4. Network Security Fundamentals Flashcards
Define a Firewall
A collection of components that’s placed between two networks
What are the different firewall types / approaches?
Filtering
Proxy
Hybrid
Describe the different features involved when filtering firewalls
Use existing router
Called screening router
Are stateless firewalls that use a simple policy table look-up that filters traffic based on specific criteria
IP source and destination addresses used for filtering
What are the disadvantages when filtering firewalls?
Little / no logging capability
Difficult for administrator to determine whether router has been compromised or is under attack
Packet filtering rules are difficult to set up & test thoroughly (particularly with complicated filtering rules)
What are the different types of firewall gateways?
Application level gateway
Circuit level gateway
Describe the different types of firewall gateways
Application level gateway:
Specialised application or server programs that run on a firewall host
Acts as (a “go between”)
Operates at the application layer
Able to both control the session & provide detailed logging
Circuit level gateway:
Don’t interpret the application protocols but they authenticate the user before establishing the circuits
Operates at session or transport layer (in the ISO model)
Direct connection is never allowed
Able to record, monitor & collate activity
What are some of the problems that are associated with firewall proxy servers?
Speed - slow
Increased complexity
Performance
How have firewalls evolved?
As a hybrid / 3G
Known as dynamic packet filtering / stateful inspection
Describe dynamic packet filtering / stateful inspection
Sometimes referred to as 3rd generation firewalls
Operates on network layer (generally fast)
Not very flexible but able to change rules
Direct connect is also never allowed between the two communication networks
Able to make decision on all the data in the packet
What are the key firewall questions that needs to be considered?
What level of security is required?
Which type(s) of firewall(s) are required?
What is an acceptable access / performance is security trade off?
Firewall rules governing access controls etc. are generated from the security policy
What are the common characteristics of Intrusion Detection & Prevention Systems?
Both technologies are deployed as sensors
Both technologies use signatures to detect patterns of misuse in network traffic
Both can detect atomic patterns (single-packet) or composite patterns (multi-packet)
What are the advantages and disadvantages of IDS (Intrusion Detection Systems)?
Advantages:
No impact on network (includes latency and jitter)
No network impact if there’s a sensor failure
No network impact if there is a sensor overload
Disadvantages:
Response action can’t stop trigger packets
Correct tuning required for response actions
More vulnerable to network security evasion techniques
What are the advantages and disadvantages of IPS (Intrusion Prevention Systems)?
Advantages:
Stops trigger packets
Can use stream normalisation techniques
Disadvantages:
Sensor issues might affect network traffic
Sensor overloading impacts the network
Some impact on the network (latency, litter)