Moon of IT Security
Cyber Defense
Free learning resources to help you to get started or advance your career:
Security Basics
Network Security: Firewall, App Delivery Controller (ADC), Web App Firewall (WAF), Network Access Control (NAC), Security Information and Event Management (SIEM)
Advanced Security
Important Notes:
The purpose of this blog post is studying to Learn (Not Just for Tests/Certifications)
الغرض من البوست التعليم وانك تكون فاهم كويس الفايروول مش مجرد كنفجرشن او عشان الامتحانات
I will update this blog post continuously
ان شاء الله هيتم تحديث البوست بشكل مستمر لو لاقت اضافات كويسه
Don't look for old/new versions, the core technology remain the same, adding or remove subject does not exceed 20%
مفيش فرق بين منهج قديم وجديد الا بتغييرات سواء اضافه او حذف مواضيع/تكنولوجى بنسبه 15 ل 20 بالميه..مما يعنى ان ال core الخاص بالشهاده زى ما هوا
Section 1: Security Basics
Cybersecurity is the process and techniques involved in protecting sensitive data, computer systems, networks, and software applications from cyber attacks.
Security+ opens the door to your cybersecurity career!
CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role
Section 2: Network Security
Network Security protects your network and data from breaches, intrusions and other threats. Network Security involves firewalls, web application firewalls, access control, network analytics, SIEM, VPN encryption and more.
2.01 - Firewalls:
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been the first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
A firewall can be hardware, software, or both.
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. FortiGate reduces complexity with automated visibility into applications, users, and network, and provides security ratings to adopt security best practices.
اهم ما يميز كورس الفورتى جيت المقدم من شركه فورتى نت انه مش مجرد شرح ازاى تشتغل على الـ UTM بيفهمك الجهاز بيفكر ويشتغل ازاى كمثال :
Order Of Operation, Firewall Policies: How Packets are Handled, App Control: how a signature trigger is accomplished, Routing: How FortiGate matches each packet with a route, Hardware: Network Processor (NP) architecture, Security Processor (SP), Content Processor - CP
الشرح دا مفيد جدا للناس اللى بتحب التعمق وفهم التكنولوجيا مش مجرد انه يعرف يعمل كونفرجش بس للجهاز
You can search on YouTube for more videos if you need (Arabic or English)
PaloAlto Firewall: Delivering consistent protection across your entire network, from your headquarters and office campus, to branch offices and data centers, as well as for your mobile and remote workforce, PA-series Next-Generation Firewall hardware appliances are designed for simplicity, automation, and integration.
You can search on YouTube for more videos if you need (Arabic or English)
2.02 - Web Application Firewalls (WAF):
A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.
F5 App Security Manager (ASM) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments. BIG-IP ASM helps secure applications against unknown vulnerabilities, and enables compliance for key regulatory mandates.
2.03 - Application Delivery Controller (ADC):
An application delivery controller (ADC) uses various techniques to improve the performance of web applications. In the usual configuration, the ADC sits in front of a group of web and application servers and mediates requests and responses between them and their clients, effectively making the group look like a single virtual server to the end user.
VMware NSX Advanced Load Balancer (Avi) uses a software-defined architecture that separates the central control plane (Avi Controller) from the distributed data plane (Avi Service Engines). The Avi Controller is the “brain” of the entire system and acts as a single point of intelligence, management, and control across a distributed fabric of enterprise-grade load balancers.
F5 Local Traffic Manager (LTM) The brain of the BIG-IP platform, Local Traffic Manager (LTM) intelligently manages network traffic so applications are always fast, available, and secure. LTM delivers your applications to users in a reliable, secure, and optimized way. You get the extensibility and flexibility of application services with the programmability you need to manage your cloud, virtual, and physical infrastructure
I will make a complete post about F5 LTM after Passing the exams
2.04 - Network Access Control (NAC):
Network access control (NAC), also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network. NAC ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network.
Aruba’s ClearPass Policy Manager, part of the Aruba 360 Secure Fabric, provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and guests across any multivendor wired, wireless and VPN infrastructure.
Cisco ISE, is a critical component of any zero-trust strategy is securing the workplace that everyone and everything connects to. Cisco Identity Services Engine (ISE) enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control.
2.05 - Security Information and Event Management (SIEM):
Security information and event management (SIEM) solutions collect logs and analyze security events along with other data to speed threat detection and support security incident and event management, as well as compliance. Essentially, a SIEM technology system collects data from multiple sources, enabling faster response to threats. If an anomaly is detected, it might collect more information, trigger an alert, or quarantine an asset.
IBM Security™ QRadar® Security Information and Event Management (SIEM) helps security teams detect, prioritize and respond to threats across the enterprise. It automatically analyzes and aggregates log and flow data from thousands of devices, endpoints and apps across your network, providing single alerts to speed incident analysis and remediation. QRadar SIEM is available for on-prem and cloud environments.
Section 3: Advanced Security
Skillup to the next level of cybersecurity
CISSP - The World's Premier Cybersecurity Certification, (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)²
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.