SlideShare a Scribd company logo

004_Cybersecurity Fundamentals Network Security.pdf

D
DaraputriOktiara

The document covers essential networking and security principles, introducing concepts such as network types, the OSI model, and addressing, including IPv4 and IPv6. It highlights the importance of security measures like firewalls, intrusion detection systems, and patch management to mitigate vulnerabilities and threats like malware and DoS attacks. Additionally, it discusses cloud computing benefits, service models, and the zero trust security approach to enhance data protection and access control.

Data & Analytics
1 of 57
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Module 4: Security Principles
What is Networking? A network is simply two or more computers linked together to share data, information or resources. Types of Networks LAN WAN Network Devices : Hub, Switch, Router, Firewall, Server, Endpoint Other Networking Term : Ethernet Device Address •MAC Address •IP Address
Networking at a Glance
Networking Model • The purpose of all communications is to exchange information and ideas between people and organizations so that they can get work done. • Those simple goals can be re-expressed in network (and security) terms such as: o Provide reliable, managed communications between hosts (and users) o Isolate functions in layers o Use packets as the basis of communication o Standardize routing, addressing and control o Allow layers beyond internetworking to add functionality o Be vendor-agnostic, scalable and resilient
Open System Interconnection (OSI) Model • Encapsulation : addition of header and possibly a footer (trailer) data by a protocol used at that layer of the OSI model. • De-encapsulation
Transmission Control Protocol (TCP)/Internet Protocol (IP)
Internet Protocol (IPv4 & IPv6) • IPv6 is a modernization of IPv4, which addressed a number of weaknesses in the IPv4 environment: • A much larger address field: IPv6 addresses are 128 bits, which supports 2128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 hosts. This ensures that we will not run out of addresses. • Improved security: IPsec is an optional part of IPv4 networks, but a mandatory component of IPv6 networks. This will help ensure the integrity and confidentiality of IP packets and allow communicating partners to authenticate with each other. • Improved quality of service (QoS): This will help services obtain an appropriate share of a network’s bandwidth.
Knowledge Check : Formatting IPv6
What is Wifi?
Security of the Network • TCP/IP’s vulnerabilities are numerous. Improperly implemented TCP/IP stacks in various operating systems are vulnerable to various DoS/DDoS attacks, fragment attacks, oversized packet attacks, spoofing attacks, and man-in-the-middle attacks. • TCP/IP (as well as most protocols) is also subject to passive attacks via monitoring or sniffing. Network monitoring, or sniffing, is the act of monitoring traffic patterns to obtain information about a network.
Ports and Protocols (Applications/Services) • Physical Ports : Physical ports are the ports on the routers, switches, servers, computers, etc. that you connect the wires, e.g., fiber optic cables, Cat5 cables, etc., to create a network. • Logical Ports : Ports allow a single IP address to be able to support multiple simultaneous communications, each using a different port number o Well-known ports (0–1023): These ports are related to the common protocols that are at the core of the Transport Control Protocol/Internet Protocol (TCP/IP) model, Domain Name Service (DNS), Simple Mail Transfer Protocol (SMTP), etc. o Registered ports (1024–49151): These ports are often associated with proprietary applications from vendors and developers. While they are officially approved by the Internet Assigned Numbers Authority (IANA), in practice many vendors simply implement a port of their choosing. Examples include Remote Authentication Dial-In User Service (RADIUS) authentication (1812), Microsoft SQL Server (1433/1434) and the Docker REST API (2375/2376). o Dynamic or private ports (49152–65535): Whenever a service is requested that is associated with well-known or registered ports, those services will respond with a dynamic port that is used for that session and then released.
Secure Ports - FTP
Secure Ports - Telnet
Secure Ports - SMTP
Secure Ports - Time
Secure Ports - DNS
Secure Ports - HTTP
Secure Ports - IMAP
Secure Ports - SNMP
Secure Ports - SMB
Secure Ports - LDAP
Type of Threats - Spoofing
Type of Threats - Phishing
Type of Threats – DOS/DDOS
Type of Threats - Virus
Type of Threats - Worm
Type of Threats - Trojan
Type of Threats – On-path Attack
Type of Threats – Side Channel
Type of Threats – Advanced Persistent Threat (APT)
Type of Threats – Insider Threat
Type of Threats - Malware
Type of Threats - Ransomware
Knowledge Check – Identify Malware Threats
