Network Zoning Flashcards
Network Zoning - broad premises:
- serves to protect the user
- every household in a system has a network zone
- a demilitarized zone acts as a bumper. This sort of zone is prescribed to your router
- it’s often difficult to define malicious vs. non-malicious to a firewall
- mechanisms are put in place to actively analyze network traffic to identify malicious behavior
- In order to properly define whether or not an action should be recognized as malicious, the firewall must be aware of the IP address(es) of the sender(s)/recipient(s) to identify whether or not they have the permissions to commit their current action
- Firewall must be aware of all IP addresses w/in their system - user devices, non-user devices, servers, IOT devices, etc.
- You can apply a gateway to a single zone and apply all traffic permissions of that zone to the source IP of that gateway (ex. the zones router)
- Generally, when you have an IP address for the purpose of crafting firewall rules, that IP address is that of the device’s interface, not the device itself
- You also need a list of interfaces because one device can have multiple interfaces, and as such, can have multiple IP addresses
- ## Maintenance interfaces can pretty frequently have huge potential for security risks; it’s a really good idea to limit physical access to maintenance interfaces as much as possible for that reason
What does network zoning do?
Pretty much as the name suggests, network zoning creates zones w/in a network that have varying levels of access/permissions w/in the network (or even outside of it in some instances).
Think of a firewall as a traffic cop at an intersection.
Anything entering or exiting the firewall’s prescribed server(s) must either break through or be approved by the firewall.
firewall router -> runs firewall software -> controls data traffic
Creating networks zones allows a firewall to identify which groups of people should have access to which sets of data, as well as processes they should have access to and so on
Security AND practicality
Not every single user is going to have an exact set of permissions only contributed to them. Instead they will be placed in a group of individuals with SIMILAR access permissions. Their individuality must be taken away, they will be absorbed by the hive mind.
Properties of a security zone are:
- Active security policies for the network traffic
- Detection and blocking of malicious traffic
- List of known IP addresses and address sets
- List of the zone interfaces
How do you enforce policies through a firewall ?
You’d have to create a firewall rule. This’d be useful for blocking certain domains and such. You’d code it, issue out your commands, and configure the firewall.