Network Security

FIREWALL

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on
predetermined security rules.

 Types:

o Packet Filtering Firewall: Inspects packets and allows or denies them based on set rules.

o Stateful Inspection Firewall: Tracks the state of active connections and makes decisions based on the context
of traffic.

 Application Layer Firewall: Operates at the application layer, inspecting the data in the context of applications.
 Web Application Firewall

 WAF is a specialized security solution designed to protect web applications by filtering, monitoring, and blocking
harmful traffic to and from a web application.
 It operates at the application layer (Layer 7 in the OSI model)
 Used to secure web applications from attacks such as cross-site scripting (XSS), SQL injection, file inclusion, and
other vulnerabilities.
Key Features of WAF:

1. Application-Level Protection:

2. Rule-Based Filtering:

3. Traffic Monitoring and Logging:

4. Threat Mitigation:

5. Real-Time Analysis:
Proxy Server

 Proxy acts as an intermediary between clients and servers, forwarding requests and responses
while adding a layer of security and anonymity.

Types of Proxies:

 Forward Proxy: Used by clients to access resources on the internet. It hides the client’s identity.

 Reverse Proxy: Deployed in front of servers to manage traffic, enhance performance, and provide protection.

Use Cases:

 Protecting web servers.

 Filtering outgoing or incoming traffic.

Endpoint Detection and Response

 EDR is a set of tools and solutions designed to detect, investigate, and respond to security incidents on
endpoint devices, such as desktops, laptops, servers, and mobile devices.
 EDR plays a crucial role in modern cybersecurity strategies by offering real-time monitoring, advanced
threat detection, and automated responses to mitigate threats.
Key Features of EDR
1.Endpoint Monitoring
2.Threat Detection
3.Incident Response
4.Automated Remediation
5.Integration with SIEM (Security Information and Event Management)
6.Forensics and Reporting
Common EDR Use Cases

 1. Ransomware Mitigation:
Detects unusual file encryption activities and stops ransomware attacks before they
spread.
 2.Insider Threat Detection:
Monitors for unusual behavior by authorized users or devices that could indicate insider
threats.
 3.Zero-Day Exploits:
Identifies and responds to unknown vulnerabilities that traditional security tools may miss.
 4.Incident Investigation:
Provides detailed insights into security incidents to improve response times and strategies.
Popular EDR Solutions
Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec Endpoint Security
 Active Directory

 Active Directory is a centralized system that enables administrators to manage users,

devices, and resources in a network.
 It stores information about these objects in a hierarchical structure, allowing easy
organization and access control.
 AD is integral to implementing network security policies and ensuring that only authorized
users and devices can access specific resources.
 Key Components of Active Directory
 Domain:
 Domain Controller (DC)
 Organizational Units (OUs)
 Active Directory Users and Computers (ADUC):
 Group Policy:
 Global Catalog:
Network Access Control

 NAC is a solution used to enforce security policies for devices attempting to access a
network.
 It ensures that only authorized and compliant devices, such as laptops, smartphones, or
IoT devices, can connect to the network.
 NAC is integral to maintaining network security by verifying the identity of users and the
security of their devices.
NAC solutions provide access to network resources based on device
Identity: Ensures the user or device is authenticated.
Compliance: Checks if the device meets security policies (e.g., updated antivirus, OS patches).
Role: Determines the level of access a user or device should have.
Personal Information Management System (PIMS)

 It is a framework or solution designed to manage, secure, and protect sensitive personal or

organizational data throughout its lifecycle.
 PIMS is crucial for ensuring compliance with data protection regulations and safeguarding privacy

PIMS and Compliance Frameworks.

a. ISO/IEC 27701: A globally recognized standard for implementing PIMS.
b. General Data Protection Regulation (GDPR): EU regulation requiring strict data protection measures.
c. California Consumer Privacy Act (CCPA): U.S. regulation ensuring consumer rights over personal data.
d. Health Insurance Portability and Accountability Act (HIPAA): U.S. law governing healthcare data security.
Key Features of PIMS

1. Data Inventory and Classification: Identifies and categorizes personal or sensitive data within a
network.

2. Access Control: Ensures only authorized personnel can access sensitive information.

3. Data Encryption: Encrypts sensitive data both in transit and at rest to prevent unauthorized access.

4. Data Minimization: Reduces the amount of personal data collected or stored to minimize risks.

5.Audit Trails: Tracks and logs access, modifications, and sharing of personal data.

6. Incident Response: Detects and responds to data breaches or unauthorized access attempts.

7. Regulatory Compliance: Ensures alignment with global privacy standards such as GDPR, HIPAA, or
CCPA.

8. Data Retention and Disposal: Automates policies for retaining and securely disposing of data.