IAS2 - Firewall/Access Controls PDF

# IAS2 - FIREWALL/ACCESS CONTROLS ## Access Controls - Giving access to an entity, to a part of a system, an area, and location. - A security technique that regulates who or what can view or use resources in a computing environment. - It is a fundamental concept in security that minimizes risk to the business or organization. - In short, it is the allowing, restricting, and denying access to resources ## Access vs Authorization - **Authorization (permission)** - **Access (means/method)** ## Important Terms to Remember 1. **Owner** - A person responsible for the integrity and security of an asset. This may be a management role instead of a technical role. - Management people 2. **Custodian** - A person who maintains the security of a system, perhaps by adding and removing access by user accounts. - The administrator of the system. - Technical people, the I.T people. 3. **End user** - The clients, and users of system - A person who uses the asset, such as reading a file, opening a web page, or printing some data from a database, but who is not allowed to change access rights to the asset. - Also called as **subject** in other texts ## ACCESS CONTROL METHODS 1. **Mandatory Access Control (MAC)** - The most restrictive model. - Top-down approach. - The owner defines a security policy, the custodian implements it, the end users can only follow it. 2. **Nondiscretionary Controls (NDC)** - Are a strictly-enforced version of MACs that are managed by central authority in the organization. - **a. Role-based access controls** - Can be based on an individual's role. - Depends on the position of the person. - **b. Task-based access controls** - Specified set of tasks. - Depends on your tasks or job description. 3. **Discretionary Access Control (DAC)** - Least restrictive model. - Imagine Google Drive open to anyone. - Users can own objects and have total control over them. - The users must *set* and *maintain* security for their assets, which most people will do badly, processes run by end users inherit their permission levels. ## ACCESS CONTROL MECHANISMS - All access control approaches rely on the following mechanisms: 1. **Identification**: Email, ID, usernames, student number. 2. **Authentication**: Passwords, OTP. 3. **Authorization**: You are now authorized to do what you want to do. 4. **Accountability**: So kung ano mang gawin mo sa account mo accountable ka na don. ## Firewalls - A simply a computer containing two network cards. - It is a barrier that *filters incoming and outgoing* traffic; it prevents suspicious traffic that is entering our computers. - It is initially configured to not allow any traffic to pass from one card to another. - The firewall may be a: - Separate computer system. - Software service running on an existing router or server. - Separate network containing a number of supporting devices. - The firewall is also categorized by: - Their processing type. - Their evolutional generation. - The way they are implemented. ## Firewalls by Processing Type 1. **Packet Filtering Firewalls** - Traffic on a network is broken into packets. - **Smaller message units** used in networking. - Each packet must hold at least two addresses: that of the sender and that of the recipient. - Packet filtering protects a local network from undesired invasion depending upon the predefined rules. - