Threat

A cyber threat is a malicious act that seeks to steal or damage data or

discompose the digital network or system. Threats can also be defined as the
possibility of a successful cyber attack to get access to the sensitive data of a
system unethically. Examples of threats include computer viruses, Denial of
Service (DoS) attacks, data breaches, and even sometimes dishonest employees.
Types of Threat
Threats could be of three types, which are as follows:
1. Intentional- Malware, phishing, and accessing someone’s account
illegally, etc. are examples of intentional threats.
2. Unintentional- Unintentional threats are considered human errors, for
example, forgetting to update the firewall or the anti-virus could make
the system more vulnerable.
3. Natural- Natural disasters can also damage the data, they are known
as natural threats.

Vulnerability:

In cybersecurity, a vulnerability is a flaw in a system’s design, security

procedures, internal controls, etc., that can be exploited by cybercriminals. In
some very rare cases, cyber vulnerabilities are created as a result
of cyberattacks, not because of network misconfigurations. Even it can be
caused if any employee anyhow downloads a virus or a social engineering attack.
Types of Vulnerability
Vulnerabilities could be of many types, based on different criteria, some of them
are:
1. Network- Network vulnerability is caused when there are some flaws in
the network’s hardware or software.
2. Operating system- When an operating system designer designs an
operating system with a policy that grants every program/user to have
full access to the computer, it allows viruses and malware to make
changes on behalf of the administrator.
3. Human- Users’ negligence can cause vulnerabilities in the system.
4. Process- Specific process control can also cause vulnerabilities in the
system.
Risk:

Cyber risk is a potential consequence of the loss or damage of assets or data

caused by a cyber threat. Risk can never be completely removed, but it can be
managed to a level that satisfies an organization’s tolerance for risk. So, our
target is not to have a risk-free system, but to keep the risk as low as possible.
Cyber risks can be defined with this simple formula- Risk = Threat +
Vulnerability. Cyber risks are generally determined by examining the threat
actor and type of vulnerabilities that the system has.
Types of Risks
There are two types of cyber risks, which are as follows:
1. External- External cyber risks are those which come from outside an
organization, such as cyberattacks, phishing, ransomware, DDoS attacks, etc.
2. Internal- Internal cyber risks come from insiders. These insiders could have
malicious intent or are just not be properly trained.

Difference Between Threat, Vulnerability, and Risk

Threat Vulnerability Risks

Take advantage of Known as the weakness

vulnerabilities in the in hardware, software, The potential for loss or
system and have the or designs, which might destruction of data is caused
potential to steal allow cyber threats to by cyber threats.
1. and damage data. happen.

Generally, can’t be
Can be controlled. Can be controlled.
2. controlled.

It may or may not

Generally, unintentional. Always intentional.
3. be intentional.

Vulnerability Reducing data transfers,

Can be blocked by management is a downloading files from
managing the process of identifying reliable sources, updating the
vulnerabilities. the problems, then software regularly, hiring a
categorizing them, professional cybersecurity
4. prioritizing them, and team to monitor data,
 Threat Vulnerability Risks

developing an incident
resolving the
management plan, etc. help to
vulnerabilities in that
lower down the possibility of
order.
cyber risks.

Can be detected by
Can be detected by Can be detected by identifying mysterious emails,
anti-virus software penetration testing suspicious pop-ups, observing
and threat hardware and many unusual password activities, a
detection logs. vulnerability scanners. slower than normal network,
5. etc.

Trap Door:
 A trap door is kind of a secret entry point into a program that allows
anyone to gain access to any system without going through the usual
security access procedures.
 Another definition of a trap door is it is a method of bypassing normal
authentication methods. Therefore it is also known as a back door.
 Trap Doors are quite difficult to detect and also in order to find them
the programmers or the developers have to go through the components
of the system.
 Programmers use Trap door legally to debug and test programs. Trap
doors turn to threats when any dishonest programmers gain illegal
access.

What is a logic bomb?

