Firewall & its types:

Intrusion detection system & types

Packet Filtering Firewall:
Examines packets based on predefined criteria like source/destination IP, Intrusion Detection System (IDS) monitors network or system
ports, and protocols. Allows or blocks packets accordingly. activities for malicious behavior, generating alerts upon detection.
Stateful Inspection Firewall: Types:
Monitors the state of active connections and allows packets belonging to Network-based IDS (NIDS):
established connections. Provides better security by understanding the Monitors network traffic, identifies anomalies, and detects attacks
context of traffic. like port scans or malware. Examples: Snort, Suricata.
Proxy Firewall: Host-based IDS (HIDS):
Acts as an intermediary between internal and external networks. Routes all Monitors individual hosts, detecting suspicious activities or
traffic through a proxy server, hiding internal network details. Evaluates and unauthorized changes in logs, files, or system calls. Examples: OSSEC,
forwards requests on behalf of clients. Intrusion prevention sys Tripwire.
Application Layer Firewall (Next-Generation Firewall):
Operates at the application layer of the OSI model. Filters traffic based on Hybrid IDS combines NIDS and HIDS features for comprehensive
threat detection across networks and hosts.
specific applications or services, incorporating deep packet inspection and
advanced threat protection.
Circuit-Level Gateway:
Works at the session layer (layer 5) of the OSI model. Monitors TCP
handshakes to determine whether to allow or block traffic for established
connections.
Hybrid Firewall:
Combines features of multiple firewall types (e.g., packet filtering, stateful
inspection, application layer inspection) for comprehensive security solutions.

Intrusion prevention sys Honeypot

Intrusion Prevention System (IPS) is a security tool that not only detects but
also actively blocks or mitigates malicious activities and threats on a network
or system. It works by analyzing network traffic in real-time, identifying
suspicious patterns or behaviors, and taking action to prevent potential
security incidents. IPS can be deployed as a standalone device or integrated
into a firewall or unified threat management (UTM) system. Its primary goal is
to enhance network security by proactively blocking or mitigating threats
before they can cause harm.
A Honeypot is a cybersecurity technique used to detect, deflect, or
study attempts at unauthorized use of information systems. It consists
of a computer, data, or network site that appears to be part of a
network but is isolated and monitored, and which seems to contain
information or a resource of value to attackers. The Honeypot lures
potential attackers away from legitimate systems, allowing
administrators to monitor and study their behavior. It essentially acts
as a decoy to attract and analyze malicious activity, helping
organizations understand attackers' tactics, techniques, and motives to
enhance their overall cybersecurity defenses.

Public and private network

Intranet extranet
Public and private networks refer to two distinct types of networks based on
their accessibility and ownership:
Intranet:
Private network for internal users (employees, contractors).
Public Network:
Accessible only within the organization.
Accessible by anyone, typically over the internet.
Centralized platform for communication and collaboration.
Infrastructure owned and maintained by a service provider, such as an ISP.
Hosts internal websites, documents, and resources.
Examples include the internet, public Wi-Fi networks, and cellular data
Security measures ensure privacy and control access.
networks.
Extranet:
Security measures are essential to protect sensitive data from unauthorized
Controlled extension of the intranet.
access.
Provides limited access to external users (clients, partners).
Private Network:
Securely shares specific resources or services.
Restricted access, typically within an organization or a specific group.
Requires authentication for external users.
Infrastructure owned and managed by the organization or individual.
Facilitates collaboration while maintaining security and privacy.
Examples include local area networks (LANs) within a company, virtual private
networks (VPNs), and intranets.
Security measures are implemented to control access and protect sensitive
information from unauthorized users or external threats.
Security measure and types
Security Measures:
Techniques or tools implemented to protect assets from unauthorized
access, use, disclosure, disruption, modification, or destruction.
Types:
Preventive Measures:
Aim to prevent security incidents from occurring.
Examples: Firewalls, encryption, access controls.
Detective Measures:
Identify security incidents or breaches after they occur.
Examples: Intrusion Detection Systems (IDS), security audits.
Corrective Measures:
Actions taken to mitigate the impact of security incidents.
Examples: Patching vulnerabilities, incident response plans.
Deterrent Measures:
Discourage potential attackers from targeting the system.
Examples: Security policies, visible security cameras.
Recovery Measures:
Restore systems or data to a functional state after a security incident.
Examples: Backups, disaster recovery plans.
Availability, confidentiality, integrity
Availability:
Ensures that resources and services are accessible and usable when
needed by authorized users.
Goal: Maintain uptime and prevent service disruptions.
Examples: Redundant systems, load balancing, disaster recovery plans.
Confidentiality:
Ensures that sensitive information is only accessible to authorized
individuals or systems.
Goal: Protect data from unauthorized access, disclosure, or interception.
Examples: Encryption, access controls, data classification.
Integrity:
Ensures that data remains accurate, complete, and unaltered during
storage, transmission, or processing.
Goal: Prevent unauthorized modification, tampering, or corruption of
data.
Examples: Digital signatures, checksums, version control systems.