KEMBAR78
lecture 6 - Network Security Fundamentals.pptx
Uploaded byreemmousaaa185
PPTX, PDF11 views

lecture 6 - Network Security Fundamentals.pptx

Firewalls are network security devices that monitor and control incoming and outgoing network traffic based on predefined security rules. There are several types of firewalls, each with different functionalities and use cases. Below are the main types of firewalls along with examples: 1. Packet-Filtering Firewall Description: Examines packets (data chunks) and allows or blocks them based on source/destination IP, port, and protocol. Pros: Fast, low resource usage. Cons: No deep inspection, vulnerable to IP spoofing. Examples: Cisco ASA (Adaptive Security Appliance) iptables (Linux-based firewall) 2. Stateful Inspection Firewall (Dynamic Packet Filtering) Description: Tracks active connections and makes decisions based on the state of the connection (e.g., TCP handshake). Pros: More secure than basic packet filtering. Cons: Higher resource usage. Examples: Check Point Firewall Juniper SRX Series 3. Proxy Firewall (Application-Level Gateway) Description: Acts as an intermediary between users and the internet, inspecting traffic at the application layer (e.g., HTTP, FTP). Pros: Deep inspection, hides internal networks. Cons: Slower, may not support all applications. Examples: Squid Proxy (Open-source) Microsoft Forefront Threat Management Gateway (TMG) (Discontinued but still in use) 4. Next-Generation Firewall (NGFW) Description: Combines traditional firewall features with advanced capabilities like deep packet inspection (DPI), intrusion prevention (IPS), and application awareness. Pros: Highly secure, granular control. Cons: Expensive, complex to configure. Examples: Palo Alto Networks Firewalls Fortinet FortiGate 5. Unified Threat Management (UTM) Firewall Description: All-in-one security solution combining firewall, antivirus, anti-spam, VPN, and intrusion detection/prevention. Pros: Simplified management, cost-effective for small businesses. Cons: Performance overhead. Examples: Sophos UTM WatchGuard Firebox 6. Cloud Firewall (Firewall-as-a-Service - FaaS) Description: Hosted in the cloud to protect cloud-based or hybrid network infrastructures. Pros: Scalable, no hardware needed. Cons: Dependent on cloud provider. Examples: AWS Network Firewall Zscaler Cloud Firewall 7. Software Firewall Description: Installed on individual devices (e.g., PCs, servers) to control traffic. Pros: Granular per-device control. Cons: Requires installation on each device. Examples: Windows Defender Firewall GlassWire (User-friendly firewall for PCs) 8. Hardware Firewall Description: Physical device placed between a network and gateway to filter traffic. Pros: High performance, dedicated security. Cons: Expensive, requires maintenance. Examples: Cisco Firepower Barracuda CloudGen Firewall How to Prevent Network Traffic? A network firewall applies a certain set of rules on the incoming and outgoing network traffic to examine whether they align with those rules or not.