A logic bomb is a string of malicious code inserted intentionally into a program
to harm a network when certain conditions are met. The term comes from the
idea that the code "explodes" when triggered by a specific event, such as
deletion of a particular record -- e.g., an employee -- from a system or the
launch of the infected software application.

Also known as slag code, a logic bomb often remains undetected until it
executes its function or launches its payload. The set of conditions able to set it
off is virtually unlimited. Additionally, the degree of destruction from a logic
bomb can vary greatly from deleting files and corrupting data to clearing hard
drives and causing application failure.

Unlike many other types of cyber attacks, a logic bomb attack is subtle yet
often sophisticated and capable of causing explosive damage that's difficult to
trace or mitigate. A malicious piece of code is secretly inserted into a
computer's or network's existing software. It may also be inserted into other
forms of malware such as viruses, worms or Trojan horses.

A logic bomb is sneaky because its code lies dormant until the trigger occurs.
This deliberate time lag between code insertion and action (payload release)
enables bombers to control when the attack happens. More importantly, it
enables them to cover their tracks since the logic bomb usually remains
undetectable, sometimes for months or even years.

The bomb's "detonator" is the particular condition that must be met. If the
trigger is related to a date or time, the logic bomb will go off on a certain date
-- e.g., Y2K -- and is known as a time bomb. Its payload refers to the specific
component that's programmed to cause damage, such as deleting files, sending
spam emails and stealing data.

The payload is usually unknown until it triggers. This is why it is so difficult to

mitigate, much less prevent, the damage from logic bombs.

How does a logic bomb work?

Either positive or negative conditions can trigger a logic bomb. A logic bomb
coded with a positive condition goes off when that condition is met, while a bomb
coded with a negative condition goes off when that condition is not met.

An example of a positive condition could be the opening of a particular file. An

example of a negative condition is the code not being detected or deactivated
before a certain date.
Whether the condition is positive or negative, as long as it's met, the logic bomb
will go off and inflict damage unless a way is found to mitigate the condition or
remove the code.

How to safeguard against logic bombs

Organizations can prevent logic bombs by following some cybersecurity best
practices:

 Use antivirus software, and update it regularly.

 Periodically scan all files, including compressed files and

subdirectories.

 Require all users to activate security features like auto protect and
email screening.

 Perform website safety checks, and avoid clicking on suspicious links.

 Avoid downloading email attachments from unknown/untrusted

senders.

 Regularly update and patch operating systems.

 Train users on safety policies and best practices.

What Is a Time Bomb?

A time bomb is a piece of malware that’s designed to execute at a predetermined time. It may carry a
similar payload as a logic bomb. Both time bombs and logic bombs may deploy ransomware, delete data,
consume system resources and more. Time bombs are simply on a timer, meaning they will only unload
their payload after a certain amount of time has passed.

Differences Between Logic Bombs and Time Bombs

Logic bombs and time bombs are both types of “delayed” malware. Unlike most other types of malware,
they don’t unload their payload initially upon being downloaded or opened. Rather, logic bombs and time
bombs have a delayed action; they will wait a while before unloading their payload and executing their
malicious processes.
The difference between logic bombs and time bombs lies in when, exactly, they unload their payload.
They both unload their payload at some point in the future. Logic bombs, however, wait until certain
conditions have been met. Time bombs, on the other hand, wait until a certain amount of time has
passed. Logic bombs are essentially on a condition-based timer, whereas time bombs are on a time-
based timer.
Logic bombs have conditional triggers. Conditional triggers may include user actions, system states and
even specific events. There are no conditional triggers with time bombs. Time bombs are simpler, using
only a time-based timer. Time bombs are programmed to activate at a predetermined time. At this
time, they will unload their malicious payload, which can range from data deletion to system disruption
or unauthorized access and more.

