The motive for Network Security Incident Response Plan is to stumble on and react to Network Security breaches, decide their scope and danger, respond quickly- and correctly to the incident, carry the effects and risks to all stakeholders, and decrease the chance of the incident of repeating itself.

The primary incident process encompasses six phases: preparation, detection, containment, investigation, remediation and recovery.


Preparation consists of those methodologies that permit brief reaction to an incident: policies, tools, methods, effective teamwork and communication plans. It additionally means that the affected groups have instituted the controls essential to recover and keep operations…

Malware is any short malicious software or code that is designed or written to steal, damage, disrupt or cause any illegitimate action on data, hosts or networks.

There are different classes of malware that vary in ways how they infect systems and the damage they cause. Malwares can infect systems by being bundled with other programs or attached to files, some may be installed by exploiting any known vulnerabilities in Operating System, software or network device. Many are installed by being sent as an email attachment, or downloaded from the internet by the user.

Some commonly known malwares are viruses…

An Intrusion Detection System (IDS) is a system that constantly monitors Network Traffic for any suspicious activity and will issue alerts when such activity is detected. It is a software based application that will scan a network for any harmful activity or policy violations. Malicious activity or violation is typically reported or collected centrally using a security information and event management system (SIEM).

IDS can be classified into 5 categories:

Network Intrusion Detection System: A system that is set up to examine network traffic from all devices that are on the network.

Host Based Intrusion Detection System: A system that…

A Domain Generation Algorithm is an algorithm or program that is designed to generate domain names periodically which is centralized by a command and control server. Attackers use Domain Generation Algorithm so that they can quickly switch the domains that have been generated for malware attacks. Attackers do this because anti-virus software and other cyber security vendors can easily and quickly block malicious domains that malware use. But with DGA it is difficult for such software to detect and stop all the domains that are malicious in nature. …

OSI (Open Systems Interconnection) and TCP/IP are two standardized models that are widely referenced in today’s world. The concepts are similar, the only difference between the two is in the number of layers itself.

In OSI There are 7 Layers, they are listed below along with some protocols that are used on these layers:

1. Application Layer (HTTP/HTTPs, FTP)

2. Presentation Layer (SSL, FTP)

3. Session Layer (ACK, SYN, API)

4. Transport Layer (TCP/UDP)

5. Network Layer (IP, Routers)

6. Data Link Layer (Switches, MAC)

7. Physical Layer (Ethernet, WiFi)

The best way to remember the 7 layers in order…

Tayyab Zaman

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store