Question

Define the following terminologies in your own words. You must use layman’s term or regular words that will be understood by a non-IT professional. In addition, recommend hardware or software solution/product for each network security component if feasible. You must provide a credible website where additional information on the topic is available. In addition, you must include an executive summary in your report.

1. DMZ (Demilitarize Zone)

2. Security Information and Even Management (SIEM)

3. Access Control

4. Antivirus

5. Antimalware software

6. Application Security

7. Behavioral analytics

8. Data Loss Prevention

9. Proxy Server

10. Firewall

11. Virtual Private Network (VPN)

12. Web Security

13. Virtual Local Area Network

14. Bring Your Own Device Policy

15. Vulnerability Assessment

16. Risk Assessment

17. Network Intrusion Detection System (NIDS)

18. ACL ( Access Control List)

19. AAA (Authentication, authorization and accounting)

20. Bastion Host

21. BYOD (Bring Your Own Device)

22. CA (Certificate Authority)

23. IPSec (Internet Protocol Security)

24. PKI (Public Key Infrastructure)

25. RADIUS (Remote Authentication Dial-In User Service)

26. Router

27. Switch

28. Multilayer Switch

29. Cloud Security

30. IoT (Internet of Things) security

Answer 1

Demilitirized Zone (DMZ)

A DMZ, short for demilitarized zone, is a network (physical or logical) used to connect hosts that provide an interface to an untrusted external network – usually the internet – while keeping the internal, private network – usually the corporate network – separated and isolated form the external network.

As systems that are most vulnerable to attack are those that provide services to users outside of the local area network, such as e-mail, Web and Domain Name System (DNS) servers, they are ‘quarantined’ inside a DMZ, from where they have limited access to the private network. Hosts in the DMZ can communicate with both the internal and external network, but communications with internal network hosts is tightly restricted.

The DMZ is isolated using a security gateway (i.e. firewall) to filter traffic between the DMZ and the private network. The DMZ itself also has a security gateway in front of it to filter incoming traffic from the external network.

The ultimate goal of a DMZ is to allow access to resources from untrusted networks while keeping the private network secured. Resources commonly placed in the DMZ include, Web servers, Mail servers, FTP servers, and VoIP servers.

Hardware firewalls are used for creating the DMZ which is provided by organization like Cisco, Juniper etc.

Security Information and Even Management (SIEM)

SIEM tools are an important part of the data security ecosystem: they aggregate data from multiple systems and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools provide a central place to collect events and alerts – but can be expensive, resource intensive, and customers report that it is often difficult to resolve problems with SIEM data.

Security Information and Event Management (SIEM) software has been in use in various guises for over a decade and has evolved significantly during that time. SIEM solutions provide a holistic view of what is happening on a network in real-time and help IT teams to be more proactive in the fight against security threats.

What is unique about SIEM solutions is that they combine Security Event Management (SEM) - which carries out analysis of event and log data in real-time to provide event correlation, threat monitoring an incident response - with Security Information Management (SIM) which retrieves and analyzes log data and generates a report. For the organization that wants complete visibility and control over what is happening on their network in real-time, SIEM solutions are critical.

Some examples of SIEM are:

1. IBM QRadar
2. McAfee Enterprise Security Manager

Access Control

Access control is a method of limiting access to a system or to physical or virtual resources. It is a process by which users can access and are granted certain prerogative to systems, resources or information. Access control is a security technique that has control over who can view different aspects, what can be viewed and who can use resources in a computing environment. It is a fundamental concept in security that reduces risk to the business or organization.

To establish a secure system, electronic access control systems are used that depend on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and areas. These systems include access control panels to prohibit entry to sensitive areas like alarms and lock down areas to prevent unauthorized access or operations.

Access control systems perform identification, authentication, and authorization of users and entities by evaluating required login credentials that may include passwords, pins, bio-metric scans or other authentication factors. There is multi-factor authentication which requires two or more authentication factors which is often an important part of the layered defense to protect access control systems.

Anti-Virus

Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.

