Security Techniques in Cyber security

The Internet is a booming technology now and every organization uses the internet for their day-to-day activities. Cyber security is a major concern in the present technology world. With the rapid growth in the internet there will be a lot of tools and techniques readily available for cyber attackers to attack any system or network.

Every institution in the internet is now vulnerable to attackers as they are using public cyberspace. Everyone is concerned to protect their network and system from the attacks. The three main measures that the institutions follow in cyberspace is

  1. Preventive measures
  2. Detective measures
  3. Corrective measures

In cyber security, the organizations must know many techniques and technologies that help them to keep the attacker at bay without getting attacked. These techniques will help to maintain these three measures in cyber security

  1. Encryption
  2. Firewall
  3. VPN
  4. Intrusion Detection
  5. Access control (authorization & authentication)
  6. Antivirus

Encryption

We already discussed the method of encryption in our previous tutorials. Encryption is a cyber-security method that helps us to store and send sensitive information across the internet without losing privacy and security.

The process of changing the information to another format using a secret key is called encoding or encryption and the information that is changed into such format is called ciphertext.

The process of converting back to this cipher text using the secret key to the readable format is called decryption or decoding. And the information that is decrypted is called decipher text.

Encryption is of different types like those that are symmetric and asymmetric based on the key in which symmetric uses only one key for encoding and decoding, where asymmetric uses two keys one is public and other is secret for encoding and decoding the text.

Why is Encryption Important?

  1. Data transit is vulnerable
  2. Security threats are evolving
  3. Many applications expose data
  4. Hacking is highly profitable business

Firewall

Like that name, firewalls act as a wall of fire which helps to secure a private network from the vast ocean of networks in the public internet. Firewall can be defined as a network security system which can be hardware or software or combination of both that protects a private network from the unauthorized access and usage of private network resources from the outside public network.

When a Fire is installed all the data packets that are leaving or coming to a private network should pass the firewall and the firewall check each packet for any malicious activity.

Firewalls can be classified on different criteria, where we disucss only the important aspects.

  1. Processing mode
  2. Deployment area
  3. Architectural Implementation

We can divide the firewalls based on processing mode such as

  1. Packet filtering
  2. Application gateways
  3. Circuit gateways
  4. Mac layer firewalls
  5. Hybrid

Packet Filtering

Each data in the internet is travelled as packets from one network computer to another network. These packets have a header that contains the sender and receiver details and a data part which contains the data that to be transferred.

Firewall will act as a wall that checks each packet header for the sender and receiver information and validates the packet. Firewalls take the decision depending on the authenticity of a packet, whether to forward the packet or drop it there.

There will be a well set of rules inside the firewall to take the decision and it scans the network packets for any malicious activity in the packets. Most of the firewall will work on the rules combination such as

  1. IP source address and destination
  2. Direction
  3. TCP and UDP port requests.

In detail packet filtering can be divided into different yes such as

  1. Static filtering: In this type the rules in a firewall are decided by a administrator
  2. Dynamic filtering: In this type the rules for the firewall are made by the firewall itself.
  3. Stateful inspection: Helps to track the connections from internal and external systems.

Application Gateways

What is an application gateway?

Gateways are the place where a packet enters or leaves the system or a network. It is a firewall proxy, which provides network security for a system, which needs high security. It provides a secure communication between the user and server. This application gateway helps us to protect the data at the application level, which means it can filter some specific data from some applications like bittorrent, FTP, telnet, etc. This firewall will be the middleman between the requested user and the server which blocks malicious packets.

For example, when a user request a data from a server, the connection is firs establish between the user and proxy server and then the proxy make the connection with real server

Circuit Gateways

Circuit level gateways are the firewall, which works in the transport layer. Transport layer handles the TCP and UDP connections which mean these circuit gateways can able to handle the packets in a TCP or UDP connection.

These circuit gateways act in between the transport and application layers called session layer, which can handle and monitor packets and handshaking in TCP or UDP connections. This gateway can also act as Virtual private networks.

MAC Layer Firewalls

MAC layer firewalls will work in the media access control layer. It can able to filter the MAC address of the users who make requests with the server and is able to block a user if any malicious activity is found.

