Lesson 14: Supporting and Troubleshooting Secure Networks Flashcards
Define network segmentation enforcement
Enforcing a security zone by separating a segment of the network from access by the rest of the network
How is network segmentation enforcement performed?
Using firewalls, VPNs, and VLANs to separate broadcast domains
What is a (security) zone?
A zone is an area of the network where the security configuration is the same for all hosts within it
Define an internet-facing host
A host that accepts inbound connections from the internet
Define a perimeter network zone
An area of a network that traffic can’t pass through directly enabling external clients access to data on private systems (DMZ)
What types of servers are in a perimeter network zone?
Web servers, application servers, ftp servers, mail servers
How is a perimeter network (DMZ) typically configured?
As a secured boundary between the internet and a private network with two firewalls placed on each side of the perimeter network zone
What is the purpose of an edge firewall in perimeter network/DMZ?
To restrict traffic on the external/public interface and allows permitted traffic to the hosts in the perimeter network zone
What is the purpose of a choke firewall/point in a perimeter network?
Servers as an internal firewall to filter communications between hosts in the perimeter network and hosts in the LAN network
Define a screened network/Triple Homed Firewall
A network containing one firewall with three network network interaces - one to the internet, one to the DMZ, and another to the LAN
What is the purpose of a firewall?
Software or hardware device that processes traffic according to set rules
Define a packet filtering firewall
Earliest type of firewall that is configured with rules in an ACL, packets are processed by filters to determine if they match defined rules and carry out the action associated with the rule
What are the rules a packet filtering firewall can use to filter traffic?
- Action - Accept/Deny/Drop
- Protocol type, routing protocols
- Port filtering
At what layer of the OSI model does a packet filtering firewall operate?
Layer 3 (Network layer)
What does is it mean that a packet filtering firewall is stateless?
Meaning that it does not preserve information about the connection between two hosts with no record of previously processed packets
Define a stateful inspection firewall
A firewall that maintains stateful information about the session established between two hosts
At what layer of the OSI model does a stateful inspection firewall operate?
Session layer - layer 5
How does a stateful inspection firewall process packets?
When a packet arrives, the firewall checks to confirm whether it belongs to an existing connection, if not, the firewall will apply ordinary filtering rules to determine whether to allow it
Define a proxy server
A system or router that provides a gateway between users and another server to filter and often modify communications
What is a forward proxy server?
A proxy server for accepting connections from clients on a private network and forwarding those requests to the public internet
What is a non-transparent proxy server?
A proxy server whose clients must be configured with the proxy server address and the port number to use, typically TCP port 8080
What is a transparent proxy server?
Proxy server that intercepts client traffic without the clients having to be configured for proxy, and is implemented on a switch/router
What is a reverse proxy server?
A proxy server for receiving connections from public interfaces and routing them to internal clients
Define Network Address Translation (NAT)
Routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally using an internet facing device
