Network Defense Ch 9 and 10
firewall appliances
hardware devices with firewall functionality
screened host
A dual-homed host in which one interface is connected to an internal network and the other interface is connected to a router to an untrusted network.
NAT Steps
used to protect internal clients from direct access by untrusted, external hosts and to decrease the need for public IP addresses. By using the private IP address ranges as specified in RFC 1918, organizations can purchase only the public interface needed to support a large number of freely usable private IP addresses. The two main types of NAT are one-to-one, which has a direct mapping between an internal and external interface, and many-to-one, in which a large number of private addresses are mapped to a single external interface. The latter is performed by mapping TCP and UDP port addresses on the source and destination fields in the packet headers.
stateful packet filters
Filters that are similar to stateless packet filters, except that they also determine whether to allow or block packets based on information about current connection
DMZ with Multiple Firewalls
-One firewall can control traffic between the DMZ and the Internet, and the other can control traffic between the protected network and the DMZ -The second firewall can serve as a failover firewall, which is a backup that can be configured to switch on if the first one fails, thus ensuring uninterrupted service
Multiple Firewalls
-can be used when need multiple DMZs -can provide load balancing -fault tolerance -can be used when company has branched offices
Firewall
-is hardware or software that can be configured to block unauthorized access to a network -can be a combination of software and hardware components -can refer to all devices positioned on the network perimeter, whether hardware or software based
Effective Firewall Rule Base
-should be based on the organization's security policy, provide rules for how applications can access the Internet, and be as simple and short as possible. -should also restrict access to ports and subnets on the internal network from the Internet, and it should control Internet services.
proxy server
-software that forwards network packets and caches Web pages to speed up network performance -originally designed to improve web access performance and Network Address Translation tasks and web caching
three-pronged firewall
A firewall with separate interfaces connected to an untrusted network, a semitrusted network, and a trusted network
cleanup rule
A packet-filtering rule that comes last in a rule base and covers any packets that have not been covered by preceding rules.
many-to-one NAT
A process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts. Many-to-one NAT is also called Port Address Translation.
firewall policy
An addition to a security policy that describes how firewalls should handle application traffic, such as Web or e-mail applications.
stateless packet filters
Simple filters that determine whether to allow or block packets based on information in protocol headers.
load-balancing software
Software that prioritizes and schedules requests and then distributes them to servers in a server cluster based on each server's current load and processing power.
socket
The end point of a computer-to-computer connection defined by an IP address and port address.
one-to-one NAT
The process of mapping one internal IP address to one external IP address
NAT- Network Address Translation
The repackaging of packets so that internal IP addresses are stripped from requests to an untrusted network like the Internet.
failover firewall
a backup firewall that is configured to switch on if the current firewall fails
dual-homed host
a computer configured with more than one network interface
security workstation
a computer dedicated to providing firewall policies
reverse firewall
a device that filters outgoing connections
state table
a file maintained by stateful packet filters that contains a record of all current connections
server farm
a group of servers connected in a subnet that work together to receive requests
screening router
a router placed between an untrusted network and an internal network
Firewall effective location based on:
amount of traffic that must be filtered, the level of security needed, and the types of assets being protected
Hardware firewalls
appliances more expensive but can handle more traffic
Bastion hosts
are computers such as Web servers, e-mail servers, and proxy servers that are accessible to untrusted clients. Bastion hosts should be configured for maxi- mum security
Major advantage of DMZ with multiple firewalls
can control traffic in the three networks you are dealing with; the external network outside the DMZ, the external network within the DMZ, and the internal network behind the DMZ. You can identify certain protocols, such as outbound HTTP port 80, that should go to the external network within the DMZ, and you can allow other protocols to pass through to the internal network.
Software firewalls
come in many varieties, including freeware, shareware, and commercial enterprise applications.
Stateless firewalls
filter traffic based on basic parameters such as protocol or IP address, but they are much less secure than these that maintain state tables. State tables are records of connections that enable the firewall to make filtering decisions based on whether a trusted computer initiated a session or whether an unknown host outside the company network is trying to establish a connection.
Strong Network Security encompasses:
firewalls, IDPSs, antivirus software. access control and auditing
Goals of Proxy Servers
speeding up network communications (original), and to provide security at the Application layer and shield hosts on the internal network. A secondary goal is controlling which Web sites users are allowed to access. Proxy servers can use IP addresses or domain names to block access to spe- cific Web sites or to entire top-level domains. For example, an administrator could allow access to the .gov top-level domain so that employees could view government forms online
rule base
the collection of rules that filter traffic at an interface of a firewall