Polendial mfoct dhey heve ondhe
Condiolekaltyindegaity 5 availblity of an 0qani2adions
S dada, aPflitadionS, cal 9y9Homs.
0ets omely
Bosed on that evaluadion, he Secuzity deam implemerds
o Set o Setuty Condzols o duce atsk usthin he
envionmend Tnahe next Section weI uidle faecse
cletaileol explonahions Of hesehinctpleg Tn-he
Conhext of ItoSec, hen look od 2tal-o2 lol appltatfons
D Ahese Parinciples.

Conaclendialty
ConHoleriolty neHens to on 07qonization's eorts do
keeP her clato Paivode 0 Seczt I n Paactice, Hs
OCcess to dada to Poeuert Unauthoai2ed
cbout Cordaollfnq
olecloSuae Tyf?Caly, this Înyoyes ensuaing Ahat only
hoe LOho Ceoludhoaiz¬ol herve aCcess Bo6 9fecitc
99ets hat Ahose uaho oaeumaudthoai Zecl ae

Paevendeol 7om bbtaining aCcess.

acively

Tosgaiy3 D
Ineve deiy U6age. ndegty cheas do.dhe quality
Something beintohole
o
Comflete ToSecîndeqaiay
6 aboud ensuainq dhad dada hos not been JemPetol
wth cnmol dhe¬do Caun be.ekausteel +15 n2zeCt
cLuthendic, eliable.Ecommeice CuSHomenS t o examPle
exfect aoduc 3 PaicinqinBormation do be atuzate,
dhatquahfiyPaicting 0vailablldy othe
inmaRon wth not be a lHezecl after dhey Place on
0rde
Arsailasit
Auailabiltts
SyeHems apPltcudions, 3 olada oe ot 1Hle culue of
an
Ovaorization Hs Customeas.Ahey e no
aCcesstble when Out hoized users need Hhem. auHe
Smply cvilablèky mecans dhat netooakS, 5ySiemS
aPPl:Cadions ane uP unnip Tersuzes t h a t
Outhonzed USerS horve Hmely eliable occess to esauzcs
hen.dhey ceheelecl
mony hiqs Can jtoftnclte cvailkbilityicluclin
horchw one 0y Softuaae Haluae Yower Tailuaencduncl
cl Sasheys human emo2 e haps dhe most twell-
Knouon cuhack Ahodt thoeodens aveilabi lity s h e
clenial bh Sexvite odfack fn uhich
dhe Peroamante
Of 9yGhemuebStHeuneb- baseel oPPlRCudton, 0r
ebasedl Serice s fnendionally s maliciously
degaadled Dr ahe y9em becomes Complelely
Unaechcuble.
lalhat one the dyfes ot reualls
fes of all
There c2e mainly thoee dyfes of eualls ,Such cs
Sottuore reuaue hooluree. Hreuells 07 bolh, clerendling
Ahi Suctune. Each tyfe of Hreal hos olleret
on
anctionality bud the Some Pun fose. Houever, is
be8+ (aruchce co hone bodh o achieve roximum
YoSetble ahectior
A horncluooae Htuell is a Physet Physicaloleviee
netoo7K o
Ahoe cHacheg betweena Comfuden
broocbanol 2oUden. A hoachecne
o
gcededey -exonPle
Haeuwall 26 SomekmeselorealHo 0S an APPhnce
HeLiali. on dheother hand, o oTtuoare Hrtoall s.a
Sfimple agaam inshalleel on a Comfudenthod Loor kS
Ahaugh Yot numbersS inetalecl Sodudare
bhe
T h s dyfe o Hrtuall 5 also (allel o Host reuoall
othe hyles of 2ealls
Besideshee O e mamy
o n heiy eadufs 5 he leuel p Secui
olefendinq of eudall
Ahey Patvide.The o l1ooinq oe
tyfes
0sSowae
imPlenended
Can be
Aechniques hat
Y oclwcne
 ytes o euell.

LShcketlHeainq ieulalls
inatCiacut, kuel Gudeuay
APmRcation-lavel Gadeurys
acxy açacals)
SAatcul mult-larye insfection
CeMii)acalis
LNext gereaation atualls.CNaA)

Thacatocusel NI&tw
NelooK oolahebe Toansladion
CNAT)Hzealis
LCloual cualls
b unteel Thococt Manogermet
Luira) alls
arekelHeini
PacketHHgzcualls
A Tacket Heing eucl is the most bnsi tyfe.o
ewall T+ acds 1ke omanogemed aogam that
monitorS Netook thut¥c 1Heas inctming Packets
borsel on Cbnhiyure Secuuity ules These ttualls
aae olesiyneel to block nehw0 k daodc IP Podo CclS,
an P aclohess, cunal o Poot numbez a clada Packe
Cloes not match 4he estaublisheel 7ule-Set

