Security Architecture: Network Appliances Flashcards
List all the network appliances that is used today?
Jump servers.
Proxy servers.
Intrusion prevention system (IPS) and intrusion detection system (IDS).
Load balancers.
Sensors.
What is a jump server?
Jump servers
Also known as a jump host or bastion host, jump servers are a pivotal component in network-security architecture. They serve as an intermediary access point between different security zones, typically within a secure network and an external network, such as the internet. This isolated and highly secured server acts as a gateway for administrators and authorized users to access sensitive systems and resources residing in protected areas.
Very reduced attack surface.
Does only one particular task to minimize vulnerabilities
What is a proxy server?
Proxy servers
A proxy server functions as an intermediary between client devices and other servers on the internet. When a client sends a request for a resource, the proxy server intercepts the request and forwards it to the destination server. This setup provides several benefits, including enhanced privacy, security, and performance optimization.
Proxy servers can mask the identity and location of the original requester, adding a layer of anonymity.
Proxy servers were used as a firewall
Mostly known for a intermediate to access web pages on behalf of the host
Netflix in the UK
Forward Proxy meaning eg Attempting to access acilearning.com Proxy server uses that request validates that it is from the destination source and then forwards it back to the host (can content filter also)
A reverse Proxy is when you go directly to acilearning.com and then goes through to Proxy on retrieval back to the host
Caching capabilities – How fresh or how stale can you take your content – When the info is constantly changing proxy server will be in tune dump that info.
White list and black/list - Include and exclude – Type of filtering system
What is IPS and IDS?
IPS and IDS
An intrusion prevention system (IPS) device is a crucial element of modern cybersecurity architecture designed to actively identify, prevent, and respond to unauthorized or malicious activities within a network environment.
Positioned strategically within the network, an IPS device constantly monitors incoming and outgoing traffic, analyzing it for patterns and signatures indicative of known attacks, vulnerabilities, or suspicious behavior. Upon detection, an IPS can take immediate action to block, quarantine, or alert administrators about the potential threat, thereby helping prevent cyber attacks, data breaches, or other security incidents.
An intrusion detection system (IDS) can identify that an attack is taking place and notify you, but doesn’t take action to mitigate an attack like an IPS.
Note: Many devices today have both IPS and IDS capabilities.
IDS – passive
IPS – active
Most will do at least three methodologies
Static definition – here is the parameters of attacks I just learned; Look for this in incoming traffic – Can stop or alarm
Signature based detections – Appliance will reach out to a data base with the known attacks that will continuously update on new attacks – Can stop or alarm
AI base definition – Machine will recognize the patterns of packets and behaviors through communication. Over time the machine will learn it and if there are any anomalies in the patterns it will stop it.
Lots of false positives and it will take a while sync in:
True Positives
False Negatives
True Negatives
What is a load balancer?
Load balancers
A load balancer is a pivotal networking component that’s vital for distributing incoming network traffic across multiple servers or resources. Its primary objective is to optimize the utilization of available resources, enhance performance, and ensure high availability of applications or services. A load balancer helps prevent any single server from being overwhelmed by evenly distributing incoming requests. This helps mitigate the risk of downtime or performance bottlenecks.
Key element is to make sure all traffic are still going through security check points (not by-passing)
Types of load balancing:
Round Robin: Send first request to the first, Send next data to the second, send next to third etc
Weighted: One is busy lets send it to the next available server
Random: Is Random
What are sensors?
Sensors
A sensor in a network is a specialized device or software component designed to collect and monitor various types of data and activities within the network environment. Acting as an observant node, sensors continuously gather information about network traffic, user behavior, system performance, and potential security threats. This data is then analyzed and processed to provide insights into the network’s overall health, usage patterns, and potential vulnerabilities.
Sensors play a crucial role in enhancing network management, security, and optimization by enabling real-time detection of anomalies, breaches, or unusual behavior.
