Question

Choose one of the below areas in Cybersecurity including network security, software security, web security, operating system security, hardware security, and cryptography, then provide a page explanation on the following aspects of the chosen area.

1) concept of the chosen security area

2) an example of an attack in that area

3) how to defend it

4) any discussion on the security techniques effectiveness, suggestion for improving the existing techniques, and conclusion.

Answer 1

I have choosen network security.

Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Network security starts with authentication, commonly with a username and a password. Since this requires just one detail authenticating the user name—i.e., the password—this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g., a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g., a fingerprint or retinal scan).

Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network like wireshark traffic and may be logged for audit purposes and for later high-level analysis. Newer systems combining unsupervised machine learning with full network traffic analysis can detect active network attackers from malicious insiders or targeted external attackers that have compromised a user machine or account.

Communication between two hosts using a network may be encrypted to maintain privacy.

Following are common threat vectors attackers can use to penetrate your network.

1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving permission. Among the causes of unauthorized access attacks are weak passwords, lacking protection against social engineering, previously compromised accounts, and insider threats.

2. Distributed Denial of Service (DDoS) attacks
Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic at your network or servers. DDoS can occur at the network level, for example by sending huge volumes of SYN/ACC packets which can overwhelm a server, or at the application level, for example by performing complex SQL queries that bring a database to its knees.

3. Man in the middle attacks
A man in the middle attack involves attackers intercepting traffic, either between your network and external sites or within your network. If communication protocols are not secured or attackers find a way to circumvent that security, they can steal data that is being transmitted, obtain user credentials and hijack their sessions.

4. Code and SQL injection attacks
Many websites accept user inputs and fail to validate and sanitize those inputs. Attackers can then fill out a form or make an API call, passing malicious code instead of the expected data values. The code is executed on the server and allows attackers to compromise it.

5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand their reach. Horizontal privilege escalation involves attackers gaining access to additional, adjacent systems, and vertical escalation means attackers gain a higher level of privileges for the same systems.

6. Insider threats
A network is especially vulnerable to malicious insiders, who already have privileged access to organizational systems. Insider threats can be difficult to detect and protect against, because insiders do not need to penetrate the network in order to do harm. New technologies like User and Even Behavioral Analytics (UEBA) can help identify suspicious or anomalous behavior by internal users, which can help identify insider attacks.

Network Protection Best Practices

Segregate Your Network
A basic part of network security is dividing a network into zones based on security requirements. This can be done using subnets within the same network, or by creating Virtual Local Area Networks (VLANs), each of which behaves like a complete separate network. Segmentation limits the potential impact of an attack to one zone, and requires attackers to take special measures to penetrate and gain access to other network zones.

Regulate Access to the Internet via Proxy Server
Do not allow network users to access the Internet unchecked. Pass all requests through a transparent proxy, and use it to control and monitor user behavior. Ensure that outbound connections are actually performed by a human and not a bot or other automated mechanism. Whitelist domains to ensure corporate users can only access websites you have explicitly approved.

Place Security Devices Correctly
Place a firewall at every junction of network zones, not just at the network edge. If you can’t deploy full-fledged firewalls everywhere, use the built-in firewall functionality of your switches and routers. Deploy anti-DDoS devices or cloud services at the network edge. Carefully consider where to place strategic devices like load balancers – if they are outside the Demilitarized Zone (DMZ), they won’t be protected by your network security apparatus.

Use Network Address Translation
Network Address Translation (NAT) lets you translate internal IP addresses into addresses accessible on public networks. You can use it to connect multiple computers to the Internet using a single IP address. This provides an extra layer of security, because any inbound or outgoing traffic has to go through a NAT device, and there are fewer IP addresses which makes it difficult for attackers to understand which host they are connecting to.

Monitor Network Traffic
Ensure you have complete visibility of incoming, outgoing and internal network traffic, with the ability to automatically detect threats, and understand their context and impact. Combine data from different security tools to get a clear picture of what is happening on the network, recognizing that many attacks span multiple IT systems, user accounts and threat vectors.

Achieving this level of visibility can be difficult with traditional security tools. Cynet 360 is an integrated security solution offering advanced network analytics, which continuously monitors network traffic, automatically detect malicious activity, and either respond to it automatically or pass context-rich information to security staff.

Use Deception Technology
No network protection measures are 100% successful, and attackers will eventually succeed in penetrating your network. Recognize this and place deception technology in place, which creates decoys across your network, tempting attackers to “attack” them, and letting you observe their plans and techniques. You can use decoys to detect threats in all stages of the attack lifecycle: data files, credentials and network connections.

Cynet 360 is an integrated security solution with built-in deception technology, which provides both off-the-shelf decoy files and the ability to create decoys to meet your specific security needs. , while taking into account your environment’s security needs.

Network Attacks Detection and Protection with Cynet 360

Cynet 360 is a holistic security solution that protects against threats across the entire network. Cynet uses intelligent technologies to help detect network attacks, correlating data from endpoints, network analytics and behavioral analytics to present findings with near-zero false positives.

Cynet’s features include:

• Blocking suspicious behavior—Cynet monitors endpoints to identify behavioral patterns that may indicate an exploit. This means that even if credentials are breached, the threat actor’s ability to use them will be limited.
• Blocking malware—Cynet’s multi-layered malware protection includes sandboxing, process behavior monitoring and ML-based static analysis, as well as fuzzy hashing and threat intelligence. This ensures that even if malware has infected the network, Cynet will prevent it from running.
• UBA—Cynet updates a behavioral baseline based on continued, real-time analysis of user behavior on endpoints, and provides alerts when it identifies a behavioral anomaly. This anomaly may indicate a compromised user account or an unauthorized action by a user.
• Deception—Cynet allows you to plant decoy tokens, such as data files, passwords, network shares, RDP and others, on assets within the protected network. Cynet’s decoys lure sophisticated attackers, tricking them into revealing their presence.
• Uncover hidden threats—Cynet thinks like an adversary to uncover threats such as APTs, identifying indicators of compromise and anomalous behavior across endpoints, users, files, and networks. This provides a holistic account of the attack process and helps identify vulnerable points.

Note: Plzzz don' t give dislike.....Plzzz comment if u have any problem i will try to resolve it.......