Summary

This document provides an overview of firewalls, including their purpose, types (packet filtering, stateful inspection, application-level, and circuit-level), configurations and topologies (single bastion, double bastion, distributed), and intrusion detection and prevention systems (IDS/IPS). It also discusses security practices like VPN integration and defense-in-depth.

Full Transcript

**Overview of Firewalls** 1. **Purpose**: Firewalls protect local area networks (LANs) by acting as a perimeter defense system between a premises network and the internet. They manage traffic and provide security auditing. 2. **Access Policy**: Firewalls rely on access policies derived f...

**Overview of Firewalls** 1. **Purpose**: Firewalls protect local area networks (LANs) by acting as a perimeter defense system between a premises network and the internet. They manage traffic and provide security auditing. 2. **Access Policy**: Firewalls rely on access policies derived from organizational security assessments to allow or block traffic based on criteria like IP ranges, protocols, and content types. **Types of Firewalls** 1. **Packet Filtering Firewalls**: Filters traffic using rules based on IP and TCP headers. Advantages include simplicity and speed, but they lack advanced security features and detailed logging. 2. **Stateful Inspection Firewalls**: Monitors the state of active connections and makes filtering decisions based on state and context. 3. **Application-Level Gateways**: Proxy-based firewalls that relay application-level traffic, offering enhanced security at the cost of performance overhead. 4. **Circuit-Level Gateways**: Manage connections at the session layer for simplified security enforcement. **Firewall Configurations and Topologies** 1. **Topologies**: - **Single Bastion Inline**: A basic setup for small to medium-sized organizations. - **Single Bastion T**: Adds a DMZ for hosting externally accessible servers. - **Double Bastion Inline**: A more secure setup for large organizations, sandwiching the DMZ between firewalls. - **Distributed Configurations**: Common in large enterprises, employing multiple firewalls across the network. 2. **Types**: - **Host-Based Firewalls**: Protect individual hosts; integrated into operating systems or added separately. - **Personal Firewalls**: Protect personal devices; simpler than enterprise solutions but effective for blocking unauthorized access and monitoring malware activity. **Intrusion Detection and Prevention Systems (IDS/IPS)** 1. **Purpose**: Identify and block potential security breaches using signature-based or anomaly-based detection. 2. **Types**: - **Host-Based (HIDS/HIPS)**: Monitors activity on individual systems. - **Network-Based (NIDS/NIPS)**: Analyzes network traffic to detect and prevent malicious activities. - **Hybrid Systems**: Combines host and network data for comprehensive threat detection. 3. **Capabilities**: - **HIPS**: Detects malicious behavior using sandboxing and monitors system calls, file system access, and registry changes. - **NIPS**: Operates inline to discard malicious packets and protect data flows. **Security Practices** 1. **VPN Integration**: Uses encryption to create secure connections over insecure networks, relying on protocols like IPSec. 2. **Defense-in-Depth**: Combines firewalls, HIPS, NIPS, and other tools to provide layered security.

Use Quizgecko on...
Browser
Browser