1. Firewall

是根據事先定義的規則控制網路交通的出入。

• Firewall Types：
  Host-based firewall
  Network-based firewall
  Stateless firewall
  Stateful firewall
  Web Application Firewall(WAF)
  Unified Threat Management Firewall(UTM)
  Next-Generation Firewall(NGFW)
• Rules：

  • Inbound and outbound rules

  • Explicit allow and explicit deny

    • Port numbers
    • Protocol types
    • Port address

  • Access Control List

  • Zones
    資料 ùi 公司電腦移動 kàu internet，經過無仝款的 zones:

    • Wide Area Network(WAN)
    • Local Area Network(LAN)
    • Screened subnet

    這三个予兩个 firewall 分開。

2. IDSs/IPSs

• Trends in IDSs/IPSs：
  • Machine learning 佮 AI integration
  • Cloud-centric security
  • Zero-trust architecture
  • IoT 佮 OT protection
• IDS/IPS Signatures
  • Signature-based detection
  • Anomaly/heuristic-based detection
  • Real-time updates
  • Custom signatures

3. Web Filtering

• Agent-based filtering
• Centralized proxy filtering
• Universal Resource Locator(URL) scanninig
• Content categorization
• Block rules
• Reputation-based filtering

4. Operating System Security

保護 OS 袂受 to̍h 攻擊。ē iōng 使用以下的方法：

• Keep your system updated
• User Account Control(UAC)
• Minimize attack surface
• Implement strong authentication
• Employ access controls
• Enable firewall protection
• Encrypt data
• Monitor and log activities
• Patch management
• Educate users
• Back up your data
• Disaster recovery plan

Group Policy
SELinux

5. The Implementation of Secure Protocols

• Protocol selection
• Port selection
• Transport method

Insecure Protocols
Secure Protocols

6. DNS Filtering

• Blcoks access to malicious sites
• Content filtering
• Enhancing privacy
• Secuity reinforcement

7. Email Security

使用 encryption 佮 authentication 來保護 Email：

• S/MIME
• Pretty Good Privacy(PGP)
• Domain-Based Message Authentication Reporting and Conformation(DMARC)
• DomainKeys Identified Mail(DKIM)
• Sender Policy Framework(SPF)
• Gateway

8. File Integrity Monitoring

9. Data Loss Prevention(DLP)

10. Network Access Control(NAC)

• Agents
• Health authority
• Remediation server

11. Endpoint Detection and Response(EDR) and Extended Detection and Response(XDR)

EDR 按怎運作：

• Data Collection
• Detection
• Alerting
• Response

XDR 的特點：

• Data integration
• Advanced analytics
• Automation and orchestration
• Scalability

12. User Behavior Analytics