Cryptography and Network Security

9.

System and Infrastructure Security

9.1.

Intruders and Malicious Software

9.1.1.

Intrusion Detection Systems (IDS)

9.1.1.1.

9.1.1.1.1.

9.1.1.1.2.

9.1.1.1.3.

9.1.1.2.

Detection Methods

9.1.1.2.1.

Signature-based Detection

9.1.1.2.1.1.

Pattern Matching

9.1.1.2.1.2.

Rule-based Systems

9.1.1.2.2.

Anomaly-based Detection

9.1.1.2.2.1.

Statistical Analysis

9.1.1.2.2.2.

Machine Learning

9.1.1.2.3.

Hybrid Detection

9.1.1.3.

9.1.1.3.1.

Host-based IDS (HIDS)

9.1.1.3.1.1.

System Call Monitoring

9.1.1.3.1.2.

File Integrity Monitoring

9.1.1.3.2.

Network-based IDS (NIDS)

9.1.1.3.2.1.

Packet Analysis

9.1.1.3.2.2.

Traffic Monitoring

9.1.1.4.

9.1.1.4.1.

Sensor Placement

9.1.1.4.2.

Management Architecture

9.1.2.

Intrusion Prevention Systems (IPS)

9.1.2.1.

9.1.2.1.1.

Active vs. Passive Response

9.1.2.1.2.

Inline vs. Out-of-band

9.1.2.2.

9.1.2.2.1.

Real-time Blocking

9.1.2.2.2.

Automated Response

9.1.2.3.

Deployment Strategies

9.1.2.3.1.

Network-based IPS

9.1.2.3.2.

9.1.2.3.3.

Hybrid Deployments

9.1.3.

Honeypots and Honeynets

9.1.3.1.

Honeypot Concepts

9.1.3.1.1.

Deception Technology

9.1.3.1.2.

Attack Detection

9.1.3.2.

Types of Honeypots

9.1.3.2.1.

Low-interaction Honeypots

9.1.3.2.2.

High-interaction Honeypots

9.1.3.2.3.

Production Honeypots

9.1.3.2.4.

Research Honeypots

9.1.3.3.

9.1.3.3.1.

Network of Honeypots

9.1.3.3.2.

Data Collection

9.1.3.4.

9.1.3.4.1.

Threat Intelligence

9.1.3.4.2.

Attack Analysis

9.1.3.4.3.

Early Warning Systems

9.1.4.

Types of Malicious Software (Malware)

9.1.4.1.

9.1.4.1.1.

Virus Structure

9.1.4.1.1.1.

Infection Mechanism

9.1.4.1.1.2.

9.1.4.1.1.3.

Trigger Condition

9.1.4.1.2.

9.1.4.1.2.1.

Boot Sector Viruses

9.1.4.1.2.2.

File Infector Viruses

9.1.4.1.2.3.

9.1.4.1.2.4.

Polymorphic Viruses

9.1.4.1.3.

Infection Mechanisms

9.1.4.1.3.1.

9.1.4.1.3.2.

Memory Infection

9.1.4.1.3.3.

Network Propagation

9.1.4.1.4.

9.1.4.1.4.1.

Destructive Payloads

9.1.4.1.4.2.

9.1.4.1.4.3.

System Modification

9.1.4.2.

9.1.4.2.1.

Worm Characteristics

9.1.4.2.1.1.

Self-replication

9.1.4.2.1.2.

Network Propagation

9.1.4.2.2.

Propagation Methods

9.1.4.2.2.1.

9.1.4.2.2.2.

9.1.4.2.2.3.

9.1.4.2.3.

9.1.4.2.3.1.

9.1.4.2.3.2.

9.1.4.2.3.3.

9.1.4.3.

9.1.4.3.1.

Trojan Characteristics

9.1.4.3.1.1.

Disguised Functionality

9.1.4.3.1.2.

Unauthorized Access

9.1.4.3.2.

9.1.4.3.2.1.

Remote Access Trojans (RATs)

9.1.4.3.2.2.

Banking Trojans

9.1.4.3.2.3.

9.1.4.3.3.

Delivery Methods

9.1.4.3.3.1.

Email Attachments

9.1.4.3.3.2.

Software Downloads

9.1.4.3.3.3.

Drive-by Downloads

9.1.4.4.

9.1.4.4.1.

