Intrusion Detection Systems (IDS) are designed to detect unauthorized access or attacks on computer systems and networks. They monitor network traffic and system activities for malicious activities or policy violations.

Types of IDS

1. Network-based IDS (NIDS):
   • Monitors network traffic for suspicious activity.
   • Placed at strategic points within the network to analyze traffic from all devices.
2. Host-based IDS (HIDS):
   • Monitors a single host for suspicious activity.
   • Analyzes system calls, application logs, file-system modifications, and other host activities.
3. Signature-based IDS:
   • Detects known threats by comparing network traffic or system activity against a database of known attack signatures.
4. Anomaly-based IDS:
   • Detects unknown threats by identifying deviations from normal behavior patterns.
   • Uses statistical analysis, machine learning, or other techniques to establish a baseline of normal activity.

Functions of IDS

• Monitoring and Analysis: Continuous monitoring of network traffic and system activities to detect potential threats.
• Alerting: Generating alerts when suspicious activities are detected.
• Logging: Keeping records of detected events for further analysis and forensic investigation.
• Response: Triggering automated responses or alerting administrators to take appropriate actions.

Viruses and Related Threats

Computer Viruses

A computer virus is a malicious software program that, when executed, replicates by inserting copies of itself into other computer programs, files, or the boot sector of the hard drive. Viruses typically require human action to spread, such as running an infected program.

Types of Malware

1. Worms:
   • Standalone malware that replicates itself to spread to other computers over a network without human intervention.
2. Trojans:
   • Malicious software disguised as legitimate software. Users are tricked into executing Trojans, which then perform malicious activities.
3. Ransomware:
   • Malware that encrypts the victim’s data and demands payment for the decryption key.
4. Spyware:
   • Malware that secretly monitors user activity and collects personal information without the user’s knowledge.
5. Adware:
   • Software that displays unwanted advertisements on the user’s computer, often bundled with free software.
6. Rootkits:
   • Malicious software designed to gain unauthorized root-level access to a computer and hide its presence from users and security tools.

Threat Vectors

• Phishing: Fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity in electronic communications.
• Drive-by Downloads: Unintended download of malicious software when a user visits a compromised website.
• Social Engineering: Manipulation of individuals to divulge confidential information or perform actions that compromise security.

Firewalls

Overview

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between a trusted internal network and untrusted external networks, such as the internet.

Types of Firewalls

1. Packet-Filtering Firewalls:
   • Inspects packets at the network layer and makes forwarding decisions based on source and destination IP addresses, port numbers, and protocols.
   • Simple and fast but cannot inspect the content of the packets.
2. Stateful Inspection Firewalls:
   • Tracks the state of active connections and makes decisions based on the state and context of the traffic.
   • Provides better security than packet-filtering firewalls by considering the state of connections.
3. Application-Level Gateways (Proxy Firewalls):
   • Operates at the application layer and filters traffic based on specific application rules.
   • Can inspect the content of the traffic and enforce security policies specific to applications.
4. Next-Generation Firewalls (NGFW):
   • Combines traditional firewall functions with additional features such as deep packet inspection, intrusion prevention, and application awareness.
   • Provides more advanced threat protection by integrating multiple security functions.

Functions of Firewalls

• Traffic Filtering: Blocking or allowing traffic based on security rules.
• Network Address Translation (NAT): Hiding internal IP addresses from external networks by translating them to a public IP address.
• Virtual Private Network (VPN) Support: Securing remote access by encrypting traffic between the remote user and the internal network.
• Logging and Monitoring: Recording network traffic and firewall activities for analysis and audit purposes.
• Intrusion Prevention: Detecting and blocking attempts to exploit vulnerabilities within the network.
• Intrusion Detection Systems (IDS) are critical for identifying and responding to unauthorized access and attacks. They can be network-based (NIDS) or host-based (HIDS), and use signature-based or anomaly-based detection methods.
• Viruses and related threats include various types of malware such as worms, Trojans, ransomware, spyware, adware, and rootkits, which exploit different vectors like phishing, drive-by downloads, and social engineering.
• Firewalls are essential for controlling network traffic and protecting against external threats. They come in various forms, from packet-filtering to next-generation firewalls, each providing different levels of security and functionality.

Understanding these components is crucial for designing and maintaining robust network security infrastructures, ensuring protection against a wide range of cyber threats.