Network Defense Ch 9 and 10

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

firewall appliances

hardware devices with firewall functionality

screened host

A dual-homed host in which one interface is connected to an internal network and the other interface is connected to a router to an untrusted network.

NAT Steps

used to protect internal clients from direct access by untrusted, external hosts and to decrease the need for public IP addresses. By using the private IP address ranges as specified in RFC 1918, organizations can purchase only the public interface needed to support a large number of freely usable private IP addresses. The two main types of NAT are one-to-one, which has a direct mapping between an internal and external interface, and many-to-one, in which a large number of private addresses are mapped to a single external interface. The latter is performed by mapping TCP and UDP port addresses on the source and destination fields in the packet headers.

stateful packet filters

Filters that are similar to stateless packet filters, except that they also determine whether to allow or block packets based on information about current connection

DMZ with Multiple Firewalls

-One firewall can control traffic between the DMZ and the Internet, and the other can control traffic between the protected network and the DMZ -The second firewall can serve as a failover firewall, which is a backup that can be configured to switch on if the first one fails, thus ensuring uninterrupted service

Multiple Firewalls

-can be used when need multiple DMZs -can provide load balancing -fault tolerance -can be used when company has branched offices

Firewall

-is hardware or software that can be configured to block unauthorized access to a network -can be a combination of software and hardware components -can refer to all devices positioned on the network perimeter, whether hardware or software based

Effective Firewall Rule Base

-should be based on the organization's security policy, provide rules for how applications can access the Internet, and be as simple and short as possible. -should also restrict access to ports and subnets on the internal network from the Internet, and it should control Internet services.

proxy server

-software that forwards network packets and caches Web pages to speed up network performance -originally designed to improve web access performance and Network Address Translation tasks and web caching

three-pronged firewall

A firewall with separate interfaces connected to an untrusted network, a semitrusted network, and a trusted network

cleanup rule

A packet-filtering rule that comes last in a rule base and covers any packets that have not been covered by preceding rules.

many-to-one NAT

A process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts. Many-to-one NAT is also called Port Address Translation.

firewall policy

An addition to a security policy that describes how firewalls should handle application traffic, such as Web or e-mail applications.

stateless packet filters

Simple filters that determine whether to allow or block packets based on information in protocol headers.

load-balancing software

Software that prioritizes and schedules requests and then distributes them to servers in a server cluster based on each server's current load and processing power.

socket

The end point of a computer-to-computer connection defined by an IP address and port address.

one-to-one NAT

The process of mapping one internal IP address to one external IP address

NAT- Network Address Translation

The repackaging of packets so that internal IP addresses are stripped from requests to an untrusted network like the Internet.

failover firewall

a backup firewall that is configured to switch on if the current firewall fails

dual-homed host

a computer configured with more than one network interface

security workstation

a computer dedicated to providing firewall policies

reverse firewall

a device that filters outgoing connections

state table

a file maintained by stateful packet filters that contains a record of all current connections

server farm

a group of servers connected in a subnet that work together to receive requests

screening router

a router placed between an untrusted network and an internal network

Firewall effective location based on:

amount of traffic that must be filtered, the level of security needed, and the types of assets being protected

Hardware firewalls

appliances more expensive but can handle more traffic

Bastion hosts

are computers such as Web servers, e-mail servers, and proxy servers that are accessible to untrusted clients. Bastion hosts should be configured for maxi- mum security

Major advantage of DMZ with multiple firewalls

can control traffic in the three networks you are dealing with; the external network outside the DMZ, the external network within the DMZ, and the internal network behind the DMZ. You can identify certain protocols, such as outbound HTTP port 80, that should go to the external network within the DMZ, and you can allow other protocols to pass through to the internal network.

Software firewalls

come in many varieties, including freeware, shareware, and commercial enterprise applications.

Stateless firewalls

filter traffic based on basic parameters such as protocol or IP address, but they are much less secure than these that maintain state tables. State tables are records of connections that enable the firewall to make filtering decisions based on whether a trusted computer initiated a session or whether an unknown host outside the company network is trying to establish a connection.

Strong Network Security encompasses:

firewalls, IDPSs, antivirus software. access control and auditing

Goals of Proxy Servers

speeding up network communications (original), and to provide security at the Application layer and shield hosts on the internal network. A secondary goal is controlling which Web sites users are allowed to access. Proxy servers can use IP addresses or domain names to block access to spe- cific Web sites or to entire top-level domains. For example, an administrator could allow access to the .gov top-level domain so that employees could view government forms online

rule base

the collection of rules that filter traffic at an interface of a firewall


Ensembles d'études connexes

HTML5 forms, usability, and accessibility

View Set

Chapter 5 GDP (Gross Domestic Production) Quiz

View Set

Final Exam Part 2 (Chapters 8 - 14)

View Set

Advanced Health Assessment Test 1

View Set

Week 5 Sherpath: Natural Events, Disasters, and Mass Casualties

View Set

Biology exam 2 Module HW/ Pre-assessment

View Set

Implement & Support Servers chap 1-7 & Mid-Term,

View Set