How to protect ourselves from different types of internet attacks?
In this post, we’ll look into some ways using which, any organization or individual can protect themselves up to a certain level from many common types of internet attacks. If you don’t know about these attacks, make sure to check out this blog where I described a lot of those in a precise format.
“Good security is not about what you can prevent, but what you can enable.” — Nick Steele, Duo Labs
Intrusion Detection System (IDS): is a system that detects malicious activity and policy violations in network devices. The detection results are reported to the Network administrator or Security Information and Event Management (SIEM) system. False alarms are removed by the alarm filters. The different types of IDS are described below.
HIDS (Host IDS) operates on PCs, laptops, smartphones. It monitors all Internet packets that are sent and received. Status snapshots are taken and compared with their former status.
NIDS (Network IDS) operates on selected gateways, routers, and switches. It consistently monitors to detect abnormal behavior.
Signature-based IDS searches for specific intrusion patterns (e.x., malware sequences).
Anomaly-based IDS is a detection scheme for new unknown attacks (e.x., new malware behavior). An ML-based monitoring system is used to detect new patterns.
IDPS (Intrusion Detection and Prevention System) is IDS combined with Intrusion Counter Response System which can undertake disconnection activity.
Firewall: is Network Control and Monitoring System. It monitors all transmitted and received packets. IDS is also included in a firewall. Types of Firewall: Network-based and Host-based.
Network-based Firewall is there in gateways (routers, switches) for network protection in LAN, WAN, and Intranet networks.
Host-based Firewall is there in computer OS for endpoint (PC, smartphone) protection.
Generation of Firewall: 1G Firewall (Packet Filtering of network addresses and ports), 2G Firewall (Stateful filters added for IP Packet and Transport (TCP, UDP) protocol inspection, Track all state changes in IPv4, IPv6, TCP, UDP, etc, All 1G Firewall packet filtering technology included), 3G Firewall (Application layer (HTTP, DNS, FTP, etc) filtering added, behavioral detection and it observes what is going on, All 1G, 2G firewall technology, DPI(Deep Packet Inspection), IPS (Intrusion Prevention System), User Identity Monitoring, Device MAC Address, and Reputation Monitoring, WAF (Web Application Firewall) technology is included).
Deep Packet Inspection (DPI) also known as CPI (Complete Packet Inspection). DPI is a packet filtering technology that inspects the data and header of packets searching for viruses, spam, intrusions, anomalies, and other characteristics to support network security, network management, and application services. A lighter version of DPI is SPI (Shallow Packet Inspection), which checks the packet header including the transport header (TCP, UDP).
Transport Layer Security (TLS) is a Network Cryptography protocol to enable secure communications. TLS replaced SSL (Secure Sockets Layer). TLS 2048 bits encryption has been used since 2013, where extensions will be made in the future. TLS provides privacy and data integrity between networked applications. Symmetric cryptography is used with encryption keys generated uniquely for each connection at session setup using the TLS handshake protocol. Public-key cryptography is used to authenticate the identity of communication systems. Message authentication code is used to ensure data integrity (to prevent alterations).
Wired Equivalent Privacy (WEP) is a security algorithm developed for IEEE 802.11 Wi-Fi (Wireless Local Area Networks) to provide data confidentiality equivalent to the security level used in wired networks. It includes Encryption and Authentication techniques. In 2003, the Wi-Fi Alliance announced that WEP will be replaced by WPA.
Wi-Fi Protected Access (WPA) is a Wi-Fi Alliance developed security protocol and security certification program. WPA uses Temporal Key Integrity Protocol (TKIP) that dynamically generates new encryption keys for each packet. WPA2 is an improvement over WPA as TKIP can be broken. WPA2 certification is mandatory for all Wi-Fi devices. WPA uses CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) which is an AES (Advanced Encryption Standard) technology. WPA2 includes all mandatory elements of IEEE 802.11i standard and requires Wi-Fi Alliance testing and certification.
Secure Shell (SSH) is a cryptographic protocol that enables secured services over unsecured networks. Some applications use remote command-line login, remote command execution, and various other secured network services using SSH. SSH-2 is commonly supported by all servers.
So, we saw some effective ways using which we can safeguard ourselves against a plethora of security issues that are prevalent nowadays over the internet.
That’s it from this blog. I hope you found it informative. Thanks, Have a nice week!