Identify Threats and Tools Used to Prevent Them If a system doesn’t need a service or protocol, it should not be running. Attackers cannot exploit a vulnerability in a service or protocol that isn’t running on a system. Firewalls can prevent many different types of attacks. Network-based firewalls protect entire networks, and host-based firewalls protect individual systems.
Intrusion Detection System (IDS) • Intrusion detection is a specific form of monitoring that monitors recorded information and real-time events to detect abnormal activity indicating a potential incident or intrusion. • An intrusion detection system (IDS) automates the inspection of logs and real-time system events to detect intrusion attempts and system failures. • A primary goal of an IDS is to provide a means for a timely and accurate response to intrusions. • IDS types are commonly classified as host-based and network-based. A host-based IDS (HIDS) monitors a single computer or host. A network-based IDS (NIDS) monitors a network by observing network traffic patterns.
Preventing Threats • Keep systems and applications up to date. Vendors regularly release patches to correct bugs and security flaws, but these only help when they are applied. Patch management ensures that systems and applications are kept up to date with relevant patches. • Remove or disable unneeded services and protocols. If a system doesn’t need a service or protocol, it should not be running. Attackers cannot exploit a vulnerability in a service or protocol that isn’t running on a system. As an extreme contrast, imagine a web server is running every available service and protocol. It is vulnerable to potential attacks on any of these services and protocols. • Use intrusion detection and prevention systems. As discussed, intrusion detection and prevention systems observe activity, attempt to detect threats and provide alerts. They can often block or stop attacks. • Use up-to-date anti-malware software. We have already covered the various types of malicious code such as viruses and worms. A primary countermeasure is anti-malware software. • Use firewalls. Firewalls can prevent many different types of threats. Network-based firewalls protect entire networks, and host-based firewalls protect individual systems. This chapter included a section describing how firewalls can prevent attacks.
Preventing Threats - Antivirus • Antivirus systems try to identify malware based on the signature of known malware or by detecting abnormal activity on a system. This identification is done with various types of scanners, pattern recognition and advanced machine learning algorithms. • Anti-malware now goes beyond just virus protection as modern solutions try to provide a more holistic approach detecting rootkits, ransomware and spyware. Many endpoint solutions also include software firewalls and IDS or IPS systems.
Preventing Threats - Scan • Regular vulnerability and port scans are a good way to evaluate the effectiveness of security controls used within an organization. They may reveal areas where patches or security settings are insufficient, where new vulnerabilities have developed or become exposed, and where security policies are either ineffective or not being followed. Attackers can exploit any of these vulnerabilities.
Preventing Threats - Firewall
Preventing Threats – Intrusion Prevention System (IPS) • An intrusion prevention system (IPS) is a special type of active IDS that automatically attempts to detect and block attacks before they reach target systems. • A distinguishing difference between an IDS and an IPS is that the IPS is placed in line with the traffic. In other words, all traffic must pass through the IPS and the IPS can choose what traffic to forward and what traffic to block after analyzing it. This allows the IPS to prevent an attack from reaching a target. Since IPS systems are most effective at preventing network-based attacks, it is common to see the IPS function integrated into firewalls. • Just like IDS, there are Network-based IPS (NIPS) and Host-based IPS (HIPS).
On- Premises Data Center • When it comes to data centers, there are two primary options: organizations can outsource the data center or own the data center. If the data center is owned, it will likely be built on premises. A place, like a building for the data center is needed, along with power, HVAC, fire suppression and redundancy.
Redundancy • The concept of redundancy is to design systems with duplicate components so that if a failure were to occur, there would be a backup. This can apply to the data center as well. Risk assessments pertaining to the data center should identify when multiple separate utility service entrances are necessary for redundant communication channels and/or mechanisms. • If the organization requires full redundancy, devices should have two power supplies connected to diverse power sources. Those power sources would be backed up by batteries and generators. In a high-availability environment, even generators would be redundant and fed by different fuel types.