2 Citut-leuel Cadeuays
Ctacuit-1euel gadenays ove cncthe SimfH:feel dyfe o
rewcll thoc Coun bé easily Chniguaed. to. allow 6
block uRe without Consuning 9ignihcart ConPuting
acSounces.These of auoalls tyPically oftaace.at
tyfes
the Beesion- level bt he 0 moclel by VeiHyinq TcP
(Tnan@mission Control raptacbl) Connections 3 Seseions
Ciotuit- lexel gacuay8 Qae olesyneel do ensue hat dhe
eetabltsheel Sessions ane frhe cleel.
APFikcation Giadeieys faxiacualls
YasxyaCkullS oferóche at he aPPlikatione laye cs
on Tnemeclia.k deuice do HlHe inoming lacd hic
between dwo enal syetems Ceg- nehoerk Aau Re eysitm
Thad 1 ohy dhese tuplS crae Caleed aPPliatdion
evel Gateuays..

)SHadehull raultilayea Tnsfectian.(GMT)cuials

SHadehul multi-layen inefection rtals inchuole both facket
lHesinatusalls r Ciacuit leuel gateays
hclelbfioradhy hese yfes o Hacualls Keep taack o
the atue of eslabisheel onnecedfonS.-
5)Nextgenenatton Hacualls (NGEI) 8-
Many b dhe latest aelescol euwalls cre Usuotly
detnecl os next-genenation rtal/s. HouCue hec
s no
9Pecetc olenidion to next-gerencdion adirtauals
This yfe o euall s u8ully oleneel os Secunty
deuice Combinine4 he ecddures tunctionaliHes ot
oiher atualls.Tiese. Heualls incluule oleer-Packet
insPeekionlDrI) Surlace -lavel Pcket in9fecton, TeP
harclshake ttehiogedc.

Thocatousee
Theat-ocuseel
NGHLI
NGFH incheleS all Ahe teadunes of a
Aradttionadl NGLl Acllttiorely hey olso Paouicle
odvanced hnead oledection emeoliafion. Thesedyfes o
Haeoalleoe bfable.o Cacting ogainst adHaocka
quickhy with intelkgent 9ecunity orutomadion, dhaeod
OCuseol NGw Set ecuaity ules F Nolicies, tuhé
InCheoSing the Gecuaty ohe ovéaall ele Hense Systes

Netoonk Aalbess Toansladion (NAT)oewuls3

Networ oddhes Hransladion 07 NAT ewalls one
Coimanity clesiqmed to occess intemet hrote
block allunandeel Connecticns These Tyfes of hirtukdls
uGucully hfole Ahe I aclolesses o Duz cleices, meuking
9uke om adHacKeas
 9
Cloucl ealls3
Wheneve o Hacuell 19 designee D6ing a Clouol
s Knouwn a a çlouel cuall 0 Joos
Soludfon14
CHaualla Seutte). Chauel htualls 0e ty/ically
muntainéol 9un on -hendemet by hind farty
Conskletc nilo
vendlorS. This yfe of i e u a l l 1s
to a
aDxy t u n l l : The eason he 0se of
dor h i s s
oe
Clouol rtwalle as Paoxy BenverS. Howeues, hey
(onhiquatel baseclon 2e9uiaemendS.

9) Unthieel Thoeat MaragementlDTM) rtualls

UTM rtuals one 9fecial tyfe o oleuice hoc
a

Shadetul însfectfon rtual

fncudes Heatuees o a

1evention SuPfort.
with andi-vius ancl in dusion
Such tuialls ore dlesignecldo Pacuicle Stmpllcity
ease ofUse. These ntals Can aleo adol mony
bther Senvices, Guch a9 Clobuol manaqement etC
5 W ncde. on-

a)Vitual Rivde Netook(VPNL)

VPN S shoxt to uatucl Pivade nehoorK VENs
originaly, Came into. Porninente clecoeles cqo as a
melhodtor aemate oo Kers do acess heir CoPorede
netoorK or intonalles Secure Communicaion.
They'e AH I1 usecl tor his Ponpose Toclarsy houseuer
V P n PacviclesRke PVenfsh also o¥ta a
tmle Soludfon or eueyolasy indemet Priyacy onlne
reecem.
AvEN s a dechnology USeol to Secune Connections
aom.o dleuice to the indernetTH
achieues 6ecue
ConnectfonS thabugh the
HDcess of enCayfionThe
makes digital olado unzeoclable Yodential onlookers.
ThiS ncludes erdihies 9uch os 1ss, ous well c e othene
oith uOhom you Bhorne
netwoak CcesS, Such c s
aangeas on arte wi-HR-hotsfot.
A VPN oloesnt Just indaeose you intenet
R Nacy Secuih , houeuer It oUso Ceatee gnedz
online (Paivocy5 eeclom by Changing
ou2 TF
ocleaesS. VIN Uses Something Calleel
Ho estblfsh On entayPheol indeanet
unnelling
when ou 05e. he indeanet
Connechon
allot your achivity ?s
Sefbredecindo clata Pockete
Demil Horizeed Zone lDmz)3-
A clemilide9izel Zone" s an cnea, agpeel ufon&
hich
betoeen the Faes to cm ammeol Corlic
Cannot be OCcufiecl br usedd tor militernyPunfose
by any Foty Ao the ConHich
Demilitonited Zo nes Can be by q
eetabRsheol
ven bal Dr 0iHn as 0geement in. timesot Peace oy

