Cybersecurity Flashcards

Intrusion Detection System (IDS): A network monitoring tool that identifies potential threats by analyzing network traffic and logs. It is passive, logging and alerting administrators but not taking action.
- Types: Network-Based (NIDS) and Host-Based (HIDS).
Intrusion Prevention System (IPS): A security tool that actively prevents threats by blocking malicious activities inline with network traffic.
- Actions: Blocking IPs, terminating connections, sending alerts.
- Types: Network-Based (NIPS), Host-Based (HIPS), and Content-Based.
Key Techniques:
- Signature-Based Detection: Compares traffic to known attack patterns. Effective for known threats but not zero-day attacks.
- Anomaly-Based Detection: Flags deviations from normal network behavior. Detects novel threats but has a higher false positive rate.
- Behavioral Analysis: Monitors user activity for unusual patterns.
- Protocol Analysis: Analyzes network protocols for unauthorized actions.
Cybersecurity Levels: Includes human, perimeter, network, application, endpoint, and data security layers, ensuring the security of mission-critical assets.
IDS and IPS in Cybersecurity Architecture: Operating at perimeter, internal network, and endpoint levels. IDS provides visibility, and IPS prevents attacks.

Firewall: Monitors and controls network traffic based on predetermined rules, acting as a barrier between trusted and untrusted networks.
- Types: Packet Filtering, Proxy Firewall, Stateful Inspection, Next-Generation Firewall (NGFW).
SIEM (Security Information and Event Management): Collects, analyzes, and correlates log data from multiple sources to identify potential threats.
- Components: Event Correlation, Log Management, Threat Detection, Compliance Reporting.
Advanced Firewall Mechanisms:
- Stateful Inspection, Proxy Firewalls, Next-Generation Firewall (NGFW), Unified Threat Management (UTM).
Advanced SIEM Features and Techniques:
- Threat Intelligence Integration, Automated Incident Response, Machine Learning and Behavioral Analysis, Log Correlation and Data Visualization.
Advanced Threats and Attack Techniques:
- Zero-Day Attacks, Advanced Persistent Threats (APT).
Firewall vs. SIEM: Firewalls block malicious IPs and prevent unauthorized downloads, while SIEM detects unusual login attempts and analyzes log data for anomalies.
Best Practices for Firewall and SIEM Deployment: layered security, regular updates, threat intelligence, and security audits.

Incident Response: Steps taken to detect, respond to, and recover from security threats or breaches.
Importance: Minimizes damage, reduces downtime, maintains reputation, and ensures legal and compliance adherence.
Phases:
- Preparation: Develop Incident Response Plan (IRP), assign roles, implement security tools, provide training, and maintain contact lists.
- Detection: Monitor network traffic, analyze logs, observe user behavior, and use endpoint security.
- Containment: Isolate threats by disconnecting compromised systems, blocking malicious IPs, and disabling affected accounts.
- Recovery: Restore data, reinstall systems, apply patches, report incidents, and conduct post-incident analysis.
Advanced Strategies: Forensic analysis, escalation procedures, and communication plans.

Security Training: Educates employees and students on recognizing and responding to threats through cyberattack awareness, evacuation plans, and safe online behavior.
- Common Topics: Cybersecurity, physical security, data protection, and emergency communication.
Security Drill: A practice run for emergencies to improve response time and ensure role awareness.
Drill Report: Simulated threat, involved personnel, successes, failures, and improvement strategies.
Benefits: Reduces risk, improves response, builds safety culture, and organizes responses.