Certs: Security+ Implement Security Configuration Parameters on Network Devices
Can be Hardware or Software based
Used to protect one network segment from another
Deployed between areas of high and low trust – Private / Public network
Circuit level gateway
Used to connect several different network segments together
Traffic must pass through the routers filters to make the transition
Router with ACL (access control list) can be considered a simple firewall
Used to connect many other network devices together
Mainly used to link hosts, but can be used to link networks also
Used to spread a distribute network traffic across network links and/or devices
Provides optimal network utilisation, eliminates bottlenecks improves response times, throughput, and performance in general.
A middle man between clients and servers provides caching and content filtering.
Servers as a barrier against external threats
Web Server Gateways
A web content filter, URL and keyword-based.
Can provide IM filtering, spam protection, email filtering and spoof detection.
VPN Concentrators – Dedicated hardware device designed to support a large number of simultaneous connections
NDIS / NIPS – HIDS / HIPS – Designed to detect the presence of unwanted intruders by monitoring network traffic
Network & Host
IDS = Passive. Just monitors and raises alerts
IPS = Active. Monitors and takes actions like shutting down ports or interfaces.
Problems – False positives, legitimate traffic mistaken for intruder activity, which in turn could cause an outage.
Behaviour Based – Establish a baseline, detect activities that deviate from this baseline
Signature Based – Use a database of signatures or patterns of known malicious activities. Requires updates.
Anomaly Based –
Heuristic – Compared suspicious or new programs against known examples of malware.
Protocol Analyser – Tool used to examine the contents of network traffic (sniffer). Capture traffic and then analyse.
SPAM Filter – Hardware or software device that removed unwanted messages.
UTM – Unified Threat Management – The All in One security Appliance
URL Filter – Blocks access to a site based on all or part of a URL
Content Inspection – Security inspection where the contents of the application protocol payload are inspected.
Malware Inspection – Use of a malware scanner to detect and remove malware.
Many firewalls and proxies include all three of the above functions
Web Application Firewall v Network Firewall
Web App F/W – A device, server add-on, virtual service that defines a strict set of communication rules for a website & visitors. It detects cross-site scripting, SQL Injection, and other web application attacks.
Network F/W – A hardware device for general network filtering, designed to protect the entire network.
Operate at higher levels of the protocol stack to provide more focused security.
Firewalls – Provides filtering for specific applications
IPS / IDS – Intrusion prevention and detection for specific applications
Proxies – Content filtering, content caching, and forwarding for specific applications.