Ransomware Operation

9.1.4.4.1.1.

File Encryption

9.1.4.4.1.2.

Payment Demands

9.1.4.4.2.

Ransomware Types

9.1.4.4.2.1.

Crypto-ransomware

9.1.4.4.2.2.

Locker Ransomware

9.1.4.4.3.

Encryption Mechanisms

9.1.4.4.3.1.

Symmetric Encryption

9.1.4.4.3.2.

Asymmetric Encryption

9.1.4.4.4.

Payment Systems

9.1.4.4.4.1.

9.1.4.4.4.2.

Anonymous Payment Methods

9.1.4.5.

9.1.4.5.1.

Spyware Functions

9.1.4.5.1.1.

Data Collection

9.1.4.5.1.2.

System Monitoring

9.1.4.5.2.

Data Collection Methods

9.1.4.5.2.1.

Keystroke Logging

9.1.4.5.2.2.

9.1.4.5.2.3.

Network Traffic Monitoring

9.1.4.5.3.

9.1.4.5.3.1.

9.1.4.5.3.2.

Screen Scrapers

9.1.4.5.3.3.

Network Sniffers

9.2.

9.2.1.

Firewall Concepts

9.2.1.1.

Network Perimeter Security

9.2.1.2.

Traffic Filtering

9.2.1.3.

9.2.2.

Firewall Design Principles

9.2.2.1.

Default Deny Policy

9.2.2.1.1.

Whitelist Approach

9.2.2.1.2.

Explicit Allow Rules

9.2.2.2.

Default Allow Policy

9.2.2.2.1.

Blacklist Approach

9.2.2.2.2.

Explicit Deny Rules

9.2.2.3.

Rule-Based Filtering

9.2.2.3.1.

9.2.2.3.2.

Rule Optimization

9.2.2.4.

Least Privilege Principle

9.2.3.

Types of Firewalls

9.2.3.1.

Packet-Filtering Firewalls

9.2.3.1.1.

Stateless Filtering

9.2.3.1.2.

Header Analysis

9.2.3.1.3.

Performance Characteristics

9.2.3.2.

Stateful Inspection Firewalls

9.2.3.2.1.

Connection State Tracking

9.2.3.2.2.

Dynamic Rule Updates

9.2.3.2.3.

Session Management

9.2.3.3.

Application-Level Gateways (Proxies)

9.2.3.3.1.

Application Protocol Analysis

9.2.3.3.2.

Content Filtering

9.2.3.3.3.

User Authentication

9.2.3.4.

Circuit-Level Gateways

9.2.3.4.1.

Session-level Filtering

9.2.3.4.2.

TCP Handshake Monitoring

9.2.3.5.

Next-Generation Firewalls (NGFW)

9.2.3.5.1.

Deep Packet Inspection

9.2.3.5.2.

Application Awareness

9.2.3.5.3.

Intrusion Prevention

9.2.3.5.4.

User Identity Integration

9.2.4.

Firewall Configurations

9.2.4.1.

Single Firewall Configurations

9.2.4.1.1.

9.2.4.1.1.1.

Hardened System

9.2.4.1.1.2.

Service Minimization

9.2.4.1.2.

Screened Host Firewall System

9.2.4.1.2.1.

Router and Bastion Host

9.2.4.1.2.2.

Dual Protection

9.2.4.2.

Dual Firewall Configurations

9.2.4.2.1.

Screened Subnet Firewall System (DMZ)

9.2.4.2.1.1.

Demilitarized Zone

9.2.4.2.1.2.

Service Isolation

9.2.4.2.2.

Dual-Homed Host

9.2.4.2.2.1.

Multiple Network Interfaces

9.2.4.2.2.2.

Traffic Routing Control

9.2.5.

Firewall Management

9.2.5.1.

Rule Management

9.2.5.2.

9.2.5.3.

Performance Monitoring

9.2.5.4.

Security Updates

9.3.

Access Control and System Hardening

9.3.1.

Authentication Methods

9.3.1.1.

Password-based Authentication

9.3.1.1.1.

Password Policies

9.3.1.1.1.1.

Length Requirements

9.3.1.1.1.2.

Complexity Requirements

9.3.1.1.1.3.

Expiration Policies

9.3.1.1.1.4.

History Requirements

9.3.1.1.2.

Password Storage

9.3.1.1.2.1.