Avalanche effect
the avalanche effect is a term associated with a specific behavior of
mathematical functions used for encryption. Avalanche effect is considered as
one of the desirable property of any encryption algorithm. A slight change in
either the key or the plain-text should result in a significant change in the cipher
-text. This property is termed as avalanche effect.
In simple words, it quantifies the effect on the cipher-text with respect to the
small change made in plain text or the key.
Even though the concept of avalanche effect was identified by “Shannon’s
property of confusion”, the term was first mentioned by Horst Feistel. To
implement a strong cipher or cryptographic hash function, this should be
considered as one of the primary design objective.
In case of algorithm that uses hash value, even a small alteration in an input
string should drastically change the hash value. In other words, flipping single bit
in input string should at least flip half of the bits in the hash value.
A good encryption algorithm should always satisfy the following relation:

Avalanche effect > 50%

The effect ensures that an attacker cannot easily predict a plain-text through a
statistical analysis. An encryption algorithm that doesn’t satisfies this property
can favour an easy statistical analysis. That is, if the alteration in a single bit of
the input results in change of only single bit of the desired output, then it’s easy
to crack the encrypted text.

Salami Attack
A salami attack is a cybercrime that attackers typically use to commit financial crimes. Criminals
steal money or resources from financial accounts on a system one at a time. This attack occurs
when several minor attacks combine to form a powerful attack. Because of this type of
cybercrime, these attacks frequently go undetected. Anyone guilty of such an attack faces
punishment under Section 66 of the IT Act. Salami Slicing and Penny Shaving are two significant
types of salami attacks in cybersecurity.

How Does a Salami Attack Work?

After attempting many different routing and bank account mixtures to gain access to
accounts, cybercriminals can make negligible deposits into users’ accounts once they find
a valid account. They can set up small monthly fees to be withdrawn from the financial
institution and placed into accounts they can access once they find an account.
Because the fees are so minor, users will ignore them on their bank statements. However,
if hackers successfully deploy this illegal strategy throughout other hundreds of bank
accounts, their earnings can rapidly increase.
Types of Salami Attacks in CyberSecurity
Salami Slicing Attack
A “salami slicing attack” or “salami fraud” occurs when an attacker uses an online
database to obtain customer information, such as bank/credit card details. Over time,
the attacker deducts insignificant amounts from each account. These sums naturally add
up to large sums of money invisibly taken from the joint accounts. Most people do not
report the deduction, often due to the small amount involved.
For example, suppose an attacker withdraws ₹0.01 (1 paise) from each bank account.
Nobody will notice such a minor discrepancy. However, a large sum is produced when one
paise is deducted from each account holder at that bank.
Penny Shaving Attack
Penny shaving is the fraudulent practice of repeatedly stealing money in extremely small
amounts. By using rounding to the nearest cent in financial transactions. The goal is to
make the change so small that any transaction goes undetected.

Malicious Mobile Code

Malicious mobile code (MMC) is any software program designed to move
from computer to computer and network to network, in order to
intentionally modify computer systems without the consent of the owner
or operator. MMC includes viruses, Trojan horses, worms, script
attacks, and rogue Internet code. The intentional part of the definition
is important. MMC does cause real damage and real downtime. If you
take the time to learn what the threats are and how to prevent them,
you can save more time in the end. Just learning about what is possible
prepares you to make better decisions and implement appropriate
security. In the world of malicious mobile code the phrase "in the wild”
means the malicious program is widespread and routinely reported to
antivirus researchers. Many rogue programs get created, but never
become a big threat to society at large. This can be because they are
full of bugs, are too noticeable to spread without quick detection, or
remain abstract research programs. A common rogue program might
start out in the wild, but end up disappearing because of good antivirus
techniques and technology updates.

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity
and integrity of a digital document, message or software. It's the digital
equivalent of a handwritten signature or stamped seal, but it offers far more
inherent security. A digital signature is intended to solve the problem of
tampering and impersonation in digital communications.

Digital signatures can provide evidence of origin, identity and status of

electronic documents, transactions or digital messages. Signers can also use
them to acknowledge informed consent. In many countries, including the U.S.,
digital signatures are considered legally binding in the same way as traditional
handwritten document signatures.

How do digital signatures work?

Digital signatures are based on public key cryptography, also known
as asymmetric cryptography. Using a public key algorithm -- such as Rivest-
Shamir-Adleman, or RSA -- two keys are generated, creating a mathematically
linked pair of keys: one private and one public.

