Security Operations 4.5 Flashcards
Given a scenario, modify enterprise capabilities to enhance security
Firewall
Filter traffic by port number or application.
Traditional - filter by port number
NGFW - Filter by application.
Encrypt traffic - VPN between sites.
Most firewalls can be layer 3 devices. Often sits on the ingress.egress of the network.
NGFW
Most advance firewall which sits at the top of the OSI model - application layer
Layer 7 firewall.
Performs deep-packet inspection adding application level inspection as a core feature.
Ports and Protocols
Traditional firewall which makes forwarding decisions based on TCP or UDP port numbers.
They either allow or disallow traffic based on destination protocol and port.
What is the the ingress egress of the network?
The point that separates the internet from the internal part of the internet.
Screened subnet
Commonly holds data that needs to be accessed by people on the internet. But keeps private data separate on the internal network.
IPS
Intrusion prevention system
Host based firewalls
Monitor traffic going in and out of a single host.
Network based firewall
Protect an entire network
Stateless firewall
Uses rules implemented in ACL’s to identify allowed and blocked traffic. Rules are based on
- Permission
- Protocol
- Source
-Port or protocol
Stateful Firewalls
Inspects traffic and makes decisions based on the traffic context or state.
Layer 4 firewalls
Operate on the transport model of the OSI model. They inspect traffic and make decisions based on the traffic context or state.
Web application firewall
Specfically designed to protect a web application. A web server hosts the web application, and the WAF is place between the web server and web server clients.
Level 7
URL Scanning.
Allow or restrict based on Uniform resource location.
Agent Based
Installed on client software on the user’s device. Usually managed from a central console.
Proxies
Sit between the users and the external network. Control of traffic managed through the proxy.
The proxy makes requests on behalf of the user. The proxy makes a decision based on what it receives on whether it wants to pass that response onto the end user.
Forward Proxy
The user and the proxy are internal network of the organisation.
Block Rules
Based on specific URL or Category of content.
Different Dispositions - different rules for different types of website. EG block gambling, send alert if home and garden.
Reputation
Filter URL’s based on perceived risk based on the reputation of the website.
DNS filtering
Before connecting to a website, it get the iP address and performs a DNS look up.
Harmful sites are not provided.
Operating system Security - Group Policy
Configuration management tool.
Security Enhanced Linux
Security patches added to the Linux kernel which allow for enhanced security.
The patches give the central access control discretion over rights and permissions used in the Linux Operator as opposed to the individual user.
MAC - Mandatory access control
DAC - Discretionary Access Control.
Secure Protocols - protocol selection
Make sure that when you an application you are not using insecure protocols which do not contain encryption.
Telnet - SSH
HTTP - HTTPS
IMAP - IMAPS
FTP - SFTP
Port number Selection
you can tell whether an application secure of insecure based on the port number its using.
Port 80 - HTTP (Sent in the clear).
Port 443 HTTPS (Encrypted)
Port number usage does not guarantee security
Transport Method
Transport method impacts security because. If transport is Open access - there is no transport level encryption
WPA3: All user data is encrypted.
VPN - Encrypted. Good choice for data transfer.