Antivirus software, originally designed to detect and remove viruses from computers, can also protect against a wide variety of threats, including other types of malicious software, such as keyloggers, browser hijackers, Trojan horses, worms, rootkits, spyware, adware, botnets and ransomware.

How antivirus software works

Antivirus software typically runs as a background process, scanning computers, servers or mobile devices to detect and restrict the spread of malware. Many antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.

Antivirus software usually performs these basic functions:

• Scanning directories or specific files for known malicious patterns indicating the presence of malicious software;
• Allowing users to schedule scans so they run automatically;
• Allowing users to initiate new scans at any time; and
• Removing any malicious software it detects. Some antivirus software programs do this automatically in the background, while others notify users of infections and ask them if they want to clean the files.

In order to scan systems comprehensively, antivirus software must generally be given privileged access to the entire system. This makes antivirus software itself a common target for attackers, and researchers have discovered remote code execution and other serious vulnerabilities in antivirus software products in recent years.

Examples of Antivirus are QuickHeal, Kaspersky and MacAfee.

Anti Malware

An anti malware is a software that protects the computer from malware such as spyware, adware, and worms. It scans the system for all types of malicious software that manage to reach the computer. An anti malware program is one of the best tools to keep the computer and personal information protected.

An anti malware is designed to eliminate malware from the computer. Although it has similarities with antivirus, an anti malware program is different from antivirus. An anti malware program has more advanced features and broader coverage. It addresses spyware, spam, and other threat issues that antivirus doesn’t.

Key Features of Anti Malware:

Now that we know what is anti malware, let’s now go to its key features. An anti malware program usually contains advanced malware protection and sandboxing technology. Depending on the software, features may vary. Comodo for example contains BOClean Anti-Malware Protection Software. It’s an advanced security feature that destroys malware as soon as it enters the computer.

Trend Micro has a sandbox where suspicious files are analyzed. Kaspersky has a Security Cloud that adapts to your browsing habits to keep you protected. Others contain anti-phishing and anti- ransomware. Click here to learn more about the best anti malware software and their features.

Anti malware does its job using different techniques.

Examples of Anti Malware are Avast, Kaspersky, AVG. Generally, good antivirus solution comes along with Anti Malware.

Malware Works with following features:

Behavior Monitoring

Behavior Monitoring is a technique anti malware uses to identify malware based on its character and behavior. An anti malware program doesn’t compare the file to any known threats anymore. If a file exhibits suspicious behaviors, anti malware will flag it as a threat.

Behavior monitoring technique is used to constantly monitor suspicious files that can be harmful to the computer. This feature makes malware detection more easily because an anti malware program doesn’t have to scan a file anymore. By its behavior on the computer malware will be identified.

Sandboxing

Sandboxing is another efficient technique an anti malware program uses to isolate suspicious files. An anti malware holds the file in the sandbox to further analyze it. Threats will be instantly removed, while legitimate files will be allowed but it will be constantly monitored.

Sandboxing is a great way to prevent malware infection. An anti malware immediately separates malicious software from legitimate applications to prevent damage on the computer.

Malware Removal

Finally, once malware is identified, an anti malware removes it to prevent it from executing and infecting the computer. If the same type of file reaches the computer, it will automatically be eliminated. An anti malware will prevent it from installing.

Malware removal may sound like a lot of work but it’s done within seconds. That’s how fast an anti malware program works. In an instant malware is out of your computer and you’re assured that your computer and personal information are safe.

Application security

Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This is becoming more important as hackers increasingly target applications with their attacks.

Application security is getting a lot of attention. Hundreds of tools are available to secure various elements of your applications portfolio, from locking down coding changes to assessing inadvertent coding threats, evaluating encryption options and auditing permissions and access rights. There are specialized tools for mobile apps, for network-based apps, and for firewalls designed especially for web applications.

While there are numerous application security software product categories, the meat of the matter has to do with two: security testing tools and application shielding products. The former is a more mature market with dozens of well-known vendors, some of them are lions of the software industry such as IBM, CA and MicroFocus. These tools are well enough along that Gartner has created its Magic Quadrant and classified their importance and success. Review sites such as IT Central Station have been able to survey and rank these vendors, too.