Firewalls and IDSs

 

1. Windows Defender Firewall is a host-based firewall and like other host-based firewalls it is easy to configure compared to a hardware-based firewall. It allows to add and remove programs and ports on different network domains. An administrator is able block all inbound connections for maximum security in case a system is under attack. Windows Defender Firewall also supports IPSec, which can enforce device authentication prior to any communication. To configure a Windows Defender Firewall on Windows 11, go to Settings, then to Update & Security and to Windows Security. To configure a Windows Defender Firewall, go to Control Panel, then change to Large Icon View, go to Windows Defender Firewall and finally, Advanced settings. To add a program in the firewall, click Inbound Rules and then New Rule. Following that select Program from the Rule Type. Then browse to select the program executable file Tick Allow and choose what network domain the firewall will be applied to – either Domain, Private, or Public. Type a Name and Description if required. To add a port in the Windows Defender Firewall, go to New Rule, then click Port for the Rule Type. After that select TCP for Does this rule apply to TCP or UDP. Following that choose Specific local ports and switch allow for the TCP port. Ensure Allow the connection is selected. Select either Domain, Private, or Public and choose a Name and Description if necessary. 

2. Both network-based IDS (HIDS) and NIDS (host-based IDS) analyse data without interrupting the traffic flow and sending alerts when a threat is detected. While NIDS has holistic view of the network, HIDS has an ability to monitor internal workings of the host. One of the disadvantages of a NIDS is that it can generate many false positives. On the other hand, the problem with using HIDS is that it can only monitor a single host. The other major distinction between HIDS and NIDS is that HIDS can monitor encrypted traffic that NIDS cannot. 

3. It is advisable not to assign permissions to individual users but to groups of users because it is easier to keep track of groups of users. This way no user will get too many permissions that they do not require at a time. Instead, the user will be moved between groups as their permission requirements change. It is not recommended to assign a user administrator permissions unless it is necessary as this is a very powerful privilege that could cause a lot of harm if abused. If several documents are required to be accessed by many different employees, it is recommended they be grouped in one folder and that folder be shared.

Comments

Post a Comment

Popular posts from this blog

Data breaches and their consequences

  Data breach is a security incident associated with sensitive information about individuals or businesses being accessed by unauthorised third part y or parties . Data breaches are usually caused by a threat actor action but not they are not necessar ily caused by threat actors . Data breaches might also be the result of an employee sending an email to a wrong email address, accidentally publishing personal identifiable information or posting a picture on social media with a password written on the sticky note in the background. Whether it  was a result of a cyber attack or accidental data exposure, there are negative consequences that could follow the breach . For companies and government agencies who allowed it to occur the se include fines, reputational damage, loss of customers , legal costs , imprisonment of responsible employees , costs associated with notifying affected parties , expenses to hir e a forensics team to investigate and contain the ...
Read more

Data breach mitigation

GDPR, short for General Data Protection Regulation, mandates that data breaches be reported within 72 hours after they have been discovered. Therefore, an organisation requires a plan of an incident response before an incident actually happens. To mitigate damage after the breach has occurred, the first step is containing the breach. In order to do that, network security staff must learn exactly how the incident happened. This is to be able to take necessary action and prevent any future damage. Often that means disconnecting the company systems from the Internet but it is not always the case. After the incident has been contained, the next step is to assess the risks. This stage includes investigating the type of data breached, the level of data sensitivity, how many individuals were affected, which categories of people were affected, if any financial or other high-risk data was involved, if the data was encrypted and if the data was backed up. Depending on the scope of...
Read more

Biometric authentication methods

  Among the types of biometrics used for authentication are finger, vein, combined fingerprint and vein, iris, facial, hand geometry, voice, retina scanning and gait recognition. The advantages of fingerprint identification are the speed of recognition, increasing accuracy and relatively low cost. Disadvantages are the fact that fingers might be dirty or there might be injuries on them as well as the need to clean sensors frequently. The major advantage of vein scanning is the fact it is very difficult to forge as vein pattern is set pre-birth and never changes. The drawback of this technology is the fact that the readers are rather expensive. Combined fingerprint and vein recognition approach provides increased security and flexibility if fingers are damaged with the cost being a disadvantage. The advantages of iris recognition are the fact that it has a very low percentage of those who cannot enrol, high accuracy and security. The cons include the cost and the fear o...
Read more