Packet Filtering Firewall: Examines packets based on predefined criteria like source/destination IP, Intrusion Detection System (IDS) monitors network or system ports, and protocols. Allows or blocks packets accordingly. activities for malicious behavior, generating alerts upon detection. Stateful Inspection Firewall: Types: Monitors the state of active connections and allows packets belonging to Network-based IDS (NIDS): established connections. Provides better security by understanding the Monitors network traffic, identifies anomalies, and detects attacks context of traffic. like port scans or malware. Examples: Snort, Suricata. Proxy Firewall: Host-based IDS (HIDS): Acts as an intermediary between internal and external networks. Routes all Monitors individual hosts, detecting suspicious activities or traffic through a proxy server, hiding internal network details. Evaluates and unauthorized changes in logs, files, or system calls. Examples: OSSEC, forwards requests on behalf of clients. Intrusion prevention sys Tripwire. Application Layer Firewall (Next-Generation Firewall): Operates at the application layer of the OSI model. Filters traffic based on Hybrid IDS combines NIDS and HIDS features for comprehensive threat detection across networks and hosts. specific applications or services, incorporating deep packet inspection and advanced threat protection. Circuit-Level Gateway: Works at the session layer (layer 5) of the OSI model. Monitors TCP handshakes to determine whether to allow or block traffic for established connections. Hybrid Firewall: Combines features of multiple firewall types (e.g., packet filtering, stateful inspection, application layer inspection) for comprehensive security solutions.
Intrusion prevention sys Honeypot
Intrusion Prevention System (IPS) is a security tool that not only detects but A Honeypot is a cybersecurity technique used to detect, deflect, or also actively blocks or mitigates malicious activities and threats on a network study attempts at unauthorized use of information systems. It consists or system. It works by analyzing network traffic in real-time, identifying of a computer, data, or network site that appears to be part of a suspicious patterns or behaviors, and taking action to prevent potential network but is isolated and monitored, and which seems to contain security incidents. IPS can be deployed as a standalone device or integrated information or a resource of value to attackers. The Honeypot lures into a firewall or unified threat management (UTM) system. Its primary goal is potential attackers away from legitimate systems, allowing to enhance network security by proactively blocking or mitigating threats administrators to monitor and study their behavior. It essentially acts before they can cause harm. as a decoy to attract and analyze malicious activity, helping organizations understand attackers' tactics, techniques, and motives to enhance their overall cybersecurity defenses.
Public and private network
Intranet extranet Public and private networks refer to two distinct types of networks based on their accessibility and ownership: Intranet: Private network for internal users (employees, contractors). Public Network: Accessible only within the organization. Accessible by anyone, typically over the internet. Centralized platform for communication and collaboration. Infrastructure owned and maintained by a service provider, such as an ISP. Hosts internal websites, documents, and resources. Examples include the internet, public Wi-Fi networks, and cellular data Security measures ensure privacy and control access. networks. Extranet: Security measures are essential to protect sensitive data from unauthorized Controlled extension of the intranet. access. Provides limited access to external users (clients, partners). Private Network: Securely shares specific resources or services. Restricted access, typically within an organization or a specific group. Requires authentication for external users. Infrastructure owned and managed by the organization or individual. Facilitates collaboration while maintaining security and privacy. Examples include local area networks (LANs) within a company, virtual private networks (VPNs), and intranets. Security measures are implemented to control access and protect sensitive information from unauthorized users or external threats. Security measure and types Availability, confidentiality, integrity
Security Measures: Availability:
Techniques or tools implemented to protect assets from unauthorized Ensures that resources and services are accessible and usable when access, use, disclosure, disruption, modification, or destruction. needed by authorized users. Goal: Maintain uptime and prevent service disruptions. Types: Examples: Redundant systems, load balancing, disaster recovery plans. Preventive Measures: Aim to prevent security incidents from occurring. Confidentiality: Examples: Firewalls, encryption, access controls. Ensures that sensitive information is only accessible to authorized Detective Measures: individuals or systems. Identify security incidents or breaches after they occur. Goal: Protect data from unauthorized access, disclosure, or interception. Examples: Intrusion Detection Systems (IDS), security audits. Examples: Encryption, access controls, data classification. Corrective Measures: Actions taken to mitigate the impact of security incidents. Integrity: Examples: Patching vulnerabilities, incident response plans. Ensures that data remains accurate, complete, and unaltered during Deterrent Measures: storage, transmission, or processing. Discourage potential attackers from targeting the system. Goal: Prevent unauthorized modification, tampering, or corruption of Examples: Security policies, visible security cameras. data. Examples: Digital signatures, checksums, version control systems. Recovery Measures: Restore systems or data to a functional state after a security incident. Examples: Backups, disaster recovery plans.