Information Assurance 4 Flashcards
- aka network firewall.
- Used to filter traffic on a network.
- Block malicious traffic requests and data packets while allowing legitimate traffic through.
Firewall
8 types of firewalls based on general structure and method
- packet-filtering firewall
- circuit-level gateway
- stateful inspection firewall
- application-level firewall
- next-gen firewall
- software firewall
- hardware firewall
- cloud firewall
- oldest firewall
- designed to create checkpoints at individual routers or switches
packet-filtering firewall
- quickyly and easily approve or deny traffic
- verifying transmission control protocol handshake
circuit-level gateway
- combination of packet-filtering and circuit-level gateway
- offer higher level of protection of your business
Stateful Inspection Firewalls
- firewalls operate at application layer to filter traffic
- cloud-based most of the time and establish traffic connections and examine data packets coming
Proxy Firewalls (Application-Level Gateways/Cloud Firewalls) -
- time it was created into what makes it this kind of firewall
- also use IPS –intrusion prevention systems – to stop network attacks
next generation firewall
- These are any firewalls installed on local devices.
- The biggest draw for these in that they can create a useful, in-depth defense path.
- Maintaining these on more than one device is not easy, though, so you may need more than one for each asset
Software firewalls
- use physical appliances, and they act like a traffic router.
- The intercept data packets before they are connected to a network server.
- The weakness here is that they can be easily bypassed, which goes against your need for a firewall
Hardware Firewalls
- also called FaaS – firewalls as a service.
- They often go hand in hand with proxy firewalls, and the most significant benefit to these is that they grow with your business.
- They work to filter large amounts of traffic away from your company, where it’s malicious
cloud firewall
Models of Access Control
- mandatory access control
- discretionary access control
- role-based access control
- rule-based access control
- attribute-based access control
security model in which access rights are regulated by central authority based on multiple levels of security
Mandatory access control (MAC).
access control method which owners or admins set policies defining who or what is authorized to access the resource
discretionary access control
```
This is a widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions
Role-based access control (RBAC)
This is a security model in which the system administrator defines the rules that govern access to resource objects
Rule-based access control.
