Network Security Flashcards
How to design network securely?
One strategy to reduce the impact of attacks is network segmentation. When you segment a network, you divide it into smaller networks called subnets. You can control the flow of traffic between subnets, allowing or disallowing it based on different reasons or blocking the entire flow of traffic.
Proper segmentation of networks can boost speed and network performance by containing certain traffic to the portions of the network that need to see it and they can help localize technical network issues. In addition, network segmentation can prevent unauthorized network traffic or attacks from reaching particular sensitive portions of the network.
You can also secure your network by funneling traffic through choke points, or locations where you can inspect, filter, and control the traffic. The choke point might be the routers that move traffic from one subnet to another, the firewalls that filter traffic through your networks or portions of your networks, or the application proxies that filter the traffic for applications such as web or email.
Creating redundancies when designing your networks can also help mitigate issues. Some attacks or technical failures may render portions of your technology including network or border device, unusable. For example if one of your border devices is subject to DDoS attack, you can’t do much to stop it. However, you can switch to a different internet connection or route traffic to a different device.
Firewall
A firewall is a mechanism for maintaining control over the traffic that flows in and out of network. Typically we place firewalls where the level of trust changes like the border between an internal network and the internet.
Stateful packet filtering
A stateful firewall can watch traffic over a given connection at a granular level. This means that the firewall can track individual packets of data that pass through a particular network connection and analyze them for potential threats.
Deep Packet Filtering
Deep packet firewalls add another layer of intelligence to your firewall capabilities because they can analyze the actual content of traffic that flows through them.
While packet filtering firewalls and stateful firewalls can look at the structure of the network traffic to filter out attacks and undesirable content, deep packet inspection firewalls can resemble the content of the traffic to see what it will deliver to the application to which it’s destined.
Proxy Servers
Special kind of firewall that is related to applications. These servers provide security and performance features such as mail or web browsing. Proxy servers can provide a layer of security for the devices behind them by serving as choke points and they allow you to log the traffic that goes through them for inspection.
Demilitarized Zone
A demilitarized zone(DMZ) is a layer of protection that separates a device from the rest of a network. You can do this by using multiple layers of firewalls.
Intrusion Detection Systems(IDS)
are hardware or software tools that monitor networks, hosts, or applications for unauthorized activity.
IDS is classifid based on the way they detect attacks:
* Signature-based IDS: It works like antivirus systems. They have a database of signatures that might signal an attack and compare incoming traffic to those signature. This method works well until a new attack is performed that does not match any attack signature.
* Anomaly-based IDS: usually work by determining the normal kinds of traffic and activity taking place on the network. Then they measure the present traffic against this baseline in order to detect patterns that aren’t present in the traffic normally.
Virtual Private Network
Virtual private networks can help with sending sensitive data over insecure networks. Often called a tunnel, a VPN connection is an encrypted connection between two points.
A connection is usually created using a VPN client application on one end and a device called VPN concentrator on the other end– a client and server in simple temrs.
Two common wireless protection encryption
Wired Equivalent Privacy(WEP) and Wi-Fi Protected Access(WPA, WPA2, and WPA3).
Scanners
are hardware and software tools that enable you to interrogate devices and networks for information. You can divide them into two categories: Port scanners & vulnerability scanners.
In network security, people use scanners as tools for discovering the networks and systems in an environment. One of them is called Nmap which is short for network mapper. Although it is considered as port scanner, it can search for hosts on a network, identify operating systems that those hosts are running and detect the versions of the services running on any open ports.
Packet Sniffers
A network or protocol analyzer also known as packet sniffer or plain sniffer is a tool that can intercept(or sniff) traffic on a network.
To use the sniffer, you need to place it on a network in a position that allows you to see the traffic you’d like to sniff.
One exaple of packet sniffer is Wireshark which is a fully featured sniffer capable of intercepting traffic of wireed and wireless sources. There are hardware packet sniffers as well such as OptiView Portable Network Analyzer from Fluke Networks but they are expensive.
Honeypots
A system that can detect, monitor, and sometimes tamper with the activities of an attacker. You can customize it to deliberately display fake vulnerabilities or materials that make the system more attractive to the attacker such as intentionally insecure service, or unpatched operating system.
You can create a network of honeypots called honeynets.
Honeynets can be very useful for understanding malware activity on a large scale since you can reproduce a variety of operating systems and vulnerabilities.
