Certs: Security+ Implement Security Configuration Parameters on Network Devices

  • Firewalls
    • Can be Hardware or Software based
    • Used to protect one network segment from another
    • Deployed between areas of high and low trust – Private / Public network
    • Firewall types
      • Packet filter
      • Circuit level gateway
      • Application-level
      • Stateful inspection
  • Routers
    • Used to connect several different network segments together
    • Traffic must pass through the routers filters to make the transition
    • Router with ACL (access control list) can be considered a simple firewall
  • Switches
    • Used to connect many other network devices together
    • Mainly used to link hosts, but can be used to link networks also
  • Load Balancers
    • Used to spread a distribute network traffic across network links and/or devices
    • Provides optimal network utilisation, eliminates bottlenecks improves response times, throughput, and performance in general.
  • Proxies
    • A middle man between clients and servers provides caching and content filtering.
    • Servers as a barrier against external threats
  • Web Server Gateways
    • A web content filter, URL and keyword-based.
    • Can provide IM filtering, spam protection, email filtering and spoof detection.
  • VPN Concentrators – Dedicated hardware device designed to support a large number of simultaneous connections
  • NDIS / NIPS – HIDS / HIPS – Designed to detect the presence of unwanted intruders by monitoring network traffic
    • Network & Host
    • IDS = Passive. Just monitors and raises alerts
    • IPS = Active. Monitors and takes actions like shutting down ports or interfaces.
    • Problems – False positives, legitimate traffic mistaken for intruder activity, which in turn could cause an outage.
    • Behaviour Based – Establish a baseline, detect activities that deviate from this baseline
    • Signature Based – Use a database of signatures or patterns of known malicious activities. Requires updates.
    • Anomaly Based –
    • Heuristic – Compared suspicious or new programs against known examples of malware.
  • Protocol Analyser – Tool used to examine the contents of network traffic (sniffer). Capture traffic and then analyse.
  • SPAM Filter – Hardware or software device that removed unwanted messages.
  • UTM – Unified Threat Management – The All in One security Appliance
    • URL Filter – Blocks access to a site based on all or part of a URL
    • Content Inspection – Security inspection where the contents of the application protocol payload are inspected.
    • Malware Inspection – Use of a malware scanner to detect and remove malware.
  • Many firewalls and proxies include all three of the above functions
  • Web Application Firewall v Network Firewall
    • Web App F/W – A device, server add-on, virtual service that defines a strict set of communication rules for a website & visitors. It detects cross-site scripting, SQL Injection, and other web application attacks.
    • Network F/W – A hardware device for general network filtering, designed to protect the entire network.
  • Application-Aware Devices
    • Operate at higher levels of the protocol stack to provide more focused security.
    • Firewalls – Provides filtering for specific applications
    • IPS / IDS – Intrusion prevention and detection for specific applications
    • Proxies – Content filtering, content caching, and forwarding for specific applications.