Cyber Security

A firewall is considered a first line of defense

• Generally speaking, it is made to safeguard network connections and traffic.
• The firewall, which evaluates each communication and filters those that do not satisfy the required security standards, must be used for messages transferring in the intranet.
• Packet filtering: Depending on a preset set of filter rules, firewalls either accept or reject packets that seek to enter or exit a network.
• Application Gateway: This methodology uses security measures to protect certain applications, like File Transfer Protocol servers and Telnet, from hackers.
• Stateful Inspection or Dynamic Packet Filtering examines a packet's most crucial inbound and outbound data components in addition to its header information.

An IPS's primary job is to spot suspicious activity and report it

• Intrusion Prevention Systems (IPS) technology is a crucial component of network security defences and is an element of a firewall solution.
• Access to an IT network is controlled by intrusion prevention systems, which guard against misuse and attack. These systems are made to keep track of intrusion data.
• Block the problematic source IP address or user account from accessing any applications, target hosts, or other unethical network resources. Terminate the exploited TCP session.
• After an attack, any harmful content that is still present on the network should be removed or replaced.
• Repackaging payloads, deleting header data, and removing any contaminated attachments from file or email servers are used to accomplish this.

• When a security policy is violated or hostile activity attempts to breach an information system, it automatically alerts administrators.
• IPS functions as an intrusion detection system (IDS), notifying users of threats but doing little to stop them.
• The FortiGate device is attached to a network tap or a spanning or mirrored switch port when in sniffer mode because it is not processing network traffic at that time.
• Log messages can be captured and system administrators can receive notifications if an attack is discovered.

• In a denial-of-service (DoS) attack, a malicious actor tries to make a computer or other device unavailable to the users for whom it was intended by interfering with normal operation.
• Denial of service (DoS) security preserves network integrity and performance by spotting and thwarting destructive IPv4 and IPv6-based DoS attacks.
• When an attacker overwhelms server resources by flooding a target system with aberrant data packets, it results in a denial of service (DoS).
• DoS prevention searches for certain traffic irregularities to spot potentially hazardous traffic that could be a part of a DoS or DDoS attack.
• TCP SYN floods, UDP floods, ICMP floods, TCP port scans, TCP session attacks, UDP session attacks, ICMP session attacks, and ICMP sweep assaults are a few examples of traffic abnormalities that turn into DoS attacks.

• Protecting an organization from the effects of any large bad events is the goal of the security planning practice of disaster recovery (DR).
• With DR, a company's objective is to maintain operations as closely to normal as feasible. Planning, testing, and possibly a different physical site for resuming operations is all part of the DR process.
• Two ideas are used to assess how well disaster recovery is minimizing downtime and data loss.
• Recovery Time Objective (RTO), or the amount of time it will take for a system to fully recover
• Recovery Point Objective (RPO), which specifies a point-in-time restore of the backup copy, is a metric for the capacity to recover files.

• The purpose of a backup is to make a copy of your data that you can recover from if your primary data is lost.
• Primary data failures may come from hardware or software issues, data corruption, or human errors.
• Examples are malicious attack (virus or malware), data deletion accident, or another human-caused event.
• To aid a company in recovering from an unexpected catastrophe, backup copies make it possible to restore data to a previous point in time.
• To guard against the chance of data loss due to primary hardware or software failure, a proper backup copy of the data is kept on a different system from the source data.

• Traffic Manager is a DNS-based traffic load balancer.
• Which allows for high availability and responsiveness while enabling traffic distribution to services across worldwide regions.
• It can Boost application accessibility, using performance routing, make apps more responsive. It can boost application efficiency as well.
• It allows to maintain services without causing downtime, based on user traffic quantities and patterns, it allows to obtain useful information.
• It can spread out user traffic among several places and can cut down on application outages as well.

• It is employed to boost the reliability and capacity (concurrent users) of applications.
• By executing application-specific duties and lowering the load on servers caused by managing and maintaining network sessions and apps, it enhances the overall speed of applications.
• Using it, inbound traffic to a virtual server is intercepted and distributed among one or more real backend servers.
• By allowing numerous real servers to respond as though they were a single device or virtual server, firewalls enable this.
• A variety of load balancing techniques, such as static (failover), round robin, weighted to account for differing sized servers.

• The term "log" refers to all of the procedures and guidelines used to control and facilitate the creation, transmission, analysis, archiving, storage, and disposal of the massive amounts of log data produced by an information system.
• Resource logs, requests made and received each minute, incidents recorded, unauthorized and allowed access application history

• This sort of antivirus software was created to safeguard computers against malware such as viruses, computer worms, spyware, botnets, rootkits, and keyloggers.
• There are many different types of filters, scanners, and other applications covered by anti-spam technology.
• A statistical approach is used by some anti-spam services, whereas heuristics or prediction algorithms are used by others.
• Anti-spam service providers may keep track of email signatures, IP addresses, or other information to categorize email in sophisticated ways that cut down on spam.

• In order to provide secure data transmission between a Web server and browser, certificate SSL technology is used.
• SSL communicates using Transport Control Protocol (TCP). Data reliability: Data is shielded against manipulation.
• Data protection: A number of protocols, including the SSL Record Protocol, SSL Handshake Protocol, SSL Change CipherSpec Protocol, and SSL Alert Protocol, are used to protect the privacy of data.
• Transport Layer Security (TLS), a cryptographic system for safe Internet data transmission, is the forerunner of SSL.
• It stops hackers from stealing sensitive information by ensuring that all data transmitted between the two remains private and safe.

• Security monitoring records all incidents and gives visibility into any attacks so that preventative measures can be taken via breach reporting.