Download to read offline
CCY2001 Introduction to Cybersecurity Dr. Mohamed Elhamahmy Week Five Saturday 22/Mar/2025, Sun 23/Mar/2025 Tuesday 25/Mar/2025
Network Protocols and Vulnerabilities Network Security Fundamentals Intrusion Detection and Prevention Systems (IDPS) Firewall Technologies Anti-Malware Security Information and Event Management (SIEM) Integrated Security Architecture Measuring Security Effectiveness
Network Protocols and Vulnerabilities The OSI reference model is a seven-layer model that was developed by the International Standards Organization (ISO) in 1978. The OSI model is a framework for international standards that can be used for implementing a heterogeneous computer network architecture. The OSI architecture is split into seven layers.
Network Protocols and Vulnerabilities TCP/IP model is also a layered reference model, but it is a four-layer model. Another name for it is Internet protocol suite. It is commonly known as TCP/IP because the foundational protocols are TCP and IP, but not only these two protocols are used in this model.
Network Protocols and Vulnerabilities  Vulnerable to SYN flooding attacks where attackers send numerous SYN packets without completing handshakes TCP (Transmission Control Protocol)  Connection-oriented protocol that ensures reliable data delivery  Uses a three-way handshake (SYN, SYN- ACK, ACK) to establish connections
Network Protocols and Vulnerabilities IP (Internet Protocol)  Responsible for addressing and routing packets  IPv4 (32-bit addressing) and IPv6 (128-bit addressing)  Vulnerable to IP spoofing where attackers forge source addresses UDP (User Datagram Protocol)  Connectionless protocol with no reliability mechanisms  Faster than TCP but without delivery guarantees  Often exploited in amplification DDoS attacks
Network Protocols and Vulnerabilities Application Layer Protocols SMTP, POP3, IMAP  Email protocols  Common vectors for phishing and spam  Often targeted for credential harvesting HTTP/HTTPS  Web communication protocols  HTTPS adds TLS/SSL encryption  Vulnerabilities include man-in-the-middle attacks, SSL stripping
Network Protocols and Vulnerabilities Application Layer Protocols SMTP, POP3, IMAP  Email protocols  Common vectors for phishing and spam  Often targeted for credential harvesting
Intrusion Detection and Prevention Systems (IDPS)
Intrusion Detection and Prevention Systems (IDPS)
Intrusion Detection and Prevention Systems (IDPS)
Firewall Technologies A firewall is a network security device designed to monitor, filter, and control incoming and outgoing network traffic based on predetermined security rules. The primary purpose of a firewall is to establish a barrier between a trusted internal network and untrusted external networks.
Firewall Technologies
Firewall Technologies Packet filtering firewall is used to control network access by monitoring outgoing and incoming packets and allowing them to pass or stop based on source and destination IP address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers). Packet filtering firewall maintains a filtering table that decides whether the packet will be forwarded or discarded according to rules.
Firewall Technologies Rule: Allow incoming traffic on port 80 (HTTP) from any source. Syntax (iptables-style): iptables -A INPUT -p tcp --dport 80 -j ACCEPT Explanation: -A INPUT: Add rule to the incoming traffic chain. -p tcp: Protocol is TCP. --dport 80: Destination port is 80 (HTTP). -j ACCEPT: Accept the matching traffic. Rule: Block all incoming traffic from IP 192.168.1.100. Syntax: iptables -A INPUT -s 192.168.1.100 -j DROP Explanation: -s 192.168.1.100: Source IP address to match. -j DROP: Silently discard the traffic (no response sent).
Firewall Technologies Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.
Firewall Technologies Stateful firewall rules differ from stateless rules in that they track the state of network connections (e.g., whether a connection is new, established, or related) rather than just inspecting individual packets in isolation. Rule: Allow incoming traffic for connections that are already established or related (e.g., responses to outgoing requests). Syntax (iptables): iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT Explanation: -m state: Use the state-matching module. --state ESTABLISHED,RELATED: Match packets part of existing connections or related to them (e.g., FTP data channels). -j ACCEPT: Accept the traffic. Use Case: Ensures responses to your outgoing requests (like web browsing) are allowed.
Firewall Technologies NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats. Next Generation Firewall
Firewall Technologies A software firewall is any firewall that is set up locally or on a cloud server. When it comes to controlling the inflow and outflow of data packets and limiting the number of networks that can be linked to a single device, they may be the most advantageous. But the problem with software firewall is they are time-consuming.
Firewall Technologies They also go by the name “firewalls based on physical appliances.” It guarantees that the malicious data is halted before it reaches the network endpoint that is in danger. These are software-based, cloud-deployed network devices. This cloud-based firewall protects a private network from any unwanted access. Unlike traditional firewalls, a cloud firewall filters data at the cloud level.
Firewall Technologies Parental Controls: Parents can use firewalls to block their children from accessing explicit web content. Once a malicious person finds your network, they can easily access and threaten it, especially with constant internet connections. Using a firewall is essential for proactive protection against these risks. It helps users shield their networks from the worst dangers. A firewall serves as a security barrier for a network, narrowing the attack surface to a single point of contact. Instead of every device on a network being exposed to the internet, all traffic must first go through the firewall. Infiltration by Malicious Actors: Firewalls can block suspicious connections, preventing eavesdropping and advanced persistent threats (APTs) Workplace Web Browsing Restrictions: Employers can restrict employees from using the company network to access certain services and websites, like social media. Nationally Controlled Intranet: Governments can block access to certain web content and services that conflict with national policies or values.
Anti-Malware
Anti-Malware
Security Information and Event Management (SIEM) A Security Information And Event Management (SIEM) solution supports threat detection, compliance and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) The first-generation SIM technology was built on top of traditional log collection management systems. SIM introduced long-term storage analysis, and reporting on log data, and combined logs with threat intelligence. The second-generation SEM technology addressed security events, aggregation, correlation, and notification for events from security systems such as antivirus, firewalls, and Intrusion Detection Systems (IDS), as well as events reported directly by authentication, SNMP traps, servers, and databases. A few years following, vendors introduced a combination of the SIM and SEM to create the SIEM, hence a new definition per Gartner’s research.
Security Information and Event Management (SIEM) A SIEM solution works by collecting data from various sources such as computers, network devices, servers, and more. The data is then normalized and aggregated. Next, security professionals analyze the data to discover and detect threats. As a result, businesses can pinpoint security breaches and enable organizations to investigate alerts. To best understand how the SIEM works, let’s first take a closer look at two key security concepts: incidents and events.
Security Information and Event Management (SIEM)
Integrated Security Architecture
Integrated Security Architecture Unified Security Management  Centralized policy administration  Consistent security posture  Reduced administrative overhead Tool Integration Examples  Firewall + IPS integration for context-aware blocking  Anti-malware + SIEM for outbreak detection  Identity management + firewalls for user-based access control Security Orchestration and Automation  Security Orchestration, Automation and Response (SOAR)  Automated incident response workflows  Integration with ticketing and case management
Measuring Security Effectiveness Mean time to detect (MTTD): It refers to how long it takes for the organization to identify a production problem—such as a system outage. So, you naturally want to keep this metric as low as possible since that would mean your organization is quick to discover issues and, consequently, fix them. Security Metrics
Measuring Security Effectiveness Mean time to respond (MTTR): It is an indicator of maintainability (how easily a piece of equipment can be repaired). A higher Mean Time to Repair may indicate that replacing a given asset is cheaper or preferable to repairing it. On the other hand, a lower MTTR may suggest “run-to-failure” is not the worst option for that asset. Security Metrics
Measuring Security Effectiveness
Measuring Security Effectiveness
Testing and Validation Penetration testing
Red team exercises
Tabletop scenarios
Purple Team Activities
Purple Team Activities
lecture 6 - Network Security Fundamentals.pptx