Digital signatures work through public key cryptography's two mutually

authenticating cryptographic keys. For encryption and decryption, the person
who creates the digital signature uses a private key to encrypt signature-
related data. The only way to decrypt that data is with the signer's public key.

If the recipient can't open the document with the signer's public key, that
indicates there's a problem with the document or the signature. This is how
digital signatures are authenticated.

Digital certificates, also called public key certificates, are used to verify that
the public key belongs to the issuer. Digital certificates contain the public key,
information about its owner, expiration dates and the digital signature of the
certificate's issuer. Digital certificates are issued by trusted third-party
certificate authorities (CAs), such as DocuSign or GlobalSign, for example. The
party sending the document and the person signing it must agree to use a given
CA.
Digital signature technology requires all parties trust that the person who
creates the signature image has kept the private key secret. If someone else
has access to the private signing key, that party could create fraudulent digital
signatures in the name of the private key holder.

What are the benefits of digital signatures?

Digital signatures offer the following benefits:

 Security. Security capabilities are embedded in digital signatures to

ensure a legal document isn't altered and signatures are legitimate.
Security features include asymmetric cryptography, personal
identification numbers (PINs), checksums and cyclic redundancy
checks (CRCs), as well as CA and trust service provider (TSP)
validation.

 Timestamping. This provides the date and time of a digital signature

and is useful when timing is critical, such as for stock trades, lottery
ticket issuance and legal proceedings.

 Globally accepted and legally compliant. The public key

infrastructure (PKI) standard ensures vendor-generated keys are
made and stored securely. With digital signatures becoming an
international standard, more countries are accepting them as legally
binding.

 Time savings. Digital signatures simplify the time-consuming

processes of physical document signing, storage and exchange,
enabling businesses to quickly access and sign documents.

 Cost savings. Organizations can go paperless and save money

previously spent on the physical resources, time, personnel and office
space used to manage and transport documents.

 Positive environmental effects. Reducing paper use also cuts down on

the physical waste generated by paper and the negative
environmental impact of transporting paper documents.

 Traceability. Digital signatures create an audit trail that makes

 internal record-keeping easier for businesses. With everything
recorded and stored digitally, there are fewer opportunities for a
manual signee or record-keeper to make a mistake or misplace
something.

The Direct Digital Signature is only included two parties one to send a message
and the other one to receive it. According to the direct digital signature both
parties trust each other and know their public key. The message is prone to get
corrupted and the sender can decline the message sent by him at any time.
Advantages:
 Simplicity: Direct digital signatures are simple and straightforward to
implement, requiring only the use of digital certificates and a secure
private key.
 Speed: Direct digital signatures are fast and efficient, allowing for
quick signing of electronic documents.
 Security: Direct digital signatures are secured using strong
cryptographic techniques, making it difficult for unauthorized parties
to access or alter the signature.
Disadvantages:
 Limited scope: Direct digital signatures can only be used for documents
that are exchanged between two parties, making it less suitable for
situations that require multiple signatures.
 Lack of impartiality: Direct digital signatures may be seen as less
impartial than arbitrated digital signatures, as they do not require a
third-party to verify the identity of the signer.
The Arbitrated Digital Signature includes three parties in which one is the sender,
the second is a receiver and the third is the arbiter who will become the medium
for sending and receiving messages between them. The message is less prone to
get corrupted because a timestamp is included by default.
Advantages:
 Impartiality: Arbitrated digital signatures require a trusted third-
party to verify the identity of the signer, providing greater impartiality
and validity to the signature.
 Multiple signatures: Arbitrated digital signatures can be used for
documents that require multiple signatures, such as contracts and
agreements.
 Legal recognition: Arbitrated digital signatures are often legally
recognized, making it easier to comply with legal requirements for
electronic signatures.
Disadvantages:
 Complexity: Arbitrated digital signatures can be more complex to
implement and use compared to direct digital signatures, requiring the
involvement of a trusted third-party and compliance with certain
regulations.
 Cost: Arbitrated digital signatures can be more expensive than direct
digital signatures due to the involvement of a trusted third-party and
the need for compliance with certain regulations.
 Dependence on third-party: Arbitrated digital signatures require a
trusted third-party to verify the identity of the signer, making it
important to choose a reliable and trustworthy third-party.