Cloud • Cloud computing is usually associated with an internet-based set of computing resources, and typically sold as a service, provided by a cloud service provider (CSP). • “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST SP 800-145
Cloud Characteristics • Cloud computing has many benefits for organizations, which include but are not limited to: o Usage is metered and priced according to units (or instances) consumed. This can also be billed back to specific departments or functions. o Reduced cost of ownership. There is no need to buy any assets for everyday use, no loss of asset value over time and a reduction of other related costs of maintenance and support. o Reduced energy and cooling costs, along with “green IT” environment effect with optimum use of IT resources and systems. o Allows an enterprise to scale up new software or data- based services/solutions through cloud systems quickly and without having to install massive hardware locally.
Service Models • Types of cloud computing service models include Software as a Service (SaaS) , Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
Deployment Models • The four cloud models available are public, private, hybrid and community .
Managed Service Provider (MSP) A managed service provider (MSP) is a company that manages information technology assets for another company. Some other common MSP implementations are: Augment in-house staff for projects Utilize expertise for implementation of a product or service Provide payroll services Provide Help Desk service management Monitor and respond to security incidents Manage all in-house IT infrastructure
Service-Level Agreement (SLA) The cloud computing service-level agreement (cloud SLA) is an agreement between a cloud service provider and a cloud service customer based on a taxonomy of cloud computing– specific terms to set the quality of the cloud services delivered. The purpose of an SLA is to document specific parameters, minimum service levels and remedies for any failure to meet the specified requirements. important SLA points to consider include the following: • Cloud system infrastructure details and security standards • Customer right to audit legal and regulatory compliance by the CSP • Rights and costs associated with continuing and discontinuing service use • Service availability • Service performance • Data security and privacy • Disaster recovery processes • Data location • Data access • Data portability • Problem identification and resolution expectations • Change management processes • Dispute mediation processes • Exit strategy
Network Design : Segmentation
Network Design : Demiliterize d Zone (DMZ)
Network Design : Virtual Local Area Network (VLAN)
Network Design : Virtual Private Network (VPN)
Network Design : Defense in Depth
Network Design : Network Access Control (NAC)
Deep Dive Defense in Depth • Data: Controls that protect the actual data with technologies such as encryption, data leak prevention, identity and access management and data controls. • Application: Controls that protect the application itself with technologies such as data leak prevention, application firewalls and database monitors. • Host: Every control that is placed at the endpoint level, such as antivirus, endpoint firewall, configuration and patch management. • Internal network: Controls that are in place to protect uncontrolled data flow and user access across the organizational network. Relevant technologies include intrusion detection systems, intrusion prevention systems, internal firewalls and network access controls. • Perimeter: Controls that protect against unauthorized access to the network. This level includes the use of technologies such as gateway firewalls, honeypots, malware analysis and secure demilitarized zones (DMZs). • Physical: Controls that provide a physical barrier, such as locks, walls or access control. • Policies, procedures and awareness: Administrative controls that reduce insider threats (intentional and unintentional) and identify risks as soon as they appear.
Zero Trust • Zero trust is an evolving design approach which recognizes that even the most robust access control systems have their weaknesses. It adds defenses at the user, asset and data level, rather than relying on perimeter defense. In the extreme, it insists that every process or action a user attempts to take must be authenticated and authorized; the window of trust becomes vanishingly small. • While microsegmentation adds internal perimeters, zero trust places the focus on the assets, or data, rather than the perimeter. Zero trust builds more effective gates to protect the assets directly rather than building additional or higher walls.

