Module 2 - 03-2 Flashcards
System identification
Define Firewall
A network security device that monitors traffic to and from your network.
It either allows traffic or it blocks it based on a defined set of security rules. A firewall can use port filtering, which blocks or allows certain port numbers to limit unwanted communication.
Define Port Filtering
A firewall function that blocks or allows certain port numbers to limit unwanted communication
What are a few different kinds of Firewalls?
- Hardware firewall
- Software firewall (NVA)
- Cloud-based firewall
Describe a Hardware firewall
A hardware firewall is considered the most basic way to defend against threats to a network. A hardware firewall inspects each data packet before it’s allowed to enter the network.
Describe a Software firewall
A software firewall performs the same functions as a hardware firewall, but it’s not a physical device. Instead, it’s a software program installed on a computer or on a server. If the software firewall is installed on a computer, it will analyze all the traffic received by that computer. If the software firewall is installed on a server, it will protect all the devices connected to the server. A software firewall typically costs less than purchasing a separate physical device, and it doesn’t take up any extra space. But because it is a software program, it will add some processing burden to the individual devices.
What does NVA stand for?
Network Virtual Appliances (NVA)
Describe a Cloud-based firewall
Organizations may choose to use a cloud-based firewall. Cloud service providers offer firewalls as a service, or FaaS, for organizations. Cloud-based firewalls are Software firewalls hosted by a cloud service provider. Organizations can configure the firewall rules on the cloud service provider’s interface, and the firewall will perform security operations on all incoming traffic before it reaches the organization’s onsite network. Cloud-based firewalls also protect any assets or processes that an organization might be using in the cloud.
What are the two main categories of firewalls?
- Stateful
- Stateless
Define Stateful
A class of firewall that keeps track of information passing through it and proactively filters out threats.
Define Stateless
A class of firewall that operates based on predefined rules and does not keep track of information from data packets.
Describe a Stateful Firewall
A stateful firewall analyzes network traffic for characteristics and behavior that appear suspicious and stops them from entering the network.
Unlike stateless firewalls, which require rules to be configured in two directions, a stateful firewall only requires a rule in one direction. This is because it uses a “state table” to track connections, so it can match return traffic to an existing session
Describe a Stateless Firewall
A stateless firewall only acts according to preconfigured rules set by the firewall administrator. The rules programmed by the firewall administrator tell the device what to accept and what to reject. A stateless firewall doesn’t store analyzed information. It also doesn’t discover suspicious trends like a stateful firewall does. For this reason, stateless firewalls are considered less secure than stateful firewalls.
What does NGFW stand for?
Next Generation FireWall
Describe an NGFW
A next generation firewall, or NGFW, provides even more security than a stateful firewall. Not only does an NGFW provide stateful inspection of incoming and outgoing traffic, but it also performs more in-depth security functions like deep packet inspection and intrusion protection. Some NGFWs connect to cloud-based threat intelligence services so they can quickly update to protect against emerging cyber threats.
NGFWs can inspect traffic at the application layer of the TCP/IP model and are typically application aware. Unlike traditional firewalls that block traffic based on IP address and ports, NGFWs rules can be configured to block or allow traffic based on the application. Some NGFWs have additional features like Malware Sandboxing, Network Anti-Virus, and URL and DNS Filtering.
What are benefits of next generation firewall (NGFW)
- Deep packet inspection
(a kind of packet sniffing that examines data packets and takes actions if threats exist) - Intrusion protection
- Threat intelligence
Which class of firewall operates based on predefined rules and does not keep track of information from data packets?
- Stateful
- Stateless
- Cloud-based
- NGFW
Stateless
Stateless firewalls are a class of firewall that operates based on predefined rules and does not keep track of information from data packets.
What does VPN stand for?
Virtual Private Network
Define VPN
A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you’re using a public network like the internet
Describe a VPN
VPNs also encrypt your data as it travels across the internet to preserve confidentiality. A VPN service performs encapsulation on your data in transit.
Encapsulation is a process performed by a VPN service that protects your data by wrapping sensitive data in other data packets.