More Related Content

PPTX
Information Security (Firewall)
byZara Nawaz
 
PPT
Day4
byJai4uk
 
PPSX
Network & security startup
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPTX
UNIT-4 network information security ID system
byagasyabutolia
 
PPT
Firewall
bylmbriscoe
 
PPTX
firewall as a security measure (1)-1.pptx
byShreyaBanerjee52
 
PDF
what is firewall in information security?
byezoicxcom
 
PPTX
Securing E-commerce networks in MIS and E-Commerce
byhidivin652
 
Information Security (Firewall)
byZara Nawaz
 
Day4
byJai4uk
 
Network & security startup
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
UNIT-4 network information security ID system
byagasyabutolia
 
Firewall
bylmbriscoe
 
firewall as a security measure (1)-1.pptx
byShreyaBanerjee52
 
what is firewall in information security?
byezoicxcom
 
Securing E-commerce networks in MIS and E-Commerce
byhidivin652
 

Similar to lecture 6 - Network Security Fundamentals.pptx

PPTX
Information security 1 lecture sheet ppt
byMominulIslam388359
 
PDF
Blue-Team-Basics-Fortifying-Digital-Defenses.pdf
bymmmm118211
 
PPT
Ch05 Network Defenses
byInformation Technology
 
PDF
what is firewall in information security?
byhaq107457
 
PPTX
Sapna ppt
bySapna Kumari
 
PPTX
U-2.pptx............................................
by322103310075
 
PPTX
Firewall and Types of firewall
byCoder Tech
 
PPTX
Security_Mechanisms_Presentation for cs.pptx
bybirhanuderso10
 
PDF
Firewall
byShamima Akther
 
PDF
Infrastructure Security
byUTD Computer Security Group
 
PPTX
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
bySakshiSolapure1
 
PDF
Lecture 12 -_internet_security
bySerious_SamSoul
 
PPT
chapter 4.pptWOLAITA SODO UNIVERSITY SCHOOL OF INFORMATICS DEPARTMENT OF INFO...
byabititegen3
 