More Related Content

PPTX
Securing E-commerce networks in MIS and E-Commerce
hidivin652
 
PPTX
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
PPTX
IBM2202E_Network Security_Group Work_General Security.pptx
kristineply58
 
PPTX
Network security and System Admin
MD SAHABUDDIN
 
PPTX
IDS VS IPS.pptx
Tapan Khilar
 
PPTX
Webinar 2.1 - Network protection and devices.pptx
RoyMurillo4
 
PDF
network_security.docx_2.pdf
ahmed53254
 
PDF
ClubHack Magazine issue 26 March 2012
ClubHack
 
Securing E-commerce networks in MIS and E-Commerce
hidivin652
 
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
IBM2202E_Network Security_Group Work_General Security.pptx
kristineply58
 
Network security and System Admin
MD SAHABUDDIN
 
IDS VS IPS.pptx
Tapan Khilar
 
Webinar 2.1 - Network protection and devices.pptx
RoyMurillo4
 
network_security.docx_2.pdf
ahmed53254
 
ClubHack Magazine issue 26 March 2012
ClubHack
 

Similar to 004_Cybersecurity Fundamentals Network Security.pdf (20)

PDF
Introduction to Cyber security module - III
TAMBEMAHENDRA1
 
PDF
Sscp Systems Security Certified Practitioner Allinone Exam Guide Third Editio...
qhjmirl9960
 
PPTX
Unit-5.pptx
RoyBokhiriya
 
PPT
Lecture 5
Education
 
PPTX
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
PDF
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
saksahudaiud
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
PDF
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
wgyunjq580
 
PPT
Essentials Of Security
xsy
 
PPTX
M1_Introduction_IPS.pptx
imanuelantoniussohir
 
PPTX
Network security
praveenbenson
 
PPTX
Seucrity in a nutshell
Yahia Kandeel
 
PPT
Intrusion Detection System
Mohit Belwal
 
PPT
IT8005_EC_Unit_III_Securing_Communication_Channels
Palani Kumar
 
PPTX
Network Security of Data Protection
UthsoNandy
 
PPT
Network sec 1
Jasleen Kaur
 
PPTX
Cyber Security
frcarlson
 
PDF
IPS (intrusion prevention system)
Netwax Lab
 
PPT
Chapter 4.ppt
girmawodajo
 
PPSX
Network & security startup
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Introduction to Cyber security module - III
TAMBEMAHENDRA1
 
Sscp Systems Security Certified Practitioner Allinone Exam Guide Third Editio...
qhjmirl9960
 
Unit-5.pptx
RoyBokhiriya
 
Lecture 5
Education
 
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
saksahudaiud
 
Network Security Fundamentals
Rahmat Suhatman
 
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
wgyunjq580
 
Essentials Of Security
xsy
 
M1_Introduction_IPS.pptx
imanuelantoniussohir
 
Network security
praveenbenson
 
Seucrity in a nutshell
Yahia Kandeel
 
Intrusion Detection System
Mohit Belwal
 
IT8005_EC_Unit_III_Securing_Communication_Channels
Palani Kumar
 
Network Security of Data Protection
UthsoNandy
 
Network sec 1
Jasleen Kaur
 
Cyber Security
frcarlson
 
IPS (intrusion prevention system)
Netwax Lab
 
Chapter 4.ppt
girmawodajo
 
Network & security startup
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Ad

Recently uploaded (20)

PPTX
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
PPT
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
PPT
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 
PPTX
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
PPTX
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PDF
“Getting Started with Data Analytics Using R – Concepts, Tools & Case Studies”
Nusrat Gulbarga
 
PDF
Foundation of Data Science unit number two notes
sanguleumeshit
 
PPTX
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
PPTX
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
 
