Information Security System Notes
Information Security System Notes
Spam emails – also known as junk emails – are unsolicited messages sent out in bulk. Most
email providers use algorithms to filter out spam messages, but they can still appear in your
inbox despite this. Steps to take include:
Mark spam emails as spam – this will help the email provider to refine their spam
filtering. How to mark a message as spam will vary depending on which email client you
use – Outlook, Gmail, Apple Mail, Yahoo Mail, and so on.
Never click on a link or open an attachment in a spam email. Doing so could mean you
download malware onto your device. At the very least, you confirm to the spammers that
yours is an active email account, incentivizing them to send more spam.
Be careful about where you disclose your email address. It's a good idea to have a
secondary, throwaway email account that you use solely for email sign-ups and
subscriptions, separate from the one you use for friends and family and separate from the
one you use for work.
Most email providers will offer privacy settings – review these and make sure they are set
to a level you feel comfortable with.
Look into third-party email spam filters. These provide an additional layer of
cybersecurity, as emails have to travel through two spam filters before getting to you –
your email provider’s spam filter plus the third-party app.
Passive: Attackers gain access to a network and can monitor or steal sensitive
information, but without making any change to the data, leaving it intact.
Active: Attackers not only gain unauthorized access but also modify data, either deleting,
encrypting or otherwise harming it.
1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving permission.
Among the causes of unauthorized access attacks are weak passwords, lacking protection against
social engineering, previously compromised accounts, and insider threats.
2. Distributed Denial of Service (DDoS) attacks
Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic
at your network or servers. DDoS can occur at the network level, for example by sending huge
volumes of SYN/ACC packets which can overwhelm a server, or at the application level, for
example by performing complex SQL queries that bring a database to its knees.
5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand their reach.
Horizontal privilege escalation involves attackers gaining access to additional, adjacent systems,
and vertical escalation means attackers gain a higher level of privileges for the same systems.
6. Insider threats
A network is especially vulnerable to malicious insiders, who already have privileged access to
organizational systems. Insider threats can be difficult to detect and protect against, because
insiders do not need to penetrate the network in order to do harm. New technologies like User
and Even Behavioral Analytics (UEBA) can help identify suspicious or anomalous behavior by
internal users, which can help identify insider attacks.
There are mainly three types of firewalls, such as software firewalls, hardware firewalls, or both,
depending on their structure. Each type of firewall has different functionality but the same
purpose. However, it is best practice to have both to achieve maximum possible protection.
A hardware firewall is a physical device that attaches between a computer network and a
gateway. For example- a broadband router. A hardware firewall is sometimes referred to as
an Appliance Firewall. On the other hand, a software firewall is a simple program installed on a
computer that works through port numbers and other installed software. This type of firewall is
also called a Host Firewall.
Besides, there are many other types of firewalls depending on their features and the level of
security they provide. The following are types of firewall techniques that can be implemented as
software or hardware:
o Packet-filtering Firewalls
o Circuit-level Gateways
o Application-level Gateways (Proxy Firewalls)
Packet-filtering Firewalls
A packet filtering firewall is the most basic type of firewall. It acts like a management program
that monitors network traffic and filters incoming packets based on configured security rules.
These firewalls are designed to block network traffic IP protocols, an IP address, and a port
number if a data packet does not match the established rule-set.
While packet-filtering firewalls can be considered a fast solution without many resource
requirements, they also have some limitations. Because these types of firewalls do not prevent
web-based attacks, they are not the safest.
Circuit-level Gateways
Circuit-level gateways are another simplified type of firewall that can be easily configured to
allow or block traffic without consuming significant computing resources. These types of
firewalls typically operate at the session-level of the OSI model by verifying TCP (Transmission
Control Protocol) connections and sessions. Circuit-level gateways are designed to ensure that
the established sessions are protected.
Unlike basic firewalls, these firewalls transfer requests from clients pretending to be original
clients on the web-server. This protects the client's identity and other suspicious information,
keeping the network safe from potential attacks. Once the connection is established, the proxy
firewall inspects data packets coming from the source. If the contents of the incoming data
packet are protected, the proxy firewall transfers it to the client. This approach creates an
additional layer of security between the client and many different sources on the network
Cloud Firewalls
Whenever a firewall is designed using a cloud solution, it is known as a cloud firewall or FaaS
(firewall-as-service). Cloud firewalls are typically maintained and run on the Internet by third-
party vendors. This type of firewall is considered similar to a proxy firewall. The reason for this
is the use of cloud firewalls as proxy servers. However, they are configured based on
requirements.
The most significant advantage of cloud firewalls is scalability. Because cloud firewalls have no
physical resources, they are easy to scale according to the organization's demand or traffic-load.
If demand increases, additional capacity can be added to the cloud server to filter out the
additional traffic load. Most organizations use cloud firewalls to secure their internal networks or
entire cloud infrastructure.