PDF
004_Cybersecurity Fundamentals Network Security.pdf
byDaraputriOktiara
 
PPTX
network security, group policy and firewalls
bySapna Kumari
 
PPTX
Webinar 2.1 - Network protection and devices.pptx
byRoyMurillo4
 
PPT
Firewalls, Types of Firewalls, Advantages
byKowsalyaG17
 
PPTX
Cybersecurity cyberlab2
byrayborg
 
PPSX
Firewall & its Services
byNavdeep Dhingra
 
PPTX
Lesson-24-Network-Secuirty-Infrastructure.pptx
byPrincessSarahMaeAmis
 
Information security 1 lecture sheet ppt
byMominulIslam388359
 
Blue-Team-Basics-Fortifying-Digital-Defenses.pdf
bymmmm118211
 
Ch05 Network Defenses
byInformation Technology
 
what is firewall in information security?
byhaq107457
 
Sapna ppt
bySapna Kumari
 
U-2.pptx............................................
by322103310075
 
Firewall and Types of firewall
byCoder Tech
 
Security_Mechanisms_Presentation for cs.pptx
bybirhanuderso10
 
Firewall
byShamima Akther
 
Infrastructure Security
byUTD Computer Security Group
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
bySakshiSolapure1
 
Lecture 12 -_internet_security
bySerious_SamSoul
 
chapter 4.pptWOLAITA SODO UNIVERSITY SCHOOL OF INFORMATICS DEPARTMENT OF INFO...
byabititegen3
 
004_Cybersecurity Fundamentals Network Security.pdf
byDaraputriOktiara
 
network security, group policy and firewalls
bySapna Kumari
 
Webinar 2.1 - Network protection and devices.pptx
byRoyMurillo4
 
Firewalls, Types of Firewalls, Advantages
byKowsalyaG17
 
Cybersecurity cyberlab2
byrayborg
 
Firewall & its Services
byNavdeep Dhingra
 
Lesson-24-Network-Secuirty-Infrastructure.pptx
byPrincessSarahMaeAmis
 

Recently uploaded

PPTX
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
PPTX
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
PDF
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
PDF
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
PDF
History of Department of AIHC and Archaeology_BHU
byBanaras Hindu University
 
PPTX
How to Create a Manifest File in Odoo 18
byCeline George
 
PPTX
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
PDF
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
PPTX
DPSM-BITDA Introduction Presentation Slides
byGreat Files
 
PPTX
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
PDF
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
PDF
Total Quality Management : A presentation by a third year student.
byMbalenhle Ndlovu
 
DOCX
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
PPTX
Single entry System Vs Double entry System.pptx
bylavanyafranklin0804
 
PDF
The purpose of Ethics and Values in a project context webinar, 14 October 202...
byAssociation for Project Management
 
DOCX
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
PPTX
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
PPTX
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
PDF
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
PDF
The Minority Caucus in Parliament has called on government to take immediate ...
bynservice241
 
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
History of Department of AIHC and Archaeology_BHU
byBanaras Hindu University
 
How to Create a Manifest File in Odoo 18
byCeline George
 
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
DPSM-BITDA Introduction Presentation Slides
byGreat Files
 
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
Total Quality Management : A presentation by a third year student.
byMbalenhle Ndlovu
 
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
Single entry System Vs Double entry System.pptx
bylavanyafranklin0804
 
The purpose of Ethics and Values in a project context webinar, 14 October 202...
byAssociation for Project Management
 
