Session 08: Attacks prevention

Question 1

How to detect cyber attacks?

Answer 1

1. IDS : Intrusion Detection System
   * Identify unauthorized access and malicious activities within computer networks or systems.
2. Maintain and Monitor Detection Logs
3. EDR : Endpoint detection and Response
   * Detecting, investigating and mitigating suspicious activities and threats specifically on individual devices or endpoints within a network.
4. SIEM : Security Information and Event Management
5. NTA : Network Traffic Analysis
   * Observing and interpreting the flow of network traffic to detect and respond to potential security threats.
6. Vulnerability scanning
   * Identify and evaluate security weaknesses within networks, systems and applications.
7. Penetration testing
   * Simulating potential attacks from malicious entities, both external and internal
8. Honeypots
   * Intentionally created decoy systems to attract and deceive attackers.
9. UEBA : User and Entity Behavior Analytics

Question 2

Types of IDS?

Answer 2

1. NIDS : Network based
2. HIDS : Host-based

Question 3

Techniques that used in IDS to identify threats?

Answer 3

1. Signature based detection
2. Anomaly based detection
3. Heuristic based detection

Question 4

Key techniques used in NTA?

Answer 4

1. Signature based detection
2. Anomaly detection
3. Behavioral analysis

Question 5

Penetration testing process stages?

Answer 5

1. Scope definition
2. Reconnaissance
3. Vulnerability scanning
4. Exploitation
5. Post-Exploitation
6. Reporting and Remediation

Question 6

How to prevent cyber attacks?

Answer 6

1. Encrypt and backup data
2. Educate staff on cyber security
3. Create security focused workplace culture.
4. Conduct regular audit
5. Restrict admin rights
6. Access control and least privilege.
7. Install a firewall
8. Install Anti-virus program and update regularly
9. Risk assessment and management
10. Patch management
11. Incident response and Disaster recovery plan