The MAC and IP address of the destination device is contained in the header and footer of a data packet. This is a security threat because it shows the IP and virtual location of your private network. You could secure a data packet by encrypting it to make sure your information can’t be deciphered, but then network routers won’t be able to read the IP and MAC address to know where to send it to. This means you won’t be able to connect to the internet site or the service that you want. Encapsulation solves this problem while still maintaining your privacy.
VPN services encrypt your data packets and encapsulate them in other data packets that the routers can read. This allows your network requests to reach their destination, but still encrypts your personal data so it’s unreadable while in transit. A VPN also uses an encrypted tunnel between your device and the VPN server. The encryption is unhackable without a cryptographic key, so no one can access your data.
VPN services are simple and offer significant protection while you’re on the internet. With a VPN, you have the added assurance that your data is encrypted, and your IP address and virtual location are unreadable to malicious actors.
Please note that most websites today use HTTPS. This encrypts the data being transferred between your device and the website. This makes it harder to intercept personal information even if internet traffic can be seen. A VPN encrypts all your internet traffic which helps protect your privacy.
Enterprises and other organizations use VPNs to help protect communications from users’ devices to corporate resources. Some of these resources include servers or virtual machines that host business applications.
Individuals also use VPNs to increase personal privacy. VPNs protect user privacy by concealing personal information, including IP addresses, from external servers.
A reputable VPN also minimizes its own access to user internet activity by using strong encryption and other security measures. Organizations are increasingly using a combination of VPN and SD-WAN capabilities to secure their networks.
VPNs provide a server that acts as a gateway between a computer and the internet. This server creates a path similar to a virtual tunnel that hides the computer’s IP address and encrypts the data in transit to the internet. The main purpose of a VPN is to create a secure connection between a computer and a network. Additionally, a VPN allows trusted connections to be established on non-trusted networks. VPN protocols determine how the secure network tunnel is formed. Different VPN providers provide different VPN protocols.
What does SD-WAN stand for?
Software-defined wide area network (SD-WAN)
Define SD-WAN
A virtual WAN service that allows organizations to securely connect users to applications across multiple locations and over large geographical distances
Define Encapsulation
A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets.
____ is a process performed by a VPN service that protects data in transit by wrapping sensitive data in other data packets.
- HTTPS
- Encapsulation
- NGFW
- Address Resolution Protocol (ARP)
Encapsulation
A VPN service performs encapsulation to protect data in transit. Encapsulation protects data by wrapping it in other data packets.
Define Security zone
A segment of a network that protects the internal network from the internet
Define Network segmentation
A security technique that divides the network into segments.
Each network segment has its own access permissions and security rules.
Describe Security zone
Security zones control who can access different segments of a network. Security zones act as a barrier to internal networks, maintain privacy within corporate groups, and prevent issues from spreading to the whole network.
Additionally, an organization’s network can be divided into subnetworks, or subnets, to maintain privacy for each department in an organization.
What two types of security zones can an organization’s network be classified as?
- Uncontrolled zone
- Controlled zone
Define Uncontrolled zone
Any network outside of the organization’s control
Define Controlled zone
A subnet that protects the internal network from the uncontrolled zone
How many types of networks are within the Controlled Zone?
Three (3)
What types of networks are within the Controlled Zone?
- Demilitarized zone (DMZ)
- Internal network
- Restricted zone
What does DMZ stand for?
Demilitarized zone (DMZ)
Describe DMZ
On the outer layer is the demilitarized zone, or DMZ, which contains public-facing services that can access the internet.
This includes web servers, proxy servers that host websites for the public, and DNS servers that provide IP addresses for internet users. It also includes email and file servers that handle external communications. The DMZ acts as a network perimeter to the internal network.
Describe Internal network
The internal network contains private servers and data that the organization needs to protect. Inside the internal network is another zone called the restricted zone.
Describe Restricted zone
The restricted zone protects highly confidential information that is only accessible to employees with certain privileges.
Which of the following areas are in the controlled zone? Select all that apply.
- Uncontrolled zone
- Restricted zone
- Internal network
- Demilitarized zone (DMZ)
- Restricted zone
- Internal network
- Demilitarized zone (DMZ)
The DMZ, internal network, and restricted zones are all within the controlled zone.