Intrusion Detection System (IDS)

A system called an intrusion detection system (IDS) observes network traffic for
malicious transactions and sends immediate alerts when it is observed. It is
software that checks a network or system for malicious activities or policy
violations. Each illegal activity or violation is often recorded either centrally
using a SIEM system or notified to an administration. IDS monitors a network or
system for malicious activity and protects a computer network from unauthorized
access from users, including perhaps insiders. The intrusion detector learning
task is to build a predictive model (i.e. a classifier) capable of distinguishing
between ‘bad connections’ (intrusion/attacks) and ‘good (normal) connections’.

How does an IDS work?

 An IDS (Intrusion Detection System) monitors the traffic on a computer

network to detect any suspicious activity.
  It analyzes the data flowing through the network to look for patterns
and signs of abnormal behavior.
 The IDS compares the network activity to a set of predefined rules and
patterns to identify any activity that might indicate an attack or
intrusion.
 If the IDS detects something that matches one of these rules or
patterns, it sends an alert to the system administrator.
 The system administrator can then investigate the alert and take
action to prevent any damage or further intrusion.
Classification of Intrusion Detection System
IDS are classified into 5 types:
 Network Intrusion Detection System (NIDS): Network intrusion
detection systems (NIDS) are set up at a planned point within the
network to examine traffic from all devices on the network. It performs
an observation of passing traffic on the entire subnet and matches the
traffic that is passed on the subnets to the collection of known attacks.
Once an attack is identified or abnormal behavior is observed, the alert
can be sent to the administrator. An example of a NIDS is installing it on
the subnet where firewalls are located in order to see if someone is
trying to crack the firewall.
 Host Intrusion Detection System (HIDS): Host intrusion detection
systems (HIDS) run on independent hosts or devices on the network. A
HIDS monitors the incoming and outgoing packets from the device only
and will alert the administrator if suspicious or malicious activity is
detected. It takes a snapshot of existing system files and compares it
with the previous snapshot. If the analytical system files were edited or
deleted, an alert is sent to the administrator to investigate. An example
of HIDS usage can be seen on mission-critical machines, which are not
expected to change their layout.

 Protocol-based Intrusion Detection System (PIDS): Protocol-based

intrusion detection system (PIDS) comprises a system or agent that
 would consistently reside at the front end of a server, controlling and
interpreting the protocol between a user/device and the server. It is
trying to secure the web server by regularly monitoring the HTTPS
protocol stream and accepting the related HTTP protocol. As HTTPS is
unencrypted and before instantly entering its web presentation layer
then this system would need to reside in this interface, between to use
the HTTPS.
 Application Protocol-based Intrusion Detection System (APIDS): An
application Protocol-based Intrusion Detection System (APIDS) is a
system or agent that generally resides within a group of servers. It
identifies the intrusions by monitoring and interpreting the
communication on application-specific protocols. For example, this
would monitor the SQL protocol explicitly to the middleware as it
transacts with the database in the web server.
 Hybrid Intrusion Detection System: Hybrid intrusion detection system is
made by the combination of two or more approaches to the intrusion
detection system. In the hybrid intrusion detection system, the host
agent or system data is combined with network information to develop a
complete view of the network system. The hybrid intrusion detection
system is more effective in comparison to the other intrusion detection
system. Prelude is an example of Hybrid IDS.

