Network Security
Network Security
By
Firewalls
Intrusion Detection System (IDS)
Virtual Private Networs (VPN’s)
Secure wifi
Data encryption
Regular updates and Patch management
Backup data
Firewalls
Packet filtering firewalls: These firewalls operate at the network layer (Layer
3) of the OSI model and examine individual packets of data based on predefined
rules. They can allow or block packets based on factors like source/destination IP
addresses, port numbers, and protocols. Packet-filtering firewalls are lightweight
and efficient but offer limited application-layer inspection capabilities.
Application-Level Gateway: An application gateway (ALG) firewall is a type of
firewall that protects the application layer of the OSI model. It's deployed
on a computer's internal system and filters incoming node traffic by examining
and controlling application session initiation. In other words, an ALG firewall
acts as an intermediary between external users and the main server,
controlling traffic and preventing malicious attempts to gain access.
Intrusion data Systems (IDS)
Signature-based detection
Signature-based detection analyzes network packets for attack signatures—
unique characteristics or behaviors that are associated with a specific threat.
A sequence of code that appears in a particular malware variant is an
example of an attack signature.
A signature-based IDS maintains a database of attack signatures against which
it compares network packets. If a packet triggers a match to one of the
signatures, the IDS flags it. To be effective, signature databases must be
regularly updated with new threat intelligence as new cyberattacks emerge
and existing attacks evolve. Brand new attacks that are not yet analyzed for
signatures can evade signature-based IDS.
Anomaly-based detection
Anomaly-based detection methods use machine learning to create—and
continually refine—a baseline model of normal network activity. Then it
compares network activity to the model and flags deviations—such as a process
that uses more bandwidth than normal, or a device opening a port.
Because it reports any abnormal behavior, anomaly-based IDS can often catch
new cyberattacks that might evade signature-based detection. For example,
anomaly-based IDSs can catch zero-day exploits—attacks that take advantage of
software vulnerabilities before the software developer knows about them or has
time to patch them.
But anomaly-based IDSs may also be more prone to false positives. Even benign
activity, such as an authorized user accessing a sensitive network resource for
the first time, can trigger an anomaly-based IDS.
Types of IDS
2. Intrusion Prevention Systems (IPS): IPS work similarly to IDS, but they
also have the capability to actively block or prevent intrusions in real-time.
They can inspect network traffic and apply various security measures, such
as blocking malicious IP addresses or performing packet filtering to
mitigate potential threats.
VPN’S
VPN’S
Here some reasons are given that why regular updates and
patch management are important in information security:
1. Vulnerability management: The software we use, including
operating systems, applications, and network devices, often
contain vulnerabilities that can be exploited by hackers.
Software vendors regularly release updates and patches to
address these vulnerabilities. By applying these updates and
patches promptly, organizations can minimize the window of
opportunity for attackers to exploit vulnerabilities, reducing the
risk of successful attacks.
Why update and Patch management
is important?
3. Improved system stability and performance: Updates and patches not only
address security vulnerabilities but also often include bug fixes and
performance improvements. By regularly updating and patching systems,
organizations can benefit from increased stability, reliability, and optimized
performance.
Backup data
Full Backup: This method involves creating a complete copy of all data. It
provides the highest level of protection but requires significant storage
space and time for both backup and recovery.
Incremental Backup: This approach involves backing up only the data that
has changed since the last full or incremental backup. It is faster and
requires less storage space than full backups, but recovery may take longer
as it involves multiple backup sets.