PPTX
05. PRACTICAL GUIDE TO MICROSOFT EXCEL.pptx
macomputermacomputer
 
PDF
Clinical guidelines as a resource for EBP(1).pdf
MashalKhan626345
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
PPTX
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
PPTX
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
PPTX
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
Lecture1 pattern recognition............
ZafriFarid
 
“Getting Started with Data Analytics Using R – Concepts, Tools & Case Studies”
Nusrat Gulbarga
 
Foundation of Data Science unit number two notes
sanguleumeshit
 
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
 
05. PRACTICAL GUIDE TO MICROSOFT EXCEL.pptx
macomputermacomputer
 
Clinical guidelines as a resource for EBP(1).pdf
MashalKhan626345
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
Ad

004_Cybersecurity Fundamentals Network Security.pdf

  • 1. Module 4: Security Principles
  • 2. What is Networking? A network is simply two or more computers linked together to share data, information or resources. Types of Networks LAN WAN Network Devices : Hub, Switch, Router, Firewall, Server, Endpoint Other Networking Term : Ethernet Device Address •MAC Address •IP Address
  • 4. Networking Model • The purpose of all communications is to exchange information and ideas between people and organizations so that they can get work done. • Those simple goals can be re-expressed in network (and security) terms such as: o Provide reliable, managed communications between hosts (and users) o Isolate functions in layers o Use packets as the basis of communication o Standardize routing, addressing and control o Allow layers beyond internetworking to add functionality o Be vendor-agnostic, scalable and resilient
  • 5. Open System Interconnection (OSI) Model • Encapsulation : addition of header and possibly a footer (trailer) data by a protocol used at that layer of the OSI model. • De-encapsulation
  • 7. Internet Protocol (IPv4 & IPv6) • IPv6 is a modernization of IPv4, which addressed a number of weaknesses in the IPv4 environment: • A much larger address field: IPv6 addresses are 128 bits, which supports 2128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 hosts. This ensures that we will not run out of addresses. • Improved security: IPsec is an optional part of IPv4 networks, but a mandatory component of IPv6 networks. This will help ensure the integrity and confidentiality of IP packets and allow communicating partners to authenticate with each other. • Improved quality of service (QoS): This will help services obtain an appropriate share of a network’s bandwidth.
  • 10. Security of the Network • TCP/IP’s vulnerabilities are numerous. Improperly implemented TCP/IP stacks in various operating systems are vulnerable to various DoS/DDoS attacks, fragment attacks, oversized packet attacks, spoofing attacks, and man-in-the-middle attacks. • TCP/IP (as well as most protocols) is also subject to passive attacks via monitoring or sniffing. Network monitoring, or sniffing, is the act of monitoring traffic patterns to obtain information about a network.
  • 11. Ports and Protocols (Applications/Services) • Physical Ports : Physical ports are the ports on the routers, switches, servers, computers, etc. that you connect the wires, e.g., fiber optic cables, Cat5 cables, etc., to create a network. • Logical Ports : Ports allow a single IP address to be able to support multiple simultaneous communications, each using a different port number o Well-known ports (0–1023): These ports are related to the common protocols that are at the core of the Transport Control Protocol/Internet Protocol (TCP/IP) model, Domain Name Service (DNS), Simple Mail Transfer Protocol (SMTP), etc. o Registered ports (1024–49151): These ports are often associated with proprietary applications from vendors and developers. While they are officially approved by the Internet Assigned Numbers Authority (IANA), in practice many vendors simply implement a port of their choosing. Examples include Remote Authentication Dial-In User Service (RADIUS) authentication (1812), Microsoft SQL Server (1433/1434) and the Docker REST API (2375/2376). o Dynamic or private ports (49152–65535): Whenever a service is requested that is associated with well-known or registered ports, those services will respond with a dynamic port that is used for that session and then released.
  • 22. Type of Threats - Spoofing
  • 23. Type of Threats - Phishing
  • 24. Type of Threats – DOS/DDOS
  • 25. Type of Threats - Virus
  • 26. Type of Threats - Worm
  • 27. Type of Threats - Trojan
  • 28. Type of Threats – On-path Attack
  • 29. Type of Threats – Side Channel
  • 30. Type of Threats – Advanced Persistent Threat (APT)
  • 31. Type of Threats – Insider Threat
  • 32. Type of Threats - Malware
  • 33. Type of Threats - Ransomware