Benefits of IDS

 Detects malicious activity: IDS can detect any suspicious activities and
alert the system administrator before any significant damage is done.
 Improves network performance: IDS can identify any performance
issues on the network, which can be addressed to improve network
performance.
 Compliance requirements: IDS can help in meeting compliance
requirements by monitoring network activity and generating reports.
 Provides insights: IDS generates valuable insights into network traffic,
which can be used to identify any weaknesses and improve network
security.
Detection Method of IDS
1. Signature-based Method: Signature-based IDS detects the attacks on
the basis of the specific patterns such as the number of bytes or a
number of 1s or the number of 0s in the network traffic. It also detects
on the basis of the already known malicious instruction sequence that is
used by the malware. The detected patterns in the IDS are known as
signatures. Signature-based IDS can easily detect the attacks whose
 pattern (signature) already exists in the system but it is quite difficult
to detect new malware attacks as their pattern (signature) is not
known.
2. Anomaly-based Method: Anomaly-based IDS was introduced to detect
unknown malware attacks as new malware is developed rapidly. In
anomaly-based IDS there is the use of machine learning to create a
trustful activity model and anything coming is compared with that model
and it is declared suspicious if it is not found in the model. The machine
learning-based method has a better-generalized property in
comparison to signature-based IDS as these models can be trained
according to the applications and hardware configurations.
Comparison of IDS with Firewalls
IDS and firewall both are related to network security but an IDS differs from a
firewall as a firewall looks outwardly for intrusions in order to stop them from
happening. Firewalls restrict access between networks to prevent intrusion and if
an attack is from inside the network it doesn’t signal. An IDS describes a
suspected intrusion once it has happened and then signals an alarm.

Intrusion Prevention System (IPS)

Intrusion Prevention System is also known as Intrusion Detection and Prevention
System. It is a network security application that monitors network or system
activities for malicious activity. Major functions of intrusion prevention systems
are to identify malicious activity, collect information about this activity, report it
and attempt to block or stop it.
Intrusion prevention systems are contemplated as augmentation of Intrusion
Detection Systems (IDS) because both IPS and IDS operate network traffic and
system activities for malicious activity.
IPS typically record information related to observed events, notify security
administrators of important observed events and produce reports. Many IPS can
also respond to a detected threat by attempting to prevent it from succeeding.
They use various response techniques, which involve the IPS stopping the attack
itself, changing the security environment or changing the attack’s content.
How Does an IPS Work?
An IPS works by analyzing network traffic in real-time and comparing it against
known attack patterns and signatures. When the system detects suspicious
traffic, it blocks it from entering the network.
Types of IPS
There are two main types of IPS:
 1. Network-Based IPS: A Network-Based IPS is installed at the network
perimeter and monitors all traffic that enters and exits the network.
2. Host-Based IPS: A Host-Based IPS is installed on individual hosts and
monitors the traffic that goes in and out of that host.
Why Do You Need an IPS?
An IPS is an essential tool for network security. Here are some reasons why:
 Protection Against Known and Unknown Threats: An IPS can block known
threats and also detect and block unknown threats that haven’t been
seen before.
 Real-Time Protection: An IPS can detect and block malicious traffic in
real-time, preventing attacks from doing any damage.
 Compliance Requirements: Many industries have regulations that
require the use of an IPS to protect sensitive information and prevent
data breaches.
 Cost-Effective: An IPS is a cost-effective way to protect your network
compared to the cost of dealing with the aftermath of a security
breach.
 Increased Network Visibility: An IPS provides increased network
visibility, allowing you to see what’s happening on your network and
identify potential security risks.
Classification of Intrusion Prevention System (IPS):
Intrusion Prevention System (IPS) is classified into 4 types:

1. Network-based intrusion prevention system (NIPS):

It monitors the entire network for suspicious traffic by analyzing
protocol activity.

2. Wireless intrusion prevention system (WIPS):

It monitors a wireless network for suspicious traffic by analyzing
wireless networking protocols.

3. Network behavior analysis (NBA):

It examines network traffic to identify threats that generate unusual
traffic flows, such as distributed denial of service attacks, specific
forms of malware and policy violations.

4. Host-based intrusion prevention system (HIPS):

It is an inbuilt software package which operates a single host for
doubtful activity by scanning events that occur within that host.