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
The Minority Caucus in Parliament has called on government to take immediate ...
bynservice241
 

lecture 6 - Network Security Fundamentals.pptx

  • 1.
    CCY2001 Introduction to Cybersecurity Dr.Mohamed Elhamahmy Week Five Saturday 22/Mar/2025, Sun 23/Mar/2025 Tuesday 25/Mar/2025
  • 2.
    Network Protocols andVulnerabilities Network Security Fundamentals Intrusion Detection and Prevention Systems (IDPS) Firewall Technologies Anti-Malware Security Information and Event Management (SIEM) Integrated Security Architecture Measuring Security Effectiveness
  • 3.
    Network Protocols andVulnerabilities The OSI reference model is a seven-layer model that was developed by the International Standards Organization (ISO) in 1978. The OSI model is a framework for international standards that can be used for implementing a heterogeneous computer network architecture. The OSI architecture is split into seven layers.
  • 6.
    Network Protocols andVulnerabilities TCP/IP model is also a layered reference model, but it is a four-layer model. Another name for it is Internet protocol suite. It is commonly known as TCP/IP because the foundational protocols are TCP and IP, but not only these two protocols are used in this model.
  • 7.
    Network Protocols andVulnerabilities  Vulnerable to SYN flooding attacks where attackers send numerous SYN packets without completing handshakes TCP (Transmission Control Protocol)  Connection-oriented protocol that ensures reliable data delivery  Uses a three-way handshake (SYN, SYN- ACK, ACK) to establish connections
  • 8.
    Network Protocols andVulnerabilities IP (Internet Protocol)  Responsible for addressing and routing packets  IPv4 (32-bit addressing) and IPv6 (128-bit addressing)  Vulnerable to IP spoofing where attackers forge source addresses UDP (User Datagram Protocol)  Connectionless protocol with no reliability mechanisms  Faster than TCP but without delivery guarantees  Often exploited in amplification DDoS attacks
  • 9.
    Network Protocols andVulnerabilities Application Layer Protocols SMTP, POP3, IMAP  Email protocols  Common vectors for phishing and spam  Often targeted for credential harvesting HTTP/HTTPS  Web communication protocols  HTTPS adds TLS/SSL encryption  Vulnerabilities include man-in-the-middle attacks, SSL stripping
  • 10.
    Network Protocols andVulnerabilities Application Layer Protocols SMTP, POP3, IMAP  Email protocols  Common vectors for phishing and spam  Often targeted for credential harvesting
  • 11.
    Intrusion Detection andPrevention Systems (IDPS)
  • 12.
    Intrusion Detection andPrevention Systems (IDPS)
  • 13.
    Intrusion Detection andPrevention Systems (IDPS)
  • 14.
    Firewall Technologies A firewallis a network security device designed to monitor, filter, and control incoming and outgoing network traffic based on predetermined security rules. The primary purpose of a firewall is to establish a barrier between a trusted internal network and untrusted external networks.
  • 15.
  • 16.
    Firewall Technologies Packet filteringfirewall is used to control network access by monitoring outgoing and incoming packets and allowing them to pass or stop based on source and destination IP address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers). Packet filtering firewall maintains a filtering table that decides whether the packet will be forwarded or discarded according to rules.
  • 17.
    Firewall Technologies Rule: Allowincoming traffic on port 80 (HTTP) from any source. Syntax (iptables-style): iptables -A INPUT -p tcp --dport 80 -j ACCEPT Explanation: -A INPUT: Add rule to the incoming traffic chain. -p tcp: Protocol is TCP. --dport 80: Destination port is 80 (HTTP). -j ACCEPT: Accept the matching traffic. Rule: Block all incoming traffic from IP 192.168.1.100. Syntax: iptables -A INPUT -s 192.168.1.100 -j DROP Explanation: -s 192.168.1.100: Source IP address to match. -j DROP: Silently discard the traffic (no response sent).
  • 18.
    Firewall Technologies Stateful firewalls(performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.
  • 19.
    Firewall Technologies Stateful firewallrules differ from stateless rules in that they track the state of network connections (e.g., whether a connection is new, established, or related) rather than just inspecting individual packets in isolation. Rule: Allow incoming traffic for connections that are already established or related (e.g., responses to outgoing requests). Syntax (iptables): iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT Explanation: -m state: Use the state-matching module. --state ESTABLISHED,RELATED: Match packets part of existing connections or related to them (e.g., FTP data channels). -j ACCEPT: Accept the traffic. Use Case: Ensures responses to your outgoing requests (like web browsing) are allowed.
  • 20.
