Computer Security

Computer security refers to the protection of computer systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction. It involves the implementation of security measures to safeguard digital assets against a wide range of threats, including cyber-attacks, malware, viruses, spyware, phishing, hacking, and other types of malicious activities.

Computer security aims to ensure the confidentiality, integrity, and availability of digital information and resources. Confidentiality means that only authorized individuals or entities can access and view sensitive data or information. Integrity ensures that the data remains accurate and complete and is not tampered with or modified in any unauthorized way. Availability means that the data and resources are accessible when needed and not disrupted by any malicious activity.

Computer security involves a range of technologies, processes, and policies that work together to protect computer systems and networks. These can include access controls, encryption, firewalls, intrusion detection and prevention systems, antivirus software, backup and disaster recovery solutions, and security awareness training for employees.

Topics:

Here are some topics about the computer security:

  • Network security and architecture
  • Cybersecurity threats and attack vectors
  • Cryptography and encryption techniques
  • Access controls and identity management
  • Security management and risk assessment
  • Malware analysis and detection
  • Vulnerability assessment and penetration testing
  • Incident response and disaster recovery planning
  • Cloud security and virtualization
  • Mobile device security
  • Web application security and secure coding practices
  • Social engineering and phishing attacks
  • Internet of Things (IoT) security
  • Legal and ethical issues in computer security
  • Emerging trends and challenges in computer security.

Firewalls

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on a set of predefined security rules. It acts as a barrier between a trusted internal network and an untrusted external network (usually the internet), helping to protect the internal network and its resources from unauthorized access and potential cyber threats.

Firewalls can be implemented in both hardware and software forms:

  1. Hardware Firewall: A hardware firewall is a dedicated physical device that is placed between a network and its connection to the internet. It provides network-wide protection and often includes additional features like Network Address Translation (NAT) and Virtual Private Network (VPN) support.
  2. Software Firewall: A software firewall is a program installed on a specific device, such as a computer or a server. It offers protection at the individual device level and is commonly found on personal computers and servers.

Firewalls can operate at different layers of the OSI (Open Systems Interconnection) model, including:

  • Packet Filtering Firewall (Network Layer): Examines packets of data and filters them based on predefined rules. It allows or blocks packets based on criteria such as source and destination IP addresses, port numbers, and protocol types.
  • Stateful Inspection Firewall (Transport Layer): Keeps track of active connections and the state of network traffic. It makes decisions about allowing or denying packets based on the context of ongoing sessions.
  • Application Layer Firewall (Layer 7): Inspects and filters traffic at the application layer, understanding the specific applications and protocols being used. This allows for more granular control and better security for specific applications.
  • Stateless firewall: Stateless firewalls use rules implemented as ACLs to identify allowed and blocked traffic. This is similar to how a router uses rules. Firewalls use an implicit deny strategy to block all traffic that is not explicitly allowed.

Few sources of firewalls from the web:
Palo Alto Network
SonicWall
pfSense
Cisco
OPNsense
Windows Firewall
Barracuda Networks
Sophos
Fortinet
Juniper network

IDS & IPS

IDS stands for Intrusion Detection System. It is a security technology used to monitor network traffic or system activities for signs of unauthorized, malicious, or suspicious activities. The primary purpose of an IDS is to identify potential security threats or incidents and alert administrators or security personnel so that appropriate action can be taken to mitigate the risk. IDS systems work based on signatures and/or behavior-based detection. there are Network-based IDS (NIDS) and Host-based IDS (HIDS) systems.

IPS stands for Intrusion Prevention System. It is a network security technology that goes beyond the capabilities of Intrusion Detection Systems (IDS) by not only detecting potential security threats but also actively blocking or preventing them from being successful. IPS works in real-time to identify and respond to suspicious or malicious activities, aiming to stop attacks before they can cause any harm.

  • SolarWinds Security Event Manager
  • ManageEngine Log360
  • OSSEC
  • Snort
  • Security Onion
  • Suricata
  • Sagan
  • McAfee
  • Open WIPS-NG