Firewalls in Digital Security

Digital Security

Firewalls

• A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules
• Acts as a barrier between a trusted network and an untrusted network (e.g., the internet)
• Types:
  • Network-based firewalls (e.g., Cisco ASA)
  • Host-based firewalls (e.g., Windows Defender Firewall)
• Functions:
  • Blocks unauthorized access to or from the network
  • Hides internal IP addresses and network segments from the outside world
  • Logs and alerts on suspicious traffic

Encryption

• The process of converting plaintext data into unreadable ciphertext to protect it from unauthorized access
• Types:
  • Symmetric encryption (e.g., AES): uses the same key for encryption and decryption
  • Asymmetric encryption (e.g., RSA): uses a public key for encryption and a private key for decryption
• Uses:
  • Secure online transactions (HTTPS)
  • Protecting data at rest (e.g., encrypted hard drives) and in transit (e.g., encrypted emails)
  • Digital signatures and authentication

Access Control

• The process of controlling and limiting access to computer resources based on user identity, role, or permissions
• Types:
  • Mandatory Access Control (MAC): access is controlled by the operating system
  • Discretionary Access Control (DAC): access is controlled by the owner of the resource
  • Role-Based Access Control (RBAC): access is controlled based on user roles
• Components:
  • Authentication (e.g., username/password, biometrics)
  • Authorization (e.g., access control lists, permissions)
  • Accounting (e.g., logging and auditing)

Vulnerability Assessment

• The process of identifying, classifying, and prioritizing vulnerabilities in computer systems or networks
• Types:
  • Network-based vulnerability assessment (e.g., Nessus)
  • Host-based vulnerability assessment (e.g., OpenVAS)
  • Application-based vulnerability assessment (e.g., OWASP ZAP)
• Steps:
  1. Information gathering (e.g., network scanning, system profiling)
  2. Vulnerability identification (e.g., using vulnerability scanners, exploit databases)
  3. Risk assessment and prioritization (e.g., CVSS scoring)

Incident Response

• The process of responding to and managing security incidents (e.g., data breaches, malware outbreaks) to minimize damage and restore normal operations
• Steps:
  1. Preparation (e.g., incident response plan, training)
  2. Identification (e.g., monitoring, detection, reporting)
  3. Containment (e.g., isolating affected systems, shutting down services)
  4. Eradication (e.g., removing malware, patching vulnerabilities)
  5. Recovery (e.g., restoring systems, data, and services)
  6. Post-incident activities (e.g., lessons learned, incident report)

Digital Security

Firewalls

• Monitors and controls incoming and outgoing network traffic based on predetermined security rules
• Acts as a barrier between a trusted network and an untrusted network (e.g., the internet)
• Types of firewalls:
  • Network-based firewalls (e.g., Cisco ASA) - monitors and controls traffic between networks
  • Host-based firewalls (e.g., Windows Defender Firewall) - monitors and controls traffic on a single host or device
• Firewalls perform three key functions:
  • Block unauthorized access to or from the network
  • Hide internal IP addresses and network segments from the outside world
  • Log and alert on suspicious traffic

Encryption

• The process of converting plaintext data into unreadable ciphertext to protect it from unauthorized access
• Types of encryption:
  • Symmetric encryption (e.g., AES) - uses the same key for encryption and decryption
  • Asymmetric encryption (e.g., RSA) - uses a public key for encryption and a private key for decryption
• Uses of encryption:
  • Secure online transactions (HTTPS)
  • Protecting data at rest (e.g., encrypted hard drives) and in transit (e.g., encrypted emails)
  • Digital signatures and authentication

Access Control

• The process of controlling and limiting access to computer resources based on user identity, role, or permissions
• Types of access control:
  • Mandatory Access Control (MAC) - access is controlled by the operating system
  • Discretionary Access Control (DAC) - access is controlled by the owner of the resource
  • Role-Based Access Control (RBAC) - access is controlled based on user roles
• Components of access control:
  • Authentication (e.g., username/password, biometrics)
  • Authorization (e.g., access control lists, permissions)
  • Accounting (e.g., logging and auditing)

Vulnerability Assessment

• The process of identifying, classifying, and prioritizing vulnerabilities in computer systems or networks
• Types of vulnerability assessment:
  • Network-based vulnerability assessment (e.g., Nessus) - scans networks for vulnerabilities
  • Host-based vulnerability assessment (e.g., OpenVAS) - scans individual hosts or devices for vulnerabilities
  • Application-based vulnerability assessment (e.g., OWASP ZAP) - scans applications for vulnerabilities
• Steps in vulnerability assessment:
  • Information gathering (e.g., network scanning, system profiling)
  • Vulnerability identification (e.g., using vulnerability scanners, exploit databases)
  • Risk assessment and prioritization (e.g., CVSS scoring)

Incident Response

• The process of responding to and managing security incidents (e.g., data breaches, malware outbreaks) to minimize damage and restore normal operations
• Steps in incident response:
  • Preparation (e.g., incident response plan, training)
  • Identification (e.g., monitoring, detection, reporting)
  • Containment (e.g., isolating affected systems, shutting down services)
  • Eradication (e.g., removing malware, patching vulnerabilities)
  • Recovery (e.g., restoring systems, data, and services)
  • Post-incident activities (e.g., lessons learned, incident report)