Cyber Range Team Capstone Project Summary - Sprint 3 (Team B)

In order to understand why we should use firewalls, and security analytics, or IDS (intrusion detection system) or IPS (intrusion prevention system); we should know why cyber security is important and crucial in the managing/maintenance of computer data in both organizations and personal use.
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems. Cybersecurity is important because it helps protect organizations, individuals, and governments from cyber threats and attacks. In today's digital age, we are heavily reliant on technology and the internet, and cyber threats pose a significant risk to our security, privacy, and financial stability.

Here are some reasons why cybersecurity is important:

Protects sensitive information: Cybersecurity helps protect sensitive information, such as personal data, financial records, and intellectual property, from unauthorized access, theft, and exploitation. This information can be valuable to cybercriminals, who can use it for fraudulent activities, identity theft, or sell it on the dark web.
Prevents cyber attacks: Cybersecurity measures help prevent cyber attacks, such as malware, ransomware, phishing, and denial-of-service attacks. These attacks can disrupt business operations, cause financial losses, and damage the reputation of individuals and organizations.
Ensures business continuity: Cybersecurity measures help ensure business continuity by protecting critical systems and data. In the event of a cyber attack, having a robust cybersecurity plan can help minimize the impact of the attack and help organizations recover quickly.
Maintains privacy: Cybersecurity helps maintain privacy by protecting personal information from being collected, analyzed, or exploited without the individual's consent. This is especially important as more data is being collected through connected devices and the Internet of Things (IoT).
Compliance: Many organizations are required to comply with regulatory requirements, such as GDPR, HIPAA, and PCI DSS, which mandate specific cybersecurity measures to protect sensitive information and maintain privacy. IDS and IPS are network security technologies that help organizations detect and prevent cyber attacks. IDS stands for Intrusion Detection System, while IPS stands for Intrusion Prevention System. The main difference between the two is that IDS is a passive system that detects and alerts security personnel about potential security breaches, while IPS is an active system that can also block or prevent the attack in real-time.

An IDS works by analyzing network traffic and identifying patterns or signatures of known attacks. It compares the traffic against a database of known attack signatures and generates an alert when it detects a match. IDS can also use behavior-based analysis to detect anomalous traffic patterns that may indicate a new or unknown attack. An IPS goes one step further than IDS by blocking or preventing the attack in real-time. When an IPS detects an attack, it can take immediate action to block the traffic or take other measures to prevent the attack from succeeding. This can help prevent damage to the organization's network and systems. Both IDS and IPS can be used in various environments, including on-premises, cloud, and hybrid environments. They are often deployed as part of a larger security framework that includes other security technologies such as firewalls, antivirus, and endpoint protection.

Splunk is a software platform used for collecting, indexing, and analyzing machine-generated data in real-time. It allows organizations to search, monitor, and analyze large amounts of data from a variety of sources, including applications, systems, and devices. Splunk can absorb data from a wide range of sources, including log files, configuration files, metrics, and sensors. It uses a proprietary indexing technology that enables fast search and analysis of data, making it an ideal solution for managing and analyzing large-scale, high-velocity data sets. The platform provides a range of analytics tools that enable users to visualize, analyze, and interpret data, including real-time dashboards, reports, and alerts. It also supports machine learning and artificial intelligence capabilities that can help organizations detect anomalies, identify patterns, and predict future events. Splunk is widely used in a variety of industries, including IT operations, security, compliance, and business analytics. It helps organizations improve their operational efficiency, reduce downtime, detect and respond to security threats, and gain valuable insights into their data. Splunk is important in AWS because it helps organizations centralize and analyze log data, monitor security events, manage compliance, and gain operational insights. By leveraging Splunk's capabilities, organizations can improve their security posture, reduce the risk of cyber attacks, and optimize their cloud operations.

Kali Linux is a Debian-based Linux distribution designed for advanced penetration testing, network security, and digital forensics. It was developed by Offensive Security, a leading provider of professional penetration testing services and training. Kali Linux is a powerful tool for cybersecurity professionals, ethical hackers, and security researchers who need to assess the security of a system or network. It comes pre-installed with hundreds of security tools and utilities, including reconnaissance, vulnerability scanning, exploitation, privilege escalation, password cracking, just to name a few. Kali Linux is designed to be highly customizable, and users can add or remove tools and packages as needed. It also includes a powerful package management system that allows users to easily install, update, and manage software packages. Kali Linux is widely used in the cybersecurity industry for various purposes, including penetration testing, digital forensics, and security research. It is also used by educational institutions and security enthusiasts who want to learn more about cybersecurity and practice their skills.

Ubuntu is a free and open-source Linux distribution based on Debian. It is one of the most popular Linux distributions and is widely used for desktop and server computing. Ubuntu is known for its user-friendly interface and ease of use, making it a popular choice for both beginners and experienced users. It comes with a wide range of pre-installed software, including productivity tools, multimedia applications, and web browsers. It also supports a wide range of hardware platforms and architectures, making it a versatile choice for desktop and server computing. Ubuntu is also known for its strong focus on privacy and security. It includes a range of security features, including AppArmor, a mandatory access control framework that limits the access of applications to system resources, and the Uncomplicated Firewall, a simple firewall utility that can be configured with ease.

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Its primary purpose is to protect the network from unauthorized access, data theft, malware, and other network threats. A firewall acts as a barrier between an internal network and the Internet or other external networks. It analyzes the data packets that pass through it and decides whether to allow or block them based on the predefined rules set by the network administrator. A firewall can be implemented in software, hardware, or a combination of both. It can be used to protect individual computers, local networks, or enterprise-level networks.

It is important to have firewalls, Splunk, Kali Linux, IDS/IPS in AWS for several reasons, including:

Security: AWS is a cloud platform that is prone to cyber attacks, and having these security tools can help prevent unauthorized access, data breaches, and other security threats. Firewalls, IDS/IPS, and Kali Linux are designed to detect and prevent unauthorized access, while Splunk is a tool used for monitoring and analyzing security events.
Compliance: Many organizations are subject to various regulatory requirements, such as PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act of 1996), and GDPR (General Data Protection Regulation), which require them to implement specific security controls. Having firewalls, IDS/IPS, and Splunk in place can help organizations comply with these regulations and avoid penalties for non-compliance.
Visibility: AWS is a complex platform with many services and configurations, making it difficult to identify security threats and breaches. Having tools like Splunk can help organizations gain visibility into their AWS environment, identify anomalies and security events, and respond to them quickly.
Proactive Security: Implementing firewalls, IDS/IPS, and Kali Linux in AWS can help organizations take a proactive approach to security. Instead of waiting for security incidents to occur, these tools can help detect and prevent them before they cause damage to the organization's assets and reputation.

In conclusion, cyber security is a critical aspect of managing and maintaining computer data in both organizational and personal settings. The use of firewalls, security analytics, intrusion detection systems, and intrusion prevention systems can help to protect against various cyber threats, such as malware, viruses, and hacking attempts. Understanding the importance of cyber security is essential in ensuring the security and privacy of data, and can help to minimize the risk of data breaches and other cyber attacks. By implementing effective cyber security measures, individuals and organizations can mitigate the potential risks associated with cyber threats, and ensure the safe and secure use of digital technology.