Advance Network threats and Security controls. PART 2

Network threats and Security controls:

As the computer are advanced day by day so the Network threats are also increasing with the updates, as the systems are targeted more by hackers so we need to protect it overal

Advance Network Threats and Security Controls.

These are few threats/attacks which is performed by hackers most commonly.

1. Advance Persistent Threats: The threats which are long term, like hackers take access for long time and didn’t give up on your system like they hack and then maintain it. For example you have resolve the issue but hacker has maintain the persistent threats so few parts still remain and with that hacker can take access again when wants it.
2. Zero day Exploits: The attackers take the advantage of vulnerability before the fix release. For example a company releases a update of software then there is a bug in its update but developers are unknown for it so there is no patch for that bug, so attackers take advantage and exploit software by zero day exploit.
3. DDoS Attack: Distributed Denial of services attack means the fake huge traffic sends on website to crash it. For example Your website have ability to handle 1k traffic at same time and  an attacker hacks 3 other systems at same time and then send fake requests of 10k from each, like 30k traffic at one time so your server became down and website crashed. It also increases the chances of data loss.
4. Men in the middle ( MitM) Attack: When the  attacker  take the data from middle, for example customer request data from your website and then website sends it direct to customer  but in middle attackers intercept the data and stole it. So this attack is called MitM attack.
5. Ransomware: In this attack the data became locked/ encrypted by the attacker and then they ask for some payment to unlock/decrypt our data. So it’s so hard to recover data if once it’s implemented by attackers, so to stay safe we need to take data backup necessarily.
6. Security Controls. Are safeguards and basic rules to protect systems from the attackers. To learn better understanding we need to learn about the Advance Network Threats and security controls.

If we want to protect our systems from attackers we need to implement these security controls to stay safe.

security controls

1. Intrusion detection system( IDS): It’s kind of security which detect the all packets comes to your system and then analyze all, if something harmful comes it will detect, report to you and also stops that attack. IDP is like piece of code or a software which can enhance your systems security &
2. Intrusion Prevention system (IPS): A security that monitors network traffic for malicious activity and then automatically takes action to prevent or block threats.
3. Firewall: This is a wall which protects system; it acts like a guard for network. Firewall protects the data coming in or coming out of the network (system).  So if IDS, IPS & Firewall is activated in any system that would be remained safe from attackers.
4. Endpoint protection:  It is like a kind of protection given at the individual level, like if in any company/organization so many employs are working and a antivirus or firewall setting is available at everyone’s system, it’s called as end point protection. End to end users system security is known as EPP.  By that you can encrypt the data as well, so your data became more secure due to encryption.
5.  Encryption: You can encrypt your data as well, mean data in unreadable and became readable by using key security only. So if someone accesses our encrypted data still they can’t read it because for decryption they need key to decode data. So it increases an extra layer of security in networks.
6. Security Information & Event Management (SIEM): These are the simple tools which do real time monitoring and provide real time security. The data coming in or going out from system these SIEM tools monitor, and if something malicious happens then this tool will handle what action needed to take, also it gave alerts if anything harmful happens. These are like dashboards where we can see all records. Few companies even made their own SIEM tools.
7. Implementation Strategies for Security: Implementation strategies are those which we need to implement in order to secure our networks.

1. Regular security Audits: It’s really important to do daily security auditing to avoid any risk.
2. Employee trainings: Every employee should be trained to know what is phishing attack looks like, and should be trained well about all types’ risks.
3. Incident Response attack: Means the plan which you made when any threat or attack happens, so after attack you prepare full plan to restore your network security.
4. Patch Management: First of all “patch” is a software update or fix released by the developers to address vulnerabilities, bugs or attacks to improve software functionality. So “Patch Management” is the process of identifying, testing, deploying or managing these software updates across a network/system. So your patches should be properly managed, if not then network would be harmed or poisoned.
5. Network Segmentation: Means to make different segments of one network by adding routers to minimize the risk, so if one segment should be harmed then the whole network would remain safe. So to avoid the risk of damage we can create a many segment/parts of one large network of one organization system/network. So if risk happed then only small amount would be harmed not whole.

Its a day 5 learnings but still have part 2 and you can read part 1 (https://munazajameel.site/basics-of-networking-in-cybersecurity-part-1/ ) for better understanding of network threats and security controls, because i want to dedicate one separate post for Threat Modeling Mechanisms in Cyber security.

So see yaaaaa!!!