DEV Community: UnicodeRogue

Perimeter Security notes

UnicodeRogue — Sun, 08 Mar 2020 23:45:53 +0000

Firewalls

Section and protect
Three main types:
Hardware-based- a standalone device that's part of your network stack
Software-based- run as a piece of software on a host or server
Embedded- work as a single function out of many on a single device- like a firewall that comes with a home router

Packet filtering- Inspects packets, accepts or rejects based on rules
Inbound Port 80 and Port 443 commonly used
Two types- stateless and stateful packet filtering
Stateless Packet Filtering- accept or reject based on IP address and port requested
Stateful Packet Filtering- tracks requests leaving the network used to eliminate IP spoofing

NAT filtering- filters traffic based on port and TCP or UDP connection

Application layer gateway- applies security mechanisms to specific applications. Resource-intensive, but is powerful.
Application layer gateway is a layer 7 firewall

Circuit-Level gateway works at session layer, ONLY inspects traffic during the establishment of the session over TCP or UDP

MAC filtering- filtering and preventing access based on MAC address

Access Control List: allow, explicit allow (example allow TCP 10.0.0.2 any port 80, explicit deny (example deny TCP any any port 23) implicit deny (deny TCP any any port any).

Firewalls process traffic from first rule to last rule, when it meets a rule that matches, it stops the traffic

Layer 3- blocking IP addresses
Layer 4- blocking ports

WAF- web application firewall- installed on your server, inspects data being sent to and from. Useful to prevent XSS and SQL-injection attacks

Honeypots and honeynets
Use to attract and catch a would-be attacker

Honeypot: A single computer/file/group of files, or IP range that might be attractive to an attacker

Honeynets: A group of computers, servers, or an area of a network being used to attract

DLP systems- data loss prevention- analyze what's being sent out- also known as extrusion prevention systems (EPS) or Information Leak Protection (ILP)

Network based IDS- (NIDS) Attempts to detect, log, and alert on malicious network activities- like port scans and denial of service attacks- can be placed before or behind firewall. Can only detect, can't act, can only log

Network based IPS- (NIPS) Designed to inspect traffic AND, based on its configuration, attempts to remove, detain, redirect malicious traffic. NIPS can also perform functions as a protocol analyzer

Unified Threat Management- because one firewall is not enough! UTM is a single device that combines many other devicies and technologies into it- like firewall, NIDS/NIPS, content filter, anti-malware, DLP, VPN, often has a GUI instead of command line

Cloud computing

Cloud computing is a way of offering on-demand services that extend the traditional capabilities of a computer or network

Cloud computing relies heavily on virtualization

Microsoft Azure uses Secure Enclaves

Secure Volumes though, are a method of keeping data at rest, secure from prying eyes

Four different cloud types: Public, Private, Hybrid, Community

Google Drive is a Public Cloud service

Private- used by companies for example, with their own environment, servers, and resource use- US Government. Private clouds are chosen when security is more important than cost

Hybrid- mixture, rules about what type of data is hosted where

Community cloud- resources shared

SaaS- ordered from least to most vendor-equipped

IaaS

PaaS

SECaaS- Security as a Service- anti-malware products. Upside- quick updates. Downside- highly reliant on an internet connection.

65,536 ports for a computer to use

35 are worth memorizing

Source:
CompTIA Security+ (SY0-501)
https://www.udemy.com/course/securityplus/

Security study notes

UnicodeRogue — Sun, 08 Mar 2020 22:11:26 +0000

What's an SDK- An SKD is a software development kit
What is an ACL- An ordered set of router rules that will permit or deny traffic based upon certain characteristics

Waterfall is big
Good for when security is needed

Agile is faster than waterfall
Agile uses sprints

DevOps
Development and Operation
Speed up
Good to have a security person involved

CIA triad- confidentiality, integrity, availability

Least privilege

Defense in depth- layered security
Don't trust user input- do input validation to protect against SQL injections, buffer overflows

Input validation is what I work on now!

Top ten tips for studying for Security+ exam in 2020

UnicodeRogue — Sun, 01 Mar 2020 22:38:34 +0000

This is my first Dev.to post!

I'm studying for the Security+ exam.

Here are my top ten recommendations for anyone studying:

Study with a group. Life events have a way of always happening, and a group is a good way to stay on track, be encouraged, and have people around you with the same goals.
Food matters. Take care with what you eat, especially while studying. Things to keep in mind with food really range from blood sugar crashes to messy food getting on a laptop.
Sleep matters too! You can't add much to a tired brain. Sleep helps you learn.
Write as you go- this is a good way to remember what you're reading or seeing on video.
Especially write down new terms!!!
Track your progress. There will always be more to learn, it's good to be able to see how much you've done so far
Take breaks- brains learn better when you take breaks and review the material again. I liked this post for ideas on what types of breaks are especially useful
Learn in different formats. Read, watch videos, explain a term to someone else, draw a concept, the important thing is to keep using your brain as you go
Ask for help (and say thank you when you get it!) There are lots of helpful people around who will share their knowledge. Asking for help gives them a chance to help you- which is voluntary, so make sure to say thank you.
Say thank you to yourself. There is so much to learn, and there will always be more to learn- that's a guarantee! Don't beat yourself up if you're not as far along as you want to be. Say thank you to yourself for taking the time to study.