edx cybersecurity fundamentals unit 7 26 trminos GwonnyWong

Te
gusta
esta
unidad
de Crea una cuenta
estudio? gratis
Crea una
cuenta Ms tarde

gratis para
poder
guardarla.

firewalls filter traffic based on rules, can be physical hardware

devices or software

filter deny traffic, certain packets are not led into network

filter criteria source ip, destination ip, protocols, ports, other

hardware based aka network based firewalls

firewalls

IDS intrusion detection system, out-of-band, simply gets

copies of network traffic, does not add latency, IDS
sensor going down traffic still flows, alerts admin and
could tell firewall to block based on criteria, sits, listens,
collects data used for forensics and analysis, visibility
 device, vulnerable to false positive, can be hostbased or
networkbased

IPS intrusion prevention system, in-line, original traffic passes

through IPS, adds latency, IPS sensor goes down traffic
stops, can do what IDS does, control device, false
positive

software based aka host based firewalls

firewalls

packet filtering permits or denies traffic based on rules, with stateless or

stateful packet filtering, stateless - sessionless, each
packet is an isolated piece of communication, requires
less time and memory, cannot make complex decisions -
stateful - uses sessions, understands stages of TCP
connection, can be aware of false ip addresses, packets
can flow between hosts without further checking

ALG application layer gateway, applies security mechanisms

based on applications, HTTP, SSL/TLS, FTP, DNS, VoIP,
checks how protocols should be worked and looks at
layer 7

DPI deep packet inspection, done by ALG to examine great

detail contents of data being sent, like if it was sent in
right format and if there's no malware, snooping,
censoring, ISP's sometimes uses DPI to scan contents of
packets and reroute or drop packets meeting certain
criteria, looks into protocols and behavior

DCI deep content inspection, evolved from DPI, examines an

entire file or email attachment looking for new gen
malware for spam, data exfiltration, for keywords, and
other content, puts together parts of objects, decodes
and decompresses files, puts actual objects in packets
like pdfs and images

NIDS network based IDS

NIPS network based IPS

HIDS host based IDS, reside on particular server, benchmarks

and monitors activity, can deal with encrypted traffic that
have been decrypted on the host, looks for network
 activity, looks for anomalist network activity, although
blurry line with HIPS

HIPS host based IPS ^, looks for system activity, looks for
anomalist system activity

signature-based IDS works like antivirus software, detects attacks by patterns,

and IPS such as certain instruction on host's machine or usage of
protocols or contents

anomaly-based IDS compare and establish baseline to something that might

and IPS be malicious, false-positives and false-positives are a big
issue, can detect malicious insiders and machines or
accounts that have been compromised from outsiders

PII personally-identifiable information, plaintext password,

credit card number, healthcare related info

honeypot server with PII

honeynet network of PII (of honeypots)

decoy system deployed on a network to fool potential attackers

deception software new wave of honeypots, decoys that can be centrally

managed,. works with other security software, ran
through virtualization

social engineering preying on gullible and naive humans, the art and
science of getting people to comply to your wishes, an
outside hacker's use of psychological tricks on legitimate
users of a computer system in order to obtain
information he needs to gain access to the system

goals of social fraud, network intrusion, espionage, identity theft,

engineering system and network disruption

potential targets phone companies, answering services, corporations,

financial institutions, military and governmental agencies,
hospitals, you

dumpster diving technique used for gaining information, almost any kind
can help