Section 12 - Perimeter Security Flashcards
When we discuss perimeter security, we’re focused on the…?
outer layer of our defense-in-depth posture for our networks.
This is the boundary where we segment our LAN from the WAN and fro the Internet at large.
These are primarily used to section off and protect one network from another.
Firewall
What are the three main types of firewalls?
Software-based
Hardware-based
Embedded firewalls
These firewalls run as a piece of software on a host or a server.
Software-based
These firewalls are a standalone device that’s actually an appliance that’s installed on your network.
Hardware-based
*** It looks like another switch or another router that goes into your network stack.
These firewalls work as a single function out of many on a single device. It’s one piece of the larger device that does many different functions.
Embedded firewall
This is going to inspect each packet as it passes through the firewall, and it’ll accept it or reject it based on the rules that it’s been given.
Packet Filtering
** This relies on the firewall’s configuration and the access control list that’s been installed.
What are the two types of packet filtering?
Stateless
Stateful
This type of packet filtering is going to accept or reject packets based on the IP address and the port number that was requested.
stateless packet filtering
*** So if you’re running a web server and you requested to come in on port 80, it would allow that. However, if you requested to come in on port 53 it would be denied because that port is not on the ACL.
This type of packet filtering is going to keep track of requests that leave through the firewall.
Stateful packet filtering
*** So, if I make a request from a host through the firewall, it will temporarily open up a port number that I made the request from, some random high port number like 50,000 or 56,000.
By using __ __ __, you can almost entirely eliminate IP spoofing as a threat because the firewall is going to inspect the header of each packet being received. It’s then going to compare that against what it was expecting based on the request that recently went out, and then, it’s going to make its accept or reject decisions based on this additional information.
stateful packet inspection
This is going to filter traffic according to the port, whether it’s a TCP or UDP port.
NAT filtering
*** This can be done by matching the incoming traffic to the requesting IP, and by matching the incoming traffic to the requesting IP address and port.
This is going to apply security mechanisms to specific applications such as FDP or Telnet.
Instead of blocking traffic based on the Telnet port instead it’s going to inspect each packet an determine which application it was meant for, and if it finds out that it was meant for Telnet, it would block it because that was unauthorized.
ALG
Application-Layer Gateway
AKA - Layer 7 Firewalls
This works at the session layer of the OSI model and applies security mechanisms when a TCP or UDP connection is first established. Once that connection is established, the packets can then be sent or received without any further inspection or checks because all of that was done during the session establishment.
Circuit-level Gateway
This is going to filter out computers and prevent them from accessing beyond the firewall based on their MAC addresses.
MAC Filtering
*** This is used as part of your local area network before it gets out into the routing and layer 3 logical addresses that go out beyond the network.
In an ___ ___ ___, you can either explicitly allow, explicitly deny, or implicitly deny traffic that’s sent or received through the firewall.
access control list
When I talk about explicit allow, this means…?
That traffic should be allowed to enter or leave the network because the rule allows for it to happen
When I talk about explicit deny, this means…?
That traffic should not be allowed to enter or leave the network because this rule says so.
Most newer firewalls are set to ___ ___ by default now.
implicitly deny
*** This means that the ACL assumes if it’s not on the explicit allow it will deny access.
This is installed on a server in your environment and it provides traffic control in the data that’s being sent to and from your web applications.
WAF
Web Application Firewall
*** These are useful in helping to mitigate threats like cross-site scripting and SQL injection attacks because these web application firewalls are designed to specifically look for these type of threats and block them.
This is a device that acts as a middle man for your clients.
Proxy servers
*** For example, if you’re at work and you wanted to connect to diontraining.com, your work computer’s likely going to go from itself to a proxy server within your company’s LAN. And then, that proxy server makes the connection to Dion Training to get the information that you requested. And then it will hand it back to you. This middle man approach allows the company to log everything that’s being requested, who made them, and to filter out things they don’t want you to access.
What are the four different types of proxies in use today?
- IP Proxy
- Caching Proxy
- Content Filter
- Web Security Gateways
This proxy is used to secure a network by keeping machines behind it anonymous.
IP Proxy
*** This makes it to where the server doesn’t know know what particular computer is actually connected to it from your network. All the server can see is the proxy itself. This is because your proxy is using NAT to translate your request from your machine into a request from the proxy.
This proxy is used to attempt to serve clients requests without actually connecting to the remote server each time.
Caching Proxy
*** Let’s say that you went to my website at diontraining.com, and then your coworker, five minutes later, tried to go to diontraining.com, just like you did. Well, the proxy, if it’s using a cache, is going to be able to keep a copy of my webpage from the first time it fulfilled your request. Then, when your coworker requested it, it would simply give it from its cache instead of going and getting a new copy from my site. This will allow your company to save on bandwidth costs, and increase the speed of delivery for your coworker, because it already has it locally, inside your network.