Module 12 - Network Security Infrastructure
Application gateway firewall (proxy firewall)
- A firewall that filters information at Layers 3, 4, 5, and 7 of the OSI reference model. Most of the firewall control and filtering is done in software. -Proxy firewalls filter traffic through the application layer of the TPC/IP model and shield client information by connecting to remote servers on behalf of clients.
Cisco Advanced Malware Protection (AMP)
-A Cisco malware analysis and protection solution that goes beyond point-in-time detection and provides comprehensive protection for organizations across the full attack continuum: before, during, and after an attack. -Uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.
NetFlow
-Cisco IOS technology that provides statistics on packets flowing through a Cisco router or multilayer switch -provides data to enable network and security monitoring, network planning, traffic analysis to include identification of network bottlenecks, and IP accounting for billing purposes
zone
-Group of one or more interfaces that have similar functions or features -The only exception to this default deny any policy is the router self zone
Next-generation firewalls (NGFW)
-Integrated intrusion prevention -Application awareness and control to see and block risky apps -Upgrade paths to include future information feeds -Techniques to address evolving security threats
SNMP system consists of two elements
-SNMP manager that runs SNMP management software. -SNMP agents which are the nodes being monitored and managed.
NTP servers are arranged in three levels known as strata:
-Stratum 0 - An NTP network gets the time from authoritative time sources. These authoritative time sources, also referred to as stratum 0 devices, are high-precision timekeeping devices assumed to be accurate and with little or no delay associated with them. -Stratum 1 - The stratum 1 devices are directly connected to the authoritative time sources. They act as the primary network time standard. -Stratum 2 and lower strata - The stratum 2 servers are connected to stratum 1 devices through network connections. Stratum 2 devices, such as NTP clients, synchronize their time using the NTP packets from stratum 1 servers. They could also act as servers for stratum 3 devices.
IPsec
-a suite of protocols developed with the backing of the IETF to achieve secure services over IP packet-switched networks -authentication, integrity, access control, and confidentiality
Distribution Layer
-aggregates access layers and provides connectivity to services -commonly provides policy-based connectivity which permits or denies traffic based on predefined parameters -acts as a control boundary between the access and core layers.
Three types of F/W
1. Private and public 2. DMZ 3. Zone-based policy (ZPF)
syslog logging service provides three primary functions:
1. The ability to gather logging information for monitoring and troubleshooting 2. The ability to select the type of logging information that is captured 3. The ability to specify the destination of captured syslog messages
Cisco Email Security Appliance (ESA)
A Cisco solution that enables users to communicate securely via email and helps organizations combat email security threats with a multilayered approach across the attack continuum.
Host-based (server and personal) firewall
A PC or server with firewall software running on it.
Hybrid firewall
A combination of the various firewall types. For example, an application inspection firewall combines a stateful firewall with an application gateway firewall.
Generic Routing Encapsulation (GRE)
A tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets.
Cisco Web Security Appliance (WSA)
An all-in-one web gateway that includes a wide variety of protections that can block hidden malware from both suspicious and legitimate websites.
Transparent firewall
Filters IP traffic between a pair of bridged interfaces.
How is a source IP address used in a standard ACL?
It is the criterion that is used to filter traffic
traps
SNMP agents can forward information directly to a network manager
Cisco Cloud Web Security (CWS)
cloud-based security service that uses web proxies in the Cisco cloud environment to scan traffic for malware and policy enforcement
Management Information Base (MIB)
database on the agents that stores data and operational statistics about the device
stratum level
defined as the number of hop counts from the authoritative source
Which two pieces of information should be included in a logical topology diagram of a network?
interface identifier and connection type
Stateful firewalls
provide stateful packet filtering by using connection information maintained in a state table; lso analyzes traffic at OSI Layer 4 and Layer 5
Core Layer
provides connectivity between distribution layers for large LAN environments
Access Layer
provides endpoints and users direct access to the network
firewall
system, or group of systems, that enforces an access control policy between networks
Packet filtering firewalls (stateless)
usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4; simple policy table look-up that filters traffic based on specific criteria