  • 34. Knowledge Check – Identify Malware Threats
  • 35. Identify Threats and Tools Used to Prevent Them If a system doesn’t need a service or protocol, it should not be running. Attackers cannot exploit a vulnerability in a service or protocol that isn’t running on a system. Firewalls can prevent many different types of attacks. Network-based firewalls protect entire networks, and host-based firewalls protect individual systems.
  • 36. Intrusion Detection System (IDS) • Intrusion detection is a specific form of monitoring that monitors recorded information and real-time events to detect abnormal activity indicating a potential incident or intrusion. • An intrusion detection system (IDS) automates the inspection of logs and real-time system events to detect intrusion attempts and system failures. • A primary goal of an IDS is to provide a means for a timely and accurate response to intrusions. • IDS types are commonly classified as host-based and network-based. A host-based IDS (HIDS) monitors a single computer or host. A network-based IDS (NIDS) monitors a network by observing network traffic patterns.
  • 37. Preventing Threats • Keep systems and applications up to date. Vendors regularly release patches to correct bugs and security flaws, but these only help when they are applied. Patch management ensures that systems and applications are kept up to date with relevant patches. • Remove or disable unneeded services and protocols. If a system doesn’t need a service or protocol, it should not be running. Attackers cannot exploit a vulnerability in a service or protocol that isn’t running on a system. As an extreme contrast, imagine a web server is running every available service and protocol. It is vulnerable to potential attacks on any of these services and protocols. • Use intrusion detection and prevention systems. As discussed, intrusion detection and prevention systems observe activity, attempt to detect threats and provide alerts. They can often block or stop attacks. • Use up-to-date anti-malware software. We have already covered the various types of malicious code such as viruses and worms. A primary countermeasure is anti-malware software. • Use firewalls. Firewalls can prevent many different types of threats. Network-based firewalls protect entire networks, and host-based firewalls protect individual systems. This chapter included a section describing how firewalls can prevent attacks.
  • 38. Preventing Threats - Antivirus • Antivirus systems try to identify malware based on the signature of known malware or by detecting abnormal activity on a system. This identification is done with various types of scanners, pattern recognition and advanced machine learning algorithms. • Anti-malware now goes beyond just virus protection as modern solutions try to provide a more holistic approach detecting rootkits, ransomware and spyware. Many endpoint solutions also include software firewalls and IDS or IPS systems.
  • 39. Preventing Threats - Scan • Regular vulnerability and port scans are a good way to evaluate the effectiveness of security controls used within an organization. They may reveal areas where patches or security settings are insufficient, where new vulnerabilities have developed or become exposed, and where security policies are either ineffective or not being followed. Attackers can exploit any of these vulnerabilities.
  • 41. Preventing Threats – Intrusion Prevention System (IPS) • An intrusion prevention system (IPS) is a special type of active IDS that automatically attempts to detect and block attacks before they reach target systems. • A distinguishing difference between an IDS and an IPS is that the IPS is placed in line with the traffic. In other words, all traffic must pass through the IPS and the IPS can choose what traffic to forward and what traffic to block after analyzing it. This allows the IPS to prevent an attack from reaching a target. Since IPS systems are most effective at preventing network-based attacks, it is common to see the IPS function integrated into firewalls. • Just like IDS, there are Network-based IPS (NIPS) and Host-based IPS (HIPS).
  • 42. On- Premises Data Center • When it comes to data centers, there are two primary options: organizations can outsource the data center or own the data center. If the data center is owned, it will likely be built on premises. A place, like a building for the data center is needed, along with power, HVAC, fire suppression and redundancy.
  • 43. Redundancy • The concept of redundancy is to design systems with duplicate components so that if a failure were to occur, there would be a backup. This can apply to the data center as well. Risk assessments pertaining to the data center should identify when multiple separate utility service entrances are necessary for redundant communication channels and/or mechanisms. • If the organization requires full redundancy, devices should have two power supplies connected to diverse power sources. Those power sources would be backed up by batteries and generators. In a high-availability environment, even generators would be redundant and fed by different fuel types.
