Information Security 3 Flashcards
wall or partition that is designed to prevent fire from spreading from one part of a building to another.
firewall
Firewall Types
- Network Layer Firewall
- Transport Layer Firewall
- Application Layer Firewall
- Context Aware Application Firewall
- Proxy Server
- Reverse Proxy Server
- Network Address Translation (NAT) Firewall
- Host-based Firewall
filtering based on source and destination IP addresses
Network Layer Firewall
filtering based on source and destination data ports, and filtering based on connection states
Transport Layer Firewall
filtering based on application, program or service
Application Layer Firewall
iltering based on the user, device, role, application type, and threat profile
Context Aware Application Firewall
filtering of web content requests like URL, domain, media, etc.
Proxy Server
placed in front of web servers, reverse proxy servers protect, hide, offload, and distribute access to web servers
Reverse Proxy Server
hides or masquerades the private addresses of network hosts
Network Address Translation (NAT) Firewall
filtering of ports and system service calls on a single computer operating system
Host-based Firewall
designed to control, or filter, which communications are allowed in and which are allowed out of a device or network, as shown in the figu
firewall
process of probing a computer, server or other network host for open ports. In networking, each application running on a device is assigned an identifier called a port number.
Port Scanning
The host replied indicating a service is listening on the port.
Open or Accepted
The host replied indicating that connections will be denied to the port.
Closed, Denied, or Not Listening
There was no reply from the host.
Filtered, Dropped, or Blocked
8 types of firewalls based on general structure and method
- packet-filtering firewall
- circuit-level gateway
- stateful inspection firewall
- application-level firewall
- next-gen firewall
- software firewall
- hardware firewall
- cloud firewall
- oldest firewall
- designed to create checkpoints at individual routers or switches
packet-filtering firewall
- quickyly and easily approve or deny traffic
- verifying transmission control protocol handshake
circuit-level gateway
- combination of packet-filtering and circuit-level gateway
- offer higher level of protection of your business
stateful inspection firewall
- firewalls operate at application layer to filter traffic
- cloud-based most of the time and establish traffic connections and examine data packets coming
proxy firewall
time it was created into what makes it this kind of firewall
next generation firewall
firewalls installed on local devices
software firewall
firewalls used on physical devices and act as traffic router
hardware firewall
- also called as FaaS
- often go hand in hand i=with proxy firewalls and they grow with business
cloud firewall
can be stand-alone devices, like a router or firewall, a card that can be installed into a network device, or a module with its own processor and cached memory
Security Appliances
have many firewall capabilities besides just routing functions, including traffic filtering, the ability to run an Intrusion Prevention System (IPS), encryption, and VPN capabilities for secure encrypted tunneling.
Routers
Cisco Next Generation Firewalls have all the capabilities of an ISR router, as well as, advanced network management and analytics. Cisco Adaptive Security Appliance (ASA) with firewall capabilities are shown in Figure 2.
Firewalls
are dedicated to intrusion prevention.
IPS
server and client technologies. It is designed for secure encrypted tunneling.
Virtual Private Network (VPN)
comes in next generation Cisco routers, firewalls, IPS devices, Web and Email Security Appliances and can also be installed as software in host computers.
Malware/Antivirus
This category includes web and email security appliances, decryption devices, client access control servers, and security management systems.
Other Security Devices
which firewall is best for business needs
cloud and hardware firewalls
Detecting attacks in real time requires actively scanning for attacks using firewall and IDS/IPS network devices
Real Time Scanning from Edge to Endpoint
- DDoS is one of the biggest attack threats requiring real-time response and detection.
- DDoS attacks are extremely difficult to defend against because the attacks originate from hundreds, or thousands of zombie hosts, and the attacks appear as legitimate traffic, as shown in the figure.
DDoS Attacks and Real Time Response
- security technique that regulates who or what can view or use resourcesin a computing environment
- fundamental concept in security that minimizes risk to the business organization
- perform identification authentication and authorization of users and entities by evaluating login credentials
access control
two types of access control
- physical access
- logical access
type of access that controls limit access to campuses, buildings, rooms and physical IT assets
physical access
type of access control that limits connections to computer networks, system files and data
logical data
why is access control important?
- minimiza security risk
- ensures security technology and access control are in place to protect customer data
- complex and can be challenging to manage
- on-premises and cloud environments
models of access controls
- mandatory access control
- discretionary access control
- role-based access control
- rule-based access control
- attribute-based access control
security model in which access rights are regulated by central authority based on multiple levels of security
mandatory access control
access control method which owners or admins set policies defining who or what is authorized to access the resource
discretionary access control
This is a widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions
Role-based access control (RBAC)
This is a security model in which the system administrator defines the rules that govern access to resource objects
Rule-based access control.
This is a methodology that manages access
rights by evaluating a set of rules, policies and relationships using the attributes of
users, systems and environmental condition
Attribute-based access control (ABAC)
Challenges of access control
- dynamically managing distributed IT environments;
- password fatigue;
- compliance visibility through consistent reporting;
- centralizing user directories and avoiding application-specific silos; and
- data governance and visibility through consistent reporting.
- use of a program to screen and/or exclude access to web pages or email deemed objectionable
- also used to implement company policies related to information system
usage.
Content Filtering
types of content filtering
- web filter
- email filter
- internet filter
- search engine filter
- proxy content filtering
- dns based content filtering
Top 10 Content Filtering Software
Solutions
- AT&T Global Security Gateway
- Barracuda Web Security Gateway
- Cisco Umbrella
- Comodo Cybersecurity
- DNSFilter
- Flashstart
- FortiGuard
- Smoothwall SWG
- WebRoot
- WebTitan
Why is Content Filtering Important?
helps to mitigate these risks by making such content difficult to access in the workplace, and by demonstrating the company’s intolerance for inappropriate, illegal, or objectionable content in general.
n encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted
Virtual Private Network
To be effective, content filtering has to be deployed across all content channels. The most common channels include
- web
- emails
- executables
- provides a safe, secure way to connect users and devices
- remotely to a corporate network. It includes VPN technology that uses strong ways to authenticate the user or device
Secure remote access
Types of VPNs
- remote access
- site-to-site
VPN securely connects a device outside the corporate office
Remote access
connects the corporate office to branch offices over the Internet
Site-to-site
Setting up a VPN on Windows 10
- Type “VPN” into the search box in your
taskbar, then open your VPN Settings - Add a VPN connection
- Here, you’ll enter all the information about
your VPN - click the icon that corresponds
to your internet connection
- AI
- Autonomous Drive and Systems
- Computing and Data Storage Technologies
- Telecommunication Infrastructure
- Internet of Things (IoT)
- Privacy-Enhancing Technologies
- Blokchain and Distributed Ledger Technologies
could increase autimation, speed, frequency and efficiency of attacks as well as potential for tailored attacks targeting specific groups
AI/ML
could be used to carry out disguised criminal acts, develop new operation methods for criminals or canduct large-scale automated attacks
autonomous device and systems
development and increasing use of computing and data storage technologies could be exploited by criminals to gain access and disseminated non-consensual recordings
computing data and storage tech
can be used to enhance anonymity, speed aand capacity of criminal activities
telecommunication infrastructure
growing volumes of data gathered by IOT could become vulnerable to theft, corruption, extortion
IoT
could be exploited by malicious actors to pursure illicit activities anonymously and secretly making it difficult to detect criminal
activity
Privacy Enhancing Technologies (PETS)
transactions become digitalized and processed, these could be manipulated for malicious purposes such as preventing transactions from being processed
blockchain and distributed ledger technologies
