5.5 Given a scenario, install and configure a basic firewall.
Port Security: It deals more with switches and the restriction of MAC addresses that are allowed to access particular physical ports.
Dynamic Packet Filters: Also referred to as Stateful Inspection, DPF, unlike static packet filters, monitors each session and makes sure they are valid. Note that a static packet filtering uses only the header information in a packet traversing the FireWall, whereas a Dynamic Packet Filter inspects all the interfaces based on a state table. CheckPoint's FireWall-1 uses stateful inspection.
Implicit deny: It requires that all access is denied by default and access permissions are granted to specific resources only when required. An implicit deny clause is implied at the end of each ACL, and it means that if the provision in question has not been explicitly granted, then it is denied.
Access control lists (ACLs) : ACL resides on a router, firewalls or computers and decides who can access the network and who cannot. That means it enable or deny traffic. It specify which user or group of users are allowed what level of access on which resource. It makes use of IP addresses and port numbers.
NAT (Network Address Translation) : It is primarily used to hide internal network from external network, such as the Internet. A NAT basically translates the internal IP addresses to external IP addresses and vice-versa. This functionality assures that external users do not see the internal IP addresses, and hence the hosts.
DMZ (DeMilitalized Zone) : It is a place separate from the LAN where servers reside that can be reached by users on the Internet. If a company intends to host its own servers to be accessed from public Internet, a DMZ is most preferred solution. The network segment within the DMZ is secured by two firewalls, one interfacing with the public Internet, and the other interfacing the internal corporate network. Thus, a DMZ provides additional layer of security to internal corporate network. The type of servers that are hosted on DMZ may include web servers, email servers, file servers, DNS servers, etc.
5.6 Categorize different types of network security appliances and methods
IDS stands for Intrusion Detection System. There are primarily two types of IDSs. These are Network based IDS (NIDS), and Host based IDS (HIDS).
If the IDS monitors network wide communication, it is called Network based IDS.
If the IDS monitors security on a per host basis, it is called Host based IDS. A host based IDS should be place on a host computer such as a server.
Network based IDS is typically placed on a network device such as a router.
Honeypots: Honeypots are designed such that they appear to be real targets to hackers. That is a hacker can not distinguish between a real system and a decoy. This enables lawful action to be taken against the hacker, and securing the systems at the same time.
Honeynet : It is one or more computers, servers, or an area of a network; these are used when a single honeypot is not sufficient. Either way, the individual computer, or group of servers, will usually not house any important company information.
Vulnerability testing is part of testing corporate assets for any particular vulnerability. These may include:
Blind testing: Here the hacker doesn’t have a prior knowledge of the network. It is performed from outside of a network.
Knowledgeable testing: Here the hacker has a prior knowledge of the network.
Internet service testing: It is a test for vulnerability of Internet services such as web service.
Dial-up service testing: Here the hacker tries to gain access through an organization’s remote access servers.
Infrastructure testing: Here the infrastructure, including protocols and services are tested for any vulnerabilities.
Application testing: The applications that are running on an organization’s servers are tested here.
Examples of Vulnerability scanner are NESSUS, NMAP
Copyright © Anand Software and Training Private Limited.