This layer will have a list of entries that include the MAC address of some of the systems, which act as host, and that list is called Access Control List. This list act as an important role in deciding which packet has to be sent to the host system.

Hybrid Firewalls

A firewall is the combination of all the firewalls we mentioned above so it can have all the features of the firewalls we discussed above.

Now another classification of firewall is based on the place where that firewall is intended to use like,

  1. Commercial Appliances
  2. Small Office
  3. Home software

We have to choose a firewall configuration for an organization depend on some factors, that includes

  1. Objective of network
  2. Ability to implement the firewall
  3. Cost affordability

We can divide the firewall configuration into 4 types according to these principles

  1. Packet filtering routers
  2. Screened host firewalls
  3. Dual homed host firewalls
  4. Screened Subnet firewalls

VPN

We all heard about VPN and other proxy methods to surf the internet to access any of the website without losing our privacy. A VPN stands for Virtual Private Network; It is a cyber-security technique to transfer files and sensitive information across the internet using a safe and secure tunnel.

How VPN achieve a secure transmission?

A VPN makes a connection from a user need system to a network that is encrypted and safe. This connection can be used for transmitting data and sensitive information without any eavesdropping or illegal accessing. Using a VPN can hide our IP and our geographical information so we can access any website that is restricted geographically.

VPN is like a firewall but protecting the user data and information in the internet. End user must have a login to enter the VPN servers and there the secure tunnels begin. Once the user enters the VPN server hey can send the sensitive information through these tunnels securely with privacy.

Intrusion Detection System (IDS)

Intrusion Detection System is a security technique in cyber security, which monitors the system and the network of an organization. IDS help the system administrator to find the attack that originated from outside or inside the organization.

Firewall is a security measure for an organization that helps us to filter the outside traffic to check the malicious activity from outside the organization, the IDS helps the system admin to protect the firewall as it give alarm to the system admin if anyone tries to break the firewall.

Intrusion detection system has different types that are the following

  1. NIDS
  2. HIDS
  3. Signature based
  4. Anomaly based

NIDS

It monitors the network traffic to find all the anomalies or attacks that originates from inside or outside the organization.

HIDS

HIDS stands for Host Intrusion Detection System, which runs on almost all the computers and networks in the organization. HIDS helps to monitor all the internal traffic and its anomalies. It also detects the traffic anomalies which the NIDS security monitoring failed to catch.

Signature Based Intrusion Detection

This is another monitoring system which is able to detect patterns that are malicious in nature. It helps to detect all the anomalies that come from internal or external sources. This helps to detect all the known patterns such as malwares but will fail to detect new threats.

Anomaly Based Detection System

It is used to monitor the threats that are unknown to the current scenario as the malwares are increasing a lot. It senses the malicious activity and informs the administrator.

Access Control (Authentication & Authorization )

Access control is a method of restricting access to a place or a system for unauthorized persons. Access control is a process for reducing the security risk from unauthorized access to sensitive information.

According to this principle, the privileges for accessing a resource will be given only to the required entities for the essential time required for them to complete the task.

For example consider a employee needs to access a system which have sensitive information for complete a assigned task for him. The system admin has to give him only the essential privileges to that information he needed and revoke the access after he complete his task.

Access control is a combination of two components Authorization and Authentication. Authentication is a process, which is done by the user with his credentials. For example, the username and password of a Gmail account. Authorization is a process that is done by an admin who gives access to the users.

Access control is of two types, which are

  1. Physical Access Control: This is the access control, which is in physical form like access to a building, inside a bank etc.
  2. Logical Access Control: Logical Access is like accessing a Gmail account, login to a computer etc.

Antivirus

Antivirus is a software which helps to protect a system from all types of threats like virus, worms, Trojans, adwares, malwares and many more. We have different methods to protect a network but we need an antivirus in every system to make them protected and always make sure the virus database is updated.

Antivirus software has a virus database which has the patterns and features all known viruses and threats. Antivirus scan all the files in our system for checking these kinds of patterns or features present and remove such programs into a vault and delete fro that vault. So We must use only an updated antivirus database for efficient results.