Security Architecture 3 Flashcards
What is Device Placement?
Describes the network infrastructure of an organization
* Depending on individual needs
* Firewalls, Honeypots, jump server, load balancer
What are Security Zones?
Structuring the network design based on different zones
* Trusted / Untrusted
* Internal / External
What is Connectivity and how can it be securely achieved?
Describes an organizations connection to the internet
Achieved by:
* Secure network cabelling
* Application Level Encrypption
* Network Level Encryption: IPsec tunnels, VPN
What are failure modes?
If security fails Device fails, how should it behave?
Fail-Closed
* Block all traffic passing
Fail-Open
* Allow all traffic
Name device attributes
Active / Passive
* Does device needs power or not
Inline
* Network traffic passes through security device that actively inspects and takes actions based on defined rules
Tap/Monitor
* Passive
* Does not participate in traffic flow
* Copying and forwarding of traffic for further analysis
What is a Proxy and what types?
Server handling communication between devices by:
* Accepting and forwarding requests
* Filer and modify traffic
* Access restrictions by IP
Forward Proxies
* Between client and server
* inside of own network
* protects traffic to internet
Reverse Proxy
* Places between server and client
* Help with load balancing and caching of content
Open Proxies
* Third party, uncoltrolled
* Security risk often blocked by organizations
Explain the types of load balancers
Active / Active
* All servers are connected and ready to use
* TCP offload
* SSL offload
* Caching
* Priorization
* Content switching
Active / Passive
* Some servers are passive or on standby in case active server fail
Explain components of port security and its two main components
EAP - Extensible Authentication Protocol
* Protocol to securely identify and allow devices on a network
* Supports various identification methods
EAP Integrates with 802.1X
802.1X
* Standart that prevents access to the network until authentication succeeds
What is a network-based firewall?
Network-based Firewall
* Filter traffic by port number or application
* Traditional Firewalls controlled traffic via TCP/UDP number on Layer 4
* Modern Firewalls are based which application is used on Layer 7
* Encrypt traffic - VPN between sites
UTM / Web security gateway
Unified Threat Management
Handles many different services:
* URL filter / Content inspection
* Malware Inspection
* Spam filter
* CSU / DSU
* Router, switch
* IDS / IPS
* VPN Endpoint
* Firewall
Disadvantages
* Only operates on layer 4
* Performances drawbacks due to many fucntions
NGFW
Next Generation Firewall
* Operate on Layer 7
* Controls traffic flow based on applications
* Full decode of packet information
* Content filtering
WAF
Web Application Firewall
* Applies to rules of HTTPS/HTTP traffic
* Allow or deny based on expected input
* SQL injection prevention