‭1.

Intrusion Detection System (IDS)*‬

‭ n *Intrusion Detection System (IDS)* is a cybersecurity mechanism that monitors network‬
A
‭or system activities for signs of security breaches, such as unauthorized access or malicious‬
‭activities.‬

‭- *Types of IDS*:‬
‭1. *Network-based IDS (NIDS)*:‬
‭- Monitors traffic flowing through a network.‬
‭- Placed strategically (e.g., at a network gateway) to observe incoming and outgoing‬
‭packets.‬
‭- Example tools: Snort, Suricata.‬
‭2. *Host-based IDS (HIDS)*:‬
‭- Monitors activities on individual devices, such as file modifications, logins, and system‬
‭calls.‬
‭- Installed on specific endpoints.‬
‭- Example tools: OSSEC, Tripwire.‬

‭- *Detection Methods*:‬
‭1. *Signature-based Detection*:‬
‭- Relies on a database of known attack patterns or signatures.‬
‭- Advantage: Accurate for known threats.‬
‭- Limitation: Cannot detect new or unknown attacks.‬
‭2. *Anomaly-based Detection*:‬
‭- Builds a baseline of normal behavior and flags deviations.‬
‭- Advantage: Can detect new or zero-day attacks.‬
‭- Limitation: May generate false positives if normal behavior changes.‬

‭- *‬‭Benefits‬‭*:‬
‭- Real-time alerts for suspicious activities.‬
‭- Logs for forensic analysis.‬
‭- Enhances overall network security by identifying weak points.‬

‭---‬

‭*2. Intruders, Viruses, and Worms*‬

*‭ ‭I‬ntruders‬‭*‬
‭Intruders are individuals or programs attempting to gain unauthorized access to systems or‬
‭networks.‬

‭- *‬‭Categories‬‭*:‬
‭1. *Masqueraders*: External attackers posing as legitimate users.‬
‭2. *Misfeasors*: Authorized users misusing their privileges, often causing internal security‬
‭threats.‬
‭3. *Clandestine Users*: Intruders who gain high-level access, such as root or admin‬
‭privileges, to bypass security controls.‬
*‭ ‭V
‬ iruses‬‭*‬
‭A *virus* is malicious code that attaches to legitimate files or programs and spreads when‬
‭these files are executed.‬

‭- *Types of Viruses*:‬
‭- *File Infector Viruses*: Attach to executable files and spread when the file is run.‬
‭- *Macro Viruses*: Infect documents and templates, often exploiting macros in applications‬
‭like Microsoft Office.‬
‭- *Boot Sector Viruses*: Infect the boot sector of storage devices, executing when the‬
‭system starts.‬

‭- *‬‭Impact‬‭*:‬
‭- Corrupts or deletes files.‬
‭- Slows down system performance.‬
‭- May allow attackers to gain control of the system.‬

*‭ ‭W
‬ orms‬‭*‬
‭A *worm* is a self-replicating malware that spreads through networks without needing a host‬
‭file.‬

‭- *‬‭Features‬‭*:‬
‭- Exploits vulnerabilities in software or operating systems.‬
‭- Consumes network bandwidth and system resources.‬
‭- Often used to deliver additional malware.‬

‭- *‬‭Examples‬‭*:‬
‭- *Morris Worm (1988)*: One of the first worms to disrupt large portions of the internet.‬
‭- *Conficker (2008)*: Spread rapidly by exploiting Windows vulnerabilities.‬

‭---‬

‭*3. IP Security Architecture (IPsec)*‬

*‭ IPsec (Internet Protocol Security)* is a suite of protocols that provides secure‬

‭communication by encrypting and authenticating IP packets.‬

‭- *Key Components*:‬
‭1. *Authentication Header (AH)*: Ensures data integrity and authenticity by adding a‬
‭signature to the packet.‬
‭2. *Encapsulating Security Payload (ESP)*: Provides encryption for confidentiality and‬
‭supports optional authentication.‬
‭3. *Security Associations (SA)*: Define how data is secured between parties, including‬
‭encryption algorithms and keys.‬

‭- *Modes of Operation*:‬
‭1. *Transport Mode*:‬
‭- Encrypts only the payload of the IP packet.‬
 -‭ Used for end-to-end communication, such as between two devices.‬
‭2. *Tunnel Mode*:‬
‭- Encrypts the entire IP packet (header and payload).‬
‭- Commonly used in VPNs to secure communication between networks.‬

‭- *Applications of IPsec*:‬
‭- Establishing secure Virtual Private Networks (VPNs).‬
‭- Protecting sensitive data during transmission.‬
‭- Securing remote access to corporate networks.‬

‭---‬

‭*4. Web Security*‬

‭ eb security focuses on protecting web applications, servers, and users from cyber threats‬
W
‭that exploit vulnerabilities in websites.‬

‭- *Key Threats*:‬
‭1. *SQL Injection*:‬
‭- Occurs when attackers inject malicious SQL code into input fields to manipulate or‬
‭access databases.‬
‭- Example: Extracting sensitive user information from a database.‬
‭2. *Cross-Site Scripting (XSS)*:‬
‭- Attackers inject malicious scripts into web pages, which are then executed in users'‬
‭browsers.‬
‭- Example: Stealing user cookies or session tokens.‬
‭3. *Cross-Site Request Forgery (CSRF)*:‬
‭- Tricks users into performing actions they did not intend, such as transferring money or‬
‭changing passwords.‬
‭4. *Man-in-the-Middle (MITM) Attacks*:‬
‭- Intercept and alter communication between users and web applications.‬
‭- Often targets insecure HTTP connections.‬

‭- *Best Practices for Web Security*:‬

‭- *‬‭Use HTTPS‬‭*: Encrypt communication between users and servers.‬
‭- *‬‭Regular Updates‬‭*: Patch vulnerabilities in software and web applications.‬
‭- *Web Application Firewall (WAF)*: Filter and monitor HTTP traffic to block malicious‬
‭activities.‬
‭- *‬‭Input Validation‬‭*: Sanitize user input to prevent injection attacks.‬
‭- *‬‭Security Testing‬‭*: Perform regular penetration testing and vulnerability scans.‬