[Original] Cyber Warrior's Cybersecurity PRISM

Details: Written by: Meena; Category: Cybersecurity PRISM

You should be aware of many security terms that are related to intrusion detection and prevention technologies

VULNERABILITY

A vulnerability is a weakness that compromises the security or functionality of a particular system in your network. An

example of a vulnerability is a web form on your public website that does not adequately filter inputs and guard against

improper data entry. An attacker might enter invalid characters in an attempt to corrupt the underlying database.

Read more: IPS/IDS Terminology

Details: Written by: Meena; Category: Cybersecurity PRISM

It works in the network layer of the OSI Model. It applies a set of rules (based on the contents of IP and transport header fields) on each packet and based on the outcome, decides to either forward or discard the packet.

Details: Written by: Meena; Category: Cybersecurity PRISM

The authoritative DNS server is the final holder of the IP of the domain you are looking for. When you write a domain name in your browser, a DNS query is sent to your internet service provider (ISP). The ISP has a recursive server, which might have the needed information cached in its memory. But if the data is outdated, this recursive server need to find the IP elsewhere. It will try to find it in other recursive servers, but if it can’t, it needs to get the IP address from an authoritative DNS server.

Details: Written by: Meena; Category: Cybersecurity PRISM

Of course, to have an understanding of which problems can be solved using threat intelligence, you do first need to understand what intelligence is potentially available. During the webinar, both Dave and Chris spent some time covering the most common sources.

TRADITIONAL FIREWALLS

Typically, firewalls are devices that are placed between a trusted and an untrusted network, a firewall is deployed between two networks: a trusted network and an untrusted network. The trusted network is labeled as the “inside” network, and the untrusted network is labeled as the “outside” network.

Details: Written by: Meena; Category: Cybersecurity PRISM

IT PROFESSIONALS LIVE IN A WORLD OF CONSTANT CHANGE WHERE THREATS AND TECHNOLOGIES EVOLVE EVERY DAY. NOWHERE IS THAT MORE TRUE THAN IN GOVERNMENT IT DEPARTMENTS, WHICH OFTEN FACE THE ADDED CHALLENGES OF COMPLICATED INFRASTRUCTURE, BUDGET LIMITATIONS AND SKILLS SHORTAGES.

Details: Written by: Meena; Category: Cybersecurity PRISM

NetFlow data is available from a wide variety of sources, including both traditional NetFlow-enabled networking and security devices and special-purpose NetFlow collection appliances.

Details: Written by: Meena; Category: Cybersecurity PRISM

The first question asked during the incident response process,

“What is going on?” is a critical question that requires information about past activity on systems and networks. An incident response process usually begins because someone observed an unusual symptom, such as network congestion, systems rebooting, or a defaced website. Incident responders normally turn first to records of recent activity, known as the audit trail, to explain the observed symptoms.

Details: Written by: Meena; Category: Cybersecurity PRISM

Cisco’s encrypted Virtual Private Network (VPN) solutions offer data security within private networks that are extended across public networks such as the Internet. Appearing to the user as private network links, VPNs actually create a highly secured wide area network (WAN) through the use of dedicated connections and encryption.