Securing & Supporting the Network Flashcards
Firewall
Filters (permits or denies) traffic based on a set of criteria
Rules created for inbound and outbound connections
Network Based or Host-Based
Network Based Firewall
Physical hardware on the edge of the network
Usually also a router or just in line filter
Usually capable of NAT (Network Address Translation) because they’re internet facing devices
Host-Based Firewall
Software on a computer like Windows Firewall
Controls which applications and ports are allowed to talk inbound and outbound on an individual workstation or host computer
Dedicated Network Firewalls
Can provide multiple security services
Firewalling, VPN services, Anti-Malware, Content Filtering
Usually for corporate environments
This is called UTM (Unified Threat Management)
UTM
Unified Threat Management
A device that provides multiple security services like Firewalling, VPN services, Anti-Malware, Content Filtering
ACL
Access Control List
Used on routers and firewalls to create a list of rules for permitting and denying traffic. Can define the protocol such as IP, Source network, destination network, and the TCP/UDP port # for matching traffic
Stateless Firewall
Employs only Access Control Lists to control inbound and outbound traffic
Modern Firewalls are both stateful and stateless because they use ACLs and also keep track of connections
Stateful Firewall
Keeps track of connections and can allow return traffic as long as it was first generated from inside the network
Modern Firewalls are both stateful and stateless because they use ACLs and also keep track of connections
Deep Packet Inspection
Advanced Firewalls are capable of inspecting the contents of packets
Allows a firewall to determine the context of the connection (what it’s really doing) “What is the purpose of this traffic?”
Application Aware Firewall
AKA Context Aware Firewall
Can understand what devices, and what services and applications, the packets are for
Makes Network Based anti-malware possible
Decisions can be made on what is deep inside the packets rather than just where its coming from and where it’s going
Context Aware Firewall
AKA Application Aware Firewall
Can understand what devices, and what services and applications, the packets are for
Makes Network Based anti-malware possible
Decisions can be made on what is deep inside the packets rather than just where its coming from and where it’s going
VPN
Virtual Private Network
Establishes a private network connection over public networks and incorporates encryption to protect the tunnels between two end points
Normally incorporates encryption to protect the VPN tunnel
Host to Host VPN
Site to Site VPN
VPN Concentrator
Virtual Private Network Concentrator
A vpn concentrator is a device that is dedicated to handling large amounts of VPN connections. Most of the time the firewall also acts as a VPN Concentrator, but it could be a separate device
VPN Protocols
PPTP (Point-to-Point Tunneling Protocol)
GRE Tunnel (Generic Routing Encapsulation Tunnel)
IPSec (Internet Protocol Security)
SSL VPN (Secure Sockets Layer VPN)
PPTP
Point-to-Point Tunneling Protocol)
VPN Protocol
Uses PPP for authentication and modified GRE (Generic Routing Encapsulation) for the tunnel. No inherent encryption, unsecure, mostly obsolete
GRE Tunnel
Generic Routing Encapsulation Tunnel
VPN Protocol
Used with routers to create a generic tunnel. In combination with IPSec (Internet Protocol Security) to create an encrypted VPN Tunnel
IPSec
Internet Protocol Security
VPN Protocol
Provides a method for authentication and negotiation of crypto keys. Uses IKE (Internet Key Exchange) to negotiate the key and ISAKMP (Internet Security Association and Key Management Protocol) for key exchange
Authentication Algorithms: HMAC-MD5, HMAC-SHA-1
Encrypted Algorithms: DES, 2DES, Blowfish, AES
SSL VPN
Secure Socket Layer Virtual Private Network
Uses SSL to establish VPN connectivity. For host to site VPN. A web browser can be used to connect the VPN which is easier for VPN users.
NOT for site to site
Network Segmentation
An architecture that divides a network into smaller sections or subnets
DMZ
Demilitarized Zone
Private network that sits between a private LAN and the public internet
Used to expose webservers and other servers to the public internet without exposing the private LAN to the internet
If a machine on the DMZ becomes compromised the attacker will not have access to the LAN
Web servers place on the DMZ server with port 80 open from the outside to the DMZ only
Honey Pot
a host that is exposed or partially exposed to invite attacks while monitoring and collecting information
Honey Net
an entire network that is made to seem like a live production environment with weak security that invites attacks for monitoring purposes
Testing Lab
Separated from the production network
Useful for :
Testing patches and updates before deploying to the production network
Test new/different hardware/software set ups
Test fixes to complex problems
Train others on lab equipment without interfering with the production network
VLANs
Virtual Local Area Networks
Used for applying segmentation across the entire network and implement security in different ways for each VLAN
Can set up ACL that apply to each VLAN Gateway