2 - Firewall/DMZ Flashcards
Firewall
Integrated colleciton of security mesaures that prevent unauthorised access to a network.
A Firewall can/is:
- Security Gateway
- Traffic Control Device
- Packet Filtering
- Routing
- ENforce security policy
- Loggin
- Secure the net from external attack
Firewalls are not/cannot:
- Be the only security
- Not an auth/remote access server
- Cannot see the content of encrypted packets
- Cannot see all traffic if positioned incorrectly
- Not a malicious code scanner
- Not an IDS.
Firewall Ingress/Egress filtering
Monitoring and filtering directional inbound/outbound traffic
Packet filtering
Examines network protocol headers and parameter.s
Stateless (rules) or stateful (conneciton states)
Content Filtering
Focuses on network protocol payloads
4 Firewall risks and disadvantages
- Central point of attack.
- Can degrade system performance
- May restrict legitimate users
- Does not provide data integrity and confidentiality
Firewall rules
An instruction set that indicates what actions a firewall should take
Firewall rule structure
- Protocol
- Src Address
- Src Port
- Target Address
- Target Port
- Action
Why log?
- Validate rules
- Historical and reactive tracking
WHat data to log?
- Connections
- Traffic to successfully traverse through the firewall
- Configuration Chagnes
- Firewall system access
General rule for what protocols to allow
Allow encrypted protocols and only allow unencrypted for users that require it with sufficient training.
If it is internal you might allow it but again, risk assess.`
DMZ Design
Segregate devices etc based on risk.
Isolate certain services + functions.
Adds additional security layer.
DMZ
A zone with an intermediate trust level, between the internet and trusted internal network
DMZ Architecture
Uses firewall to restrict access from internet to private LAN.
Single or dual firewall.