    Firewall Technologies NGFW consistsof Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats. Next Generation Firewall
  • 21.
    Firewall Technologies A softwarefirewall is any firewall that is set up locally or on a cloud server. When it comes to controlling the inflow and outflow of data packets and limiting the number of networks that can be linked to a single device, they may be the most advantageous. But the problem with software firewall is they are time-consuming.
  • 22.
    Firewall Technologies They alsogo by the name “firewalls based on physical appliances.” It guarantees that the malicious data is halted before it reaches the network endpoint that is in danger. These are software-based, cloud-deployed network devices. This cloud-based firewall protects a private network from any unwanted access. Unlike traditional firewalls, a cloud firewall filters data at the cloud level.
  • 23.
    Firewall Technologies Parental Controls:Parents can use firewalls to block their children from accessing explicit web content. Once a malicious person finds your network, they can easily access and threaten it, especially with constant internet connections. Using a firewall is essential for proactive protection against these risks. It helps users shield their networks from the worst dangers. A firewall serves as a security barrier for a network, narrowing the attack surface to a single point of contact. Instead of every device on a network being exposed to the internet, all traffic must first go through the firewall. Infiltration by Malicious Actors: Firewalls can block suspicious connections, preventing eavesdropping and advanced persistent threats (APTs) Workplace Web Browsing Restrictions: Employers can restrict employees from using the company network to access certain services and websites, like social media. Nationally Controlled Intranet: Governments can block access to certain web content and services that conflict with national policies or values.
  • 24.
  • 25.
  • 26.
    Security Information andEvent Management (SIEM) A Security Information And Event Management (SIEM) solution supports threat detection, compliance and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.
  • 27.
    Security Information andEvent Management (SIEM)
  • 28.
    Security Information andEvent Management (SIEM)
  • 29.
    Security Information andEvent Management (SIEM) The first-generation SIM technology was built on top of traditional log collection management systems. SIM introduced long-term storage analysis, and reporting on log data, and combined logs with threat intelligence. The second-generation SEM technology addressed security events, aggregation, correlation, and notification for events from security systems such as antivirus, firewalls, and Intrusion Detection Systems (IDS), as well as events reported directly by authentication, SNMP traps, servers, and databases. A few years following, vendors introduced a combination of the SIM and SEM to create the SIEM, hence a new definition per Gartner’s research.
  • 30.
    Security Information andEvent Management (SIEM) A SIEM solution works by collecting data from various sources such as computers, network devices, servers, and more. The data is then normalized and aggregated. Next, security professionals analyze the data to discover and detect threats. As a result, businesses can pinpoint security breaches and enable organizations to investigate alerts. To best understand how the SIEM works, let’s first take a closer look at two key security concepts: incidents and events.
  • 32.
    Security Information andEvent Management (SIEM)
  • 33.
  • 34.
    Integrated Security Architecture UnifiedSecurity Management  Centralized policy administration  Consistent security posture  Reduced administrative overhead Tool Integration Examples  Firewall + IPS integration for context-aware blocking  Anti-malware + SIEM for outbreak detection  Identity management + firewalls for user-based access control Security Orchestration and Automation  Security Orchestration, Automation and Response (SOAR)  Automated incident response workflows  Integration with ticketing and case management
  • 35.
    Measuring Security Effectiveness Meantime to detect (MTTD): It refers to how long it takes for the organization to identify a production problem—such as a system outage. So, you naturally want to keep this metric as low as possible since that would mean your organization is quick to discover issues and, consequently, fix them. Security Metrics
  • 36.
    Measuring Security Effectiveness Meantime to respond (MTTR): It is an indicator of maintainability (how easily a piece of equipment can be repaired). A higher Mean Time to Repair may indicate that replacing a given asset is cheaper or preferable to repairing it. On the other hand, a lower MTTR may suggest “run-to-failure” is not the worst option for that asset. Security Metrics
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.