The restricted zone protects highly confidential information that is only accessible to employees with certain privileges.
The internal network contains private servers and data that the organization needs to protect.
The DMZ contains public-facing services that can access the internet.
Describe the structure of a Controlled Zone
Ideally, the DMZ is situated between two firewalls. One of them filters traffic outside the DMZ, and one of them filters traffic entering the internal network. This protects the internal network with several lines of defense. If there’s a restricted zone, that too would be protected with another firewall. This way, attacks that penetrate into the DMZ network cannot spread to the internal network, and attacks that penetrate the internal network cannot access the restricted zone.
Define Subnetting
The subdivision of a network into logical groups called subnets
Describe Subnetting
It works like a network inside a network.
Subnetting divides up a network address range into smaller subnets within the network. These smaller subnets form based on the IP addresses and network mask of the devices on the network.
Subnetting creates a network of devices to function as their own network. This makes the network more efficient and can also be used to create security zones. If devices on the same subnet communicate with each other, the switch changes the transmissions to stay on the same subnet, improving speed and efficiency of the communications.
What does CIDR stand for?
Classless Inter-Domain Routing (CIDR)
Define CIDR
A method of assigning subnet masks to IP addresses to create a subnet
Describe CIDR
Classless addressing replaces classful addressing. Classful addressing was used in the 1980s as a system of grouping IP addresses into classes (Class A to Class E). Each class included a limited number of IP addresses, which were depleted as the number of devices connecting to the internet outgrew the classful range in the 1990s. Classless CIDR addressing expanded the number of available IPv4 addresses.
CIDR allows cybersecurity professionals to segment classful networks into smaller chunks. CIDR IP addresses are formatted like IPv4 addresses, but they include a slash (“/’”) followed by a number at the end of the address; This extra number is called the IP network prefix.
For example, a regular IPv4 address uses the 198.51.100.0 format, whereas a CIDR IP address would include the IP network prefix at the end of the address, 198.51.100.0/24. This CIDR address encompasses all IP addresses between 198.51.100.0 and 198.51.100.255. The system of CIDR addressing reduces the number of entries in routing tables and provides more available IP addresses within networks.
What are the security benefits of subnetting?
Subnetting allows network professionals and analysts to create a network within their own network without requesting another network IP address from their internet service provider. This process uses network bandwidth more efficiently and improves network performance. Subnetting is one component of creating isolated subnetworks through physical isolation, routing configuration, and firewalls.
Define Proxy server
A server that fulfills the request of a client by forwarding them on to other servers
Describe Proxy server
The proxy server is a dedicated server that sits between the internet and the rest of the network. When a request to connect to the network comes in from the internet, the proxy server will determine if the connection request is safe. The proxy server uses a public IP address that is different from the rest of the private network. This hides the private network’s IP address from malicious actors on the internet and adds a layer of security.
Let’s examine how this will work with an example. When a client receives an HTTPS response, they will notice a distorted IP address or no IP address rather than the real IP address of the organization’s web server. A proxy server can also be used to block unsafe websites that users aren’t allowed to access on an organization’s network.
A proxy server uses temporary memory to store data that’s regularly requested by external servers. This way, it doesn’t have to fetch data from an organization’s internal servers every time. This enhances security by reducing contact with the internal server.
Proxy servers utilize network address translation (NAT) to serve as a barrier between clients on the network and external threats.
Some proxy servers can also be configured with rules, like a firewall.
What are different types of Proxy servers?
- Forward proxy server
- Reverse proxy server
Define Forward proxy server
Regulates and restricts a person with access to the internet
Handle queries from internal clients when they access resources external to the network
Define Reverse proxy server
Regulates and restricts the internet access to an internal server
Handle requests from external systems to services on the internal network
Describe Forward proxy server
The goal is to hide a user’s IP address and approve all outgoing requests. In the context of an organization, a forward proxy server receives outgoing traffic from an employee, approves it, and then forwards it on to the destination on the internet.
Describe Reverse proxy server
The goal is to accept traffic from external parties, approve it, and forward it to the internal servers. This setup is useful for protecting internal web servers containing confidential data from exposing their IP address to external parties.
