Terms 1.1 Flashcards
Firewalls
Designed to isolate one network from another, it can be hardware or software, can be a standalone device or integrated into other devices like routers and switches. Typically used to block or liimit outside traffic from entering a network. Can also be placed internally to semgent one area from another, such as Accounting & Finance from the rest of the network.
Routers
Connect different networks together and “routes” traffic between them. Decides whether to kepp traffic local or route to remote network based on source and destination addresses. Can be static or dynamically configured, dynamic routers talk to each other to communicate various routes.
Switches
Multiport connectivity devices that improve network efficiency. Switches differ from hubs, because they read MAC addresses and only send information to the correct port instead of all ports. Used on internal networks and do not provide routing functionality. Exception are layer 3 switches.
Load Balancers
Dynamically balance the load between devices. Typically servers, can be hardware or software based. In a web server enviornment it will choose the best performing server at that moment to send the load to.
Web security gateways
Proxy server with advanced features, virus scanning, prevent connections to inappropiate sites such as P2P or file-sharing sites like Dropbox, Box.net, also provides DLP(Data loss Prevention) which can analyze traffic for social security numbers or credit card numbers. Can block ActiveX controls Java applets, 3rd part cookies. Enables granular access to websites, like allowing access to Linkedin but not allowing you to job search
VPN concentrators
Creates a private network across a public network. VPN Security comes from tunneling protocol (I.e. PTTP) and encryption method (IPSec). Many VPN’s use two factor authentication.
Packet filtering
Allows or blocks traffic based on port (Web traffic comes on port 80 or port 21 for FTP: No intelligence but easy to set up
Proxy Firewall
Dual homed, meaning two network interfaces. Segments internal users from outside world. Masks IP address using NAT. Cache requests to improve speed.
Stateful Packet Inspection Firewalls(SPI)
Examines packet and keeps packet table of every communication channel, tracks entire conversation. Only allows packets from a known active connection. Vulnerable to attack by overloading the State table.
Web Application Firewall(WAF) OSI Layer 7 (Application)
Designed with granluar rules specifically to analyze traffic to web servers and prevent typical attacks. SQL injection attacks, XSS(Cross-site-scripting), Forged HTTP requests
Routing Protocols (4)
RIP-Routing Information Protocol, OSPF-Open Shortest Path First, EIGRP-Enhanced Interior Gateway Routing Protocol, BGP-Border Gateway Protocol
VPN Tunneling Protocols (3)
L2TP (Layer 2 Tunneling protocol), PPTP(Point to Point Tunneling Protocol), IPSec(IP Security)
NIDS & NIPS
Network Intrusion Detection System, Network Intrusion Prevention System
Active or Passive. Active systems take action when malicious activity is detected. Passive systems just record activity.
IDS vs IPS
IDS-Been around awhile fairly common and easy to set up. Allows for reactive response.
IPS-Newer platform. Enables prevention (Blocking IP’s, Resetting TCP Connections)
False positives could affect legitimate traffic.
Four approaches to IDS
Behavior-based, Signature based, Anomaly detection, heuristic IDS
Behavior based IDS
Variation in behavior, increased traffic, policy violations
Signature based IDS
Uses attack signatures
Anomaly Detection IDS
Learns what is normal then looks for deviations from the baseline
Heuristic IDS
Utilizes algorithms to analyze traffic as it passes through