  • 44. Cloud • Cloud computing is usually associated with an internet-based set of computing resources, and typically sold as a service, provided by a cloud service provider (CSP). • “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST SP 800-145
  • 45. Cloud Characteristics • Cloud computing has many benefits for organizations, which include but are not limited to: o Usage is metered and priced according to units (or instances) consumed. This can also be billed back to specific departments or functions. o Reduced cost of ownership. There is no need to buy any assets for everyday use, no loss of asset value over time and a reduction of other related costs of maintenance and support. o Reduced energy and cooling costs, along with “green IT” environment effect with optimum use of IT resources and systems. o Allows an enterprise to scale up new software or data- based services/solutions through cloud systems quickly and without having to install massive hardware locally.
  • 46. Service Models • Types of cloud computing service models include Software as a Service (SaaS) , Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
  • 47. Deployment Models • The four cloud models available are public, private, hybrid and community .
  • 48. Managed Service Provider (MSP) A managed service provider (MSP) is a company that manages information technology assets for another company. Some other common MSP implementations are: Augment in-house staff for projects Utilize expertise for implementation of a product or service Provide payroll services Provide Help Desk service management Monitor and respond to security incidents Manage all in-house IT infrastructure
  • 49. Service-Level Agreement (SLA) The cloud computing service-level agreement (cloud SLA) is an agreement between a cloud service provider and a cloud service customer based on a taxonomy of cloud computing– specific terms to set the quality of the cloud services delivered. The purpose of an SLA is to document specific parameters, minimum service levels and remedies for any failure to meet the specified requirements. important SLA points to consider include the following: • Cloud system infrastructure details and security standards • Customer right to audit legal and regulatory compliance by the CSP • Rights and costs associated with continuing and discontinuing service use • Service availability • Service performance • Data security and privacy • Disaster recovery processes • Data location • Data access • Data portability • Problem identification and resolution expectations • Change management processes • Dispute mediation processes • Exit strategy
  • 52. Network Design : Virtual Local Area Network (VLAN)
  • 54. Network Design : Defense in Depth
  • 56. Deep Dive Defense in Depth • Data: Controls that protect the actual data with technologies such as encryption, data leak prevention, identity and access management and data controls. • Application: Controls that protect the application itself with technologies such as data leak prevention, application firewalls and database monitors. • Host: Every control that is placed at the endpoint level, such as antivirus, endpoint firewall, configuration and patch management. • Internal network: Controls that are in place to protect uncontrolled data flow and user access across the organizational network. Relevant technologies include intrusion detection systems, intrusion prevention systems, internal firewalls and network access controls. • Perimeter: Controls that protect against unauthorized access to the network. This level includes the use of technologies such as gateway firewalls, honeypots, malware analysis and secure demilitarized zones (DMZs). • Physical: Controls that provide a physical barrier, such as locks, walls or access control. • Policies, procedures and awareness: Administrative controls that reduce insider threats (intentional and unintentional) and identify risks as soon as they appear.
  • 57. Zero Trust • Zero trust is an evolving design approach which recognizes that even the most robust access control systems have their weaknesses. It adds defenses at the user, asset and data level, rather than relying on perimeter defense. In the extreme, it insists that every process or action a user attempts to take must be authenticated and authorized; the window of trust becomes vanishingly small. • While microsegmentation adds internal perimeters, zero trust places the focus on the assets, or data, rather than the perimeter. Zero trust builds more effective gates to protect the assets directly rather than building additional or higher walls.