NETWORK SECURITY- TERMINOLOGY

#siem #security #networks

      Security Terminology

      Types of hacker

      Approaches to Network Security

      Threat Classification

Below are some common network security terminology used by security professionals:

Firewall: It is a barrier between a network and the outer world. Sometimes, it acts as a firewall, standalone server, or a router.
Proxy server: Proxy server hides your internal network IP address and presents its own IP address to the outside world. Proxy server and firewall work in conjunction.
Access Control: It refers to the measures taken to limit access to a resource. For example, logon procedure, encryption, or any method to prevent unauthorized access.
Authentication: It is a method of verifying a authentic user. For example, entering the credentials, or two-factor authentication.
Non-repudiation: It is a method to track actions taken by a user. It ensures a person cannot deny an action performed on a computer. One of the methods is auditing.Auditing is the process of reviewing logs, records, and procedures. It is performed by an auditor.
Least privilege: It means you are assigning enough privilege to any user or device, just to get the job done.
CIA Triad: CIA Triad refers to Confidentiality, Integrity, and Availability. The security measures need to abide by these aspects. Such as, a strong password protects the confidentiality, digital signature ensures integrity, and a backup system increases availability.

Based on the level of the exploitation of a system, hacker groups are divided into three types:

White hat hacker: If a hacker upon finding the vulnerability, reports it to the vendor anonymously, explaining what the flaw is and how it was exploited, they are White hat hacker.
Black hat hacker: If a hacker gains access to a system with a goal to harm it, they are categorized as the Balck hat hacker.
Grey hat hacker: A grey hat hacker abides by the law but conducts illegal activities because they find it ethical.

An organization can choose several approaches to secure their networks. Three approaches are:

Perimeter Security Approach: Security efforts are focused on the perimeter of a network including; firewall, proxy server, technology, or procedures. Generally, small organizations that do not store sensitive data and with budget constrain adopt this measure.
Layered Security Approach: Layerwise or segmentwise security efforts implemented on a network, as if it were a separate network. It is a preferred security approach wherever possible.
Hybrid Security Approach: The combination of the perimeter to layered security defense with passive to active approaches implemented is a hybrid security approach.

Based on what a threat actually does to your system or network, here are three major classifications:

Malware: Malware is a type of threat designed to spread on its own, without the creator having to be directly involved. Computer Virus is a common example of malware. Analogous to a biological virus, a computer virus replicates and spreads by infecting other programs. Likewise, Trojan horse is also a type of malware, that appears benign but secretly downloads other types of malware on your computer. Illegitimate software is prone to a Trojan horse. Furthermore, Spyware is also a type of software that spies on your computer by recording all the keystrokes and periodic screenshots.
Intrusion attacks: Intrusion attacks help to gain access to a system or intrude into a system usually with malicious intent. Hackers generally use the term cracking if they are able to intrude in a system via some operating system or any other means. Some of the intrusion attacks are initiated via social engineering. The intruder relies more on human nature rather than a technology to gain enough information required to access the targeted system.
Blocking attacks: This category of attack deals with Denial of Service Attack (DoS).The attacker prevents a legitimate user to access the system by flooding false connection requests.

Top comments (1)

My pleasure!