Belanger Ch 10 - Networks and Telecommunications
Screened subnet
A firewall device that has three NICs. One NIC connects to the internet, the second NIC connects to the internal network, and the third NIC connects to the DMZ
Unified threat management (UTM)
A firewall or gateway that attempts to bundle multiple security functions into a single physical or logical device.
Point-to-Point Tunneling Protocol (PPTP)
A protocol that works with PPP to provide a secure data link between computers using encryption.
Network access control
An approach to endpoint security that involves monitoring and remediating endpoint security issues before allowing an object to connect to a network. Authentication: Extensible authentication protocol (EAP) or PEAP (Protected EAP) Posture checking: checks computer configuration to ensure it meets standards
Wide area networks (WAN)
Connect systems over a large geographic area
Wireless access points (WAPs)
Connection between a wired and wireless network
Network security risks
Denial of service (DoS) Distributed DOS (DDoS) Telephony denial of service (TDoS)
Network seperation
Filtering rules enforce division between networks, keeping traffic from moving from one network to another
Basic network security defense tools
Firewalls VPN/remote access Network access control (NAC)
Loop protection
Firewalls can look at message addresses to determine whetehr a message is being sent around an unending loop
Common ports
HTTP - 80 Simple mail transfer protocol - 25 FTP data transfer - 20 DNS domain name system - 53
IPv4 vs IPv6
IPv4: 32-bit number: 4 billion addresses; four sets of numbers marked off by periods IPv6: 128-bit addresses, able to handle up to 1 quadrillion addresses; almost unlimited # of addresses
Open Systems Interconnection Reference Model (OSI)
Layer 7 Application - User interface 6 - Presentation - Data format; encryption 5 - Session - Process to process communication 4 - Transport - End to end communication maintenance (MESSAGES) 3 - network - routing datal logical addressing; WAN delivery (PACKETS) 2 - data link - physical adressing lan delivery (FRAMES) 1 - Physical - Signaling (BITS)
Multilayered firewalls
Multilayered firewalls are useful when you have networks with different security levels. Users working on a security project may connect to subnet B whereas executives may connect to subnet c. General users may connect to a different subnet Essentially additional firewalls separate the first firewall protected subnet from deeper, more secure subnets
Application layer firewall
On dedicated computer; proxy server Often in DMZ (higher levels of risk from less trusted networks) Specific purpose - additional filtering routers needed for further protection
Firewalls
Processing modes: Packet filtering Stateful inspection Application layer proxy
Local Arean Networks (LAN)
Provide network connectivity for computers locates in a same geographic ara
Is a device that interconnects two or more networks and selectively interchanged packets of data between them
Router
Flood guard
Rules can limit traffic bandwith from hosts, reducing ability for any one host to flood a network
Which VPN technology allows users to initial connections over the web? SSL PPTP IPSec ICMP
SSL
What firewall topology supports the implementation of a DMZ? Bastion host Multilayered firewall Border firewall screened subnet
Screen subnet (also the most common firewall topology)
Secure Sockets Layer (SSL)
Secure sockets layer encrypts web communications and many VPNs use SSL to provide encrypted communication. Users connect to an SSL protected webpage and log on. Web browser then downloads software that connects them to the VPN. Very popular as it requires no advance configuration of the system
Firewall filtering types
Static filtering: filtering rules within firewall Dynamic filtering: can react to an emergent event and update or create rules to deal with that event Stateful packet inspection: keep track of eachnetwork connection between internal and external systems using a state table
Is a suite of protocols that was developed by the DOD to provide a highly reliable and fault tolerant network infrastructure DHCP VPN PPPoE TCP/IP
TCP/IP
UTM Devices Examples
URL Filter - filters web traffic by examining the URL as opposed to the IP address Content Inspection - The device looks at some or all network packet content to determine if the packet should be allowed to pass. This type of inspection can help identify malicious content from trusted sources Malware inspection - a specialized form of content inspection, the device looks at packet content for signs of malware
Wireless network securit controls
VPN over wireless Wireless encryption -WEP -Counter mode cipher block chaining message authentication code protocol -Wi-Fi protected access (WPA) SSID broadcast MAC address filtering
What technology is the most secure way to encrypt wireless communications? TCP WEP WPA UDP
WPA
Border firewall
a firewall that seperates the closed or secure network from external or public networks such as the internet
VPN (Virtual Private Network)
a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network
Ping
sends a single packet to target IP address (ICMP echo request)
IPSec
suite of protocols designed to connect sites securely. Require install of third party software on the users system and is not popular.
Traceroute
uses ICMP echo request packets to identify path that packets travel through a network