Comparison of Intrusion Prevention System (IPS) Technologies:

The Table below indicates various kinds of IPS Technologies:
IPS Types of
Scope per
Technology Malicious Activity
Sensor Strengths
Type Detected

Multiple
network
Network, transport, Only IDPS which can
Network- subnets
and application TCP/IP analyze the widest range
Based
layer activity and groups of application protocols;
of hosts

Wireless protocol Multiple

activity; unauthorized WLANs and
wireless Only IDPS able to predict
Wireless groups of
wireless protocol activity
local area networks wireless
(WLAN) in use clients

Typically more effective

than the others at
Network, transport, Multiple
identifying
and application TCP/IP network
reconnaissance scanning
layer activity subnets
NBA and
that causes anomalous and groups
DoS attacks, and at
network flows of hosts
reconstructing major
malware infections

Host application and Can analyze activity that

operating system (OS)
activity; network, was transferred in end-
Individual to-end
Host-Based transport,
host
and application TCP/IP encrypted
layer activity communications

Detection Method of Intrusion Prevention System (IPS):

1. Signature-based detection:
Signature-based IDS operates packets in the network and compares
with pre-built and preordained attack patterns known as signatures.

2. Statistical anomaly-based detection:

 Anomaly based IDS monitors network traffic and compares it against an
established baseline. The baseline will identify what is normal for that
network and what protocols are used. However, It may raise a false
alarm if the baselines are not intelligently configured.

3. Stateful protocol analysis detection:

This IDS method recognizes divergence of protocols stated by
comparing observed events with pre-built profiles of generally
accepted definitions of not harmful activity.

Comparison of IPS with IDS:

The main difference between Intrusion Prevention System (IPS) with Intrusion
Detection Systems (IDS) are:
1. Intrusion prevention systems are placed in-line and are able to actively
prevent or block intrusions that are detected.
2. IPS can take such actions as sending an alarm, dropping detected
malicious packets, resetting a connection or blocking traffic from the
offending IP address.
3. IPS also can correct cyclic redundancy check (CRC) errors, defragment
packet streams, mitigate TCP sequencing issues and clean up unwanted
transport and network layer options.
Conclusion:
An Intrusion Prevention System (IPS) is a crucial component of any network
security strategy. It monitors network traffic in real-time, compares it against
known attack patterns and signatures, and blocks any malicious activity or
traffic that violates network policies. An IPS is an essential tool for protecting
against known and unknown threats, complying with industry regulations, and
increasing network visibility. Consider implementing an IPS to protect your
network and prevent security breaches.

Security Mechanism
A process (or a device incorporating such a process) that is designed to detect, prevent, or
recover from a security attack. The mechanisms are divided into those that are
implemented in a specific protocol layer, such as TCP or an application-layer protocol.
 Security Mechanisms
1. Encipherment: Encipherment is hiding or covering data and can provide
confidentiality. It makes use of mathematical algorithms to transform data into a
form that is not readily intelligible. The transformation and subsequent recovery of
the data depend on an algorithm and zero or more encryption keys. Cryptography
and Steganography techniques are used for enciphering.
2. Data integrity: The data integrity mechanism appends a short check value to the
data which is created by a specific process from the data itself. The receiver
receives the data and the check value. The receiver then creates a new check value
from the received data and compares the newly created check value with the one
received. If the two check values match, the integrity of data is being preserved.
3. Digital Signature: A digital signature is a way by which the sender can
electronically sign the data and the receiver can electronically verify it. The sender
uses a process in which the sender owns a private key related to the public key that
he or she has announced publicly. The receiver uses the sender's public key to
prove the message is indeed signed by the sender who claims to have sent the
message.
4. Authentication exchange: A mechanism intended to ensure the identity of an
entity by means of information exchange. The two entities exchange some
messages to prove their identity to each other. For example the three-way
handshake in TCP.
5. Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
6. Routing control: Enables selection of particular physically secure routes for
certain data and allows routing changes which means selecting and continuously
changing different available routes between the sender and the receiver to prevent
 the attacker from traffic analysis on a particular route.
7. Notarization: The use of a trusted third party to control the communication
between the two parties. It prevents repudiation. The receiver involves a trusted
third party to store the request to prevent the sender from later denying that he or
she has made such a request.
8. Access Control: A variety of mechanisms are used to enforce access rights to
resources/data owned by a system, for example, PINS, and passwords.