aomecl ConEict many olemilHamZeel

dluaing an

Zonee aneConsicleresl net neutcl Heitoy Beouse

dox non
neithe Stele. is aluweol to. Coltaol H, euen
Combat admini9taadfon. Sorme Zones aemain olemilitorzizer
DHher Cn ogeemernt hos oLwecleel ordaol do. o Slade

ohich (uncle the Drmz eam$) hocl iginaly neeeleel

Cecleal ids aighdt to maindain mi 1Hory toces in the
disfudedl HemitoyT+ 1s also Posst ble tor owen5 do
olêmtltaiZation D o Zone oithout do2224t
Ahe.
0gaee on

vmalay 9CHing their esfective eytonial claim3,

enablhqdhe olfsfue to.be nesolveel by Peaceful
0x a n indeanodional
mean euch osolPlonaudic olo loqeue
Count
Sevenc olemiltHonizeel Zones hove also Dnintention
1oilollife (1oeS enves be.cauuse Hhei larol
ally beCome
fUneefe Jor ConSHouction 0x lesS exfosecl to human
oltshabances Cincludling hurtiny).
 Des) 3
c) eni Denialbf o Seavice(Dos) aHack meart
aHack 19 on
A Deial Ser vice
o Shid olouon nachine. 0network making
inoccesSfble do Hs ndencleel vSes. (Dos cutackg
actomplish Ahisby lobolinq he onget with dactHit
Aaiggers a Caush.
0x cnolinq 14 ntomahion that
nboth insdanoesheDos oHack elepgives JegtHime
USers (.eemployees. memberS..
0 aCtount holelers ) o f
dhe Seyice oy 2esource dhey exPecheol.
tweb
VicAimso Dos atacks Dfhen ctonget
Such o s honkiy.
Sesers of Hgh-Prehle brganizadions
Comfanies0Y govennmend Dr daole
CbrmmerCe m e e l i a
Qttacke olo nort dyPially
gani Zatipns. 1hough Des in~brmation
esut n the Ahet 0xlogs o SigniiCaunt
DY Othen assetshey Con Cost dhe
ictim a gatad oleal_
o Hime money tohonclle.
methocls o Dos
Thee C e dw0 pqeheral 30ices
ceHocK9. Hooeltna bocYng e r v i c e s ya9hinor

qeceives too
loDc ct-lHacks OCCUr when the yeem
much rot¥ic doy he SezverdobuH0 CauSin
dhem Ao Slo clouon eventuauly StoP.
dclousl Technology
in mooleanized
Clouol echnologiesgune Pe Taominendly
inacaSeel IT
fnknastuctune. Clouol latoams olclive
C1gility Dhe clemancl 1T aesou?ces, Suhscaif tion
moolels exfenolittaes lh acdhual
baseol (1icin alignaing
Cloual Comfudin1s he olelivey Vcnious
idenet Senvices. Such toolS incluel clato to7age
SeT
vers dadaba Ses, offKCakons netoo7ks Cloucl-
basecl Stoage allous you do Save l e 4 on or Central
hetoo k 2adhe han on c tap faieteiay loCa Storoge
olevice 0 hnclolisR. 5o bng aS on ele otzonic
devtce oCcesses he indëznet. the olada 9of-hwae
Yoograms 0e aVailable dór use. Hor many 9¬aSonS,
Clouol Comfuting s a Fofula ofton ox inolivicluals
Comfantesinclucline Cosl Savings ancluciiudy
noic aseSPeed efHieneyPendonmonce,
Pautectfon
Clouel Hechnslogy 1s.an on olemanol echnulory
where usenS ohlize he 1T o¬Sources over dhe
indeanet PloctformS w07 K on TayferUSe mechonis
tnsheaol b he evious Suh S0%ifhion -barseel echpolayes
eAudhozadion8
Puthoaizection is the Junchion o Sfecityin7 access
esouces
to which 3 ehel
ights aivileges
do genealindo mation secuaiiy Comfude ecuaily
So cCCess Contml in aticulo
s to aleine
kovmally
moe do authonize
Cim Ccess (Hlicy (Duainq bfercuhons the sytem
aCcesS ules to twhether
oeciole
U6es the Conthol
oCCeSS equeatS Foom CauthentiCodecl) ConSumezS
ohall be oPfaDvec (gnandeel) 0r disafrveel laejeotel).
(Resounces incluole ndividluuol Hles 03 idems
dao Comfuter HrcrmnS, Comfudez clevioes tunclionalihy
Pacvicleol by Comfudez appliCadions