9.3.1.1.2.2.

9.3.1.1.2.3.

9.3.1.1.3.

Password Attacks

9.3.1.1.3.1.

Brute Force Attacks

9.3.1.1.3.2.

Dictionary Attacks

9.3.1.1.3.3.

Rainbow Table Attacks

9.3.1.2.

Biometric Authentication

9.3.1.2.1.

Types of Biometric Authentication

9.3.1.2.1.1.

Fingerprint Recognition

9.3.1.2.1.2.

Iris Recognition

9.3.1.2.1.3.

Face Recognition

9.3.1.2.1.4.

Voice Recognition

9.3.1.2.2.

Biometric System Components

9.3.1.2.2.1.

9.3.1.2.2.2.

Template Storage

9.3.1.2.2.3.

9.3.1.2.3.

Security and Privacy Concerns

9.3.1.2.3.1.

False Acceptance Rate

9.3.1.2.3.2.

False Rejection Rate

9.3.1.2.3.3.

Template Security

9.3.1.2.3.4.

9.3.1.3.

Token-based Authentication

9.3.1.3.1.

Hardware Tokens

9.3.1.3.2.

Software Tokens

9.3.1.3.3.

9.3.1.4.

Multi-Factor Authentication (MFA)

9.3.1.4.1.

Authentication Factors

9.3.1.4.1.1.

Knowledge Factors

9.3.1.4.1.2.

Possession Factors

9.3.1.4.1.3.

Inherence Factors

9.3.1.4.2.

Two-Factor Authentication (2FA)

9.3.1.4.2.1.

9.3.1.4.2.2.

9.3.1.4.2.3.

Hardware Token 2FA

9.3.1.4.3.

Implementation Challenges

9.3.1.4.3.1.

User Experience

9.3.1.4.3.2.

Cost Considerations

9.3.1.4.3.3.

Technical Integration

9.3.2.

Access Control Models

9.3.2.1.

Discretionary Access Control (DAC)

9.3.2.1.1.

Owner-controlled Access

9.3.2.1.2.

Access Control Lists (ACLs)

9.3.2.1.3.

User Permissions

9.3.2.1.3.1.

Read Permission

9.3.2.1.3.2.

Write Permission

9.3.2.1.3.3.

Execute Permission

9.3.2.2.

Mandatory Access Control (MAC)

9.3.2.2.1.

System-controlled Access

9.3.2.2.2.

Security Labels

9.3.2.2.2.1.

Classification Levels

9.3.2.2.2.2.

9.3.2.2.3.

Bell-LaPadula Model

9.3.2.2.4.

9.3.2.3.

Role-Based Access Control (RBAC)

9.3.2.3.1.

Role Definition

9.3.2.3.2.

Role Assignment

9.3.2.3.2.1.

User-Role Assignment

9.3.2.3.2.2.

Permission-Role Assignment

9.3.2.3.3.

Role Hierarchies

9.3.2.3.3.1.

9.3.2.3.3.2.

Separation of Duties

9.3.2.4.

Attribute-Based Access Control (ABAC)

9.3.2.4.1.

Attribute-based Decisions

9.3.2.4.2.

Policy Languages

9.3.2.4.3.

Dynamic Access Control

9.3.3.

Operating System Hardening

9.3.3.1.

System Configuration

9.3.3.1.1.

Secure Configuration Baselines

9.3.3.1.2.

Default Account Management

9.3.3.1.3.

Service Configuration

9.3.3.2.

Patch Management

9.3.3.2.1.

Vulnerability Assessment

9.3.3.2.2.

9.3.3.2.3.

Patch Deployment

9.3.3.2.4.

Patch Verification

9.3.3.3.

Service Minimization

9.3.3.3.1.

Unnecessary Service Removal

9.3.3.3.2.

Service Configuration

9.3.3.3.3.

Port Management

9.3.3.4.

File System Security

9.3.3.4.1.

File Permissions

9.3.3.4.2.

Directory Permissions

9.3.3.4.3.

File Integrity Monitoring

9.3.3.5.

Logging and Auditing

9.3.3.5.1.

9.3.3.5.2.

9.3.3.5.3.

Audit Trail Analysis

9.3.3.5.4.

Compliance Reporting

Previous

8. Wireless Network Security

Go to top

Next

10. Advanced and Emerging Topics