Describe Email proxy server
An email proxy server is another valuable security tool. It filters spam email by verifying whether a sender’s address was forged. This reduces the risk of phishing attacks that impersonate people known to the organization.
A(n) _____ regulates and restricts the internet’s access to an internal server.
- email proxy server
- reverse proxy server
- forward proxy server
- virtual private network (VPN)
reverse proxy server
A reverse proxy server regulates and restricts the internet’s access to an internal server.
What monitors and filters traffic coming in and out of a network?
- Uncontrolled zone
- Firewall
- Forward proxy server
- Domain name system (DNS)
Firewall
A firewall monitors and filters traffic coming in and out of a network. It either allows or denies traffic based on a defined set of security rules.
Stateless is a class of firewall that keeps track of information passing through it and proactively filters out threats.
- True
- False
False
Stateful is a class of firewall that keeps track of information passing through it and proactively filters out threats. Stateless operates based on predefined rules and does not keep track of information from data packets.
Encapsulation can be performed by a _____ to help protect information by wrapping sensitive data in other data packets.
- security zone
- proxy server
- firewall
- VPN service
VPN service
Encapsulation can be performed by a VPN service to help protect information by wrapping sensitive data in other data packets. VPNs change a public IP address and hide a virtual location to keep data private when using a public network.
Which security zone is used to ensure highly confidential information and is only accessible to employees with certain privileges?
- Demilitarized zone (DMZ)
- Restricted zone
- Uncontrolled zone
- Management zone
Restricted zone
The restricted zone protects highly confidential information that only people with certain privileges can access. It typically has a separate firewall.
A security analyst uses a _____ to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.
- port filter
- controlled zone
- forward proxy server
- reverse proxy server
reverse proxy server
A security analyst uses a reverse proxy server to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.
What are two types of VPNs?
- Remote access
- Site-to-site
Describe Remote access VPNs
Individual users use remote access VPNs to establish a connection between a personal device and a VPN server. Remote access VPNs encrypt data sent or received through a personal device. The connection between the user and the remote access VPN is established through the internet.
Describe Site-to-site VPNs
Enterprises use site-to-site VPNs largely to extend their network to other networks and locations. This is particularly useful for organizations that have many offices across the globe. IPSec is commonly used in site-to-site VPNs to create an encrypted tunnel between the primary network and the remote network. One disadvantage of site-to-site VPNs is how complex they can be to configure and manage compared to remote VPNs.
What are two VPN protocols?
- WireGuard VPN
- IPSec VPN
A VPN protocol is similar to a network protocol: It’s a set of rules or instructions that will determine how data moves between endpoints.
WireGuard and IPSec are two different VPN protocols used to encrypt traffic over a secure network tunnel. The majority of VPN providers offer a variety of options for VPN protocols, such as WireGuard or IPSec. Ultimately, choosing between IPSec and WireGuard depends on many factors, including connection speeds, compatibility with existing network infrastructure, and business or individual needs.
Define Endpoint
An endpoint is any device connected on a network.
Some examples of endpoints include computers, mobile devices, and servers.
Describe WireGuard VPN
WireGuard is a high-speed VPN protocol, with advanced encryption, to protect users when they are accessing the internet. It’s designed to be simple to set up and maintain. WireGuard can be used for both site-to-site connection and client-server connections. WireGuard is relatively newer than IPSec, and is used by many people due to the fact that its download speed is enhanced by using fewer lines of code. WireGuard is also open source, which makes it easier for users to deploy and debug. This protocol is useful for processes that require faster download speeds, such as streaming video content or downloading large files.
Describe IPSec VPN
IPSec is another VPN protocol that may be used to set up VPNs. Most VPN providers use IPSec to encrypt and authenticate data packets in order to establish secure, encrypted connections. Since IPSec is one of the earlier VPN protocols, many operating systems support IPSec from VPN providers.
Although IPSec and WireGuard are both VPN protocols, IPSec is older and more complex than WireGuard. Some clients may prefer IPSec due to its longer history of use, extensive security testing, and widespread adoption. However, others may prefer WireGuard because of its potential for better performance and simpler configuration.
