Network Security Overview. Network security is the practice of keeping computer networks and the information they contain safe from harm.
Further, Network security uses a variety of techniques to protect data, including encryption and access control. Its goal is to make it difficult for unauthorized users to access the information being transmitted on a network. For example, if you want to keep your personal bank account information private, you might use encryption or a firewall.
What is the difference between an IDS vs IPS vs firewall?
IDS stands for Intrusion Detection System. In computer security, an intrusion detection system (IDS) is a system to detect malicious activity on a computer network. Further, by analyzing traffic patterns in order to identify potential attacks. An IPS on the other hand is an Intrusion Prevention System or Intrusion Protection System.
The main difference between an IDS and an IPS is that an IDS only detects malicious behavior. But cannot block it while an IPS can detect malicious behavior and also prevent it by taking action on it. Such as dropping packets or blocking certain activities.
A firewall as we all know is a system to filter incoming and outgoing network traffic. Further, based on a set of rules and regulations defined by the user or administrator. Hence, applying rules based on protocol type, port number, source or destination IP address etc. A firewall typically operates at OSI Layer 3 – Network layer of the OSI model.
What is an IDS Intrusion Detection System?
An Intrusion Detection System or IDS is a system to detect malicious activity on a computer network. Further, by analyzing traffic patterns in order to identify potential attacks. IDSs typically monitor network or system resources for irregularities and may report them to a network administrator. Intrusion Prevention Systems (IPS) are IDS systems that have the capability of taking action on detected anomalies.
What is Packet Sniffer?
A packet sniffer, also known as a network sniffer or protocol analyzer, is a computer program that monitors a computer network or part of a network, usually for troubleshooting purposes. It is also used to read the unencrypted content of network traffic being sent over the same network.
What is an Intrusion Protection System?
An Intrusion Protection System (IPS) is a combination of hardware and software that monitors a network or system for malicious activity, and when detected, takes action against them. Intrusion Prevention Systems (IPS) are IDS systems that have the capability of taking action on detected anomalies. IPS products are generally placed inline in the network, between the endpoints. IPS products can take different forms. Some IPSs operate in kernel mode, while others run as user programs.
What is a Man-in-the-Middle Attack?
An attack is in which an intruder places himself between two other parties as a means of gaining information or altering the communication stream. The attacker must have access to an existing communication channel in order to insert himself into the conversation. For example, an attacker could place himself between computers connected over a local area network (LAN) to intercept login credentials or credit card numbers.
What is an IP Spoofing Attack?
IP Spoofing attacks occur when an attacker sends packets out onto a network with fake source IP addresses. The goal could be to hide their identity for illegal activities or simply for malicious intent towards other people or computer systems on the network.
The fake source address could be another valid IP address that belongs to someone else or it could be completely invalid and impossible for other hosts on the same network to communicate with it.
Packet spoofing is usually used for bad intentions such as stealing data or attempting a DoS attack against another host by sending many fake packets to that host trying to overload its ability to respond correctly and effectively.