Week 12 - Firewalls, Honeypots, IDS & IPS Flashcards
What is a Firewall?
First line of defense against attacks
* Protects internal network users from external threats
* Composed of software, hardware and both
* Resides between two or more networks
* Controls the traffic between networks: block or allow traffic access
* Helps prevent unauthorized access
* Types: Host-based and network-based
* Popular: Palo Alto, Juniper, CISCO
Firewalls benefits
Defines a single choke point
* Provides a location for monitoring security events
* Can serve as platform for VPN end point
Firewalls cons
Attacks at the application layer may sneak through
* May not protect fully against internal threats
* Improperly secured wireless LAN can be accessed from outside the organization
* Laptop, phone, or USB drive may be infected outside the corporate network then
used internally
Firewall operations
List of Firewall rules is called Access Control List
* Rules can allow/block traffic based on:
* Source IP address
* Destination IP address
* Source Port
* Destination Port
* Protocol
Firewall types
- Packet Filtering accepts/rejects packets based on protocol headers
- Application Proxy relay for application traffic
- Circuit-level Proxy relay for transport connections
- Stateful Packet Inspection adds state information on what happened previously to packet filtering firewall
Packet filtering Firewalls advantages
Simplicity
Transparent to users
Very fast
Packet filtering Firewalls advantages
Simplicity
Transparent to users
Very fast
Packet filtering firewall disadvantages
Limited logging functionality
Does not support advanced user authentication
Vulnerable to attacks on TCP/IP protocol bugs
Where are firewalls located?
Can be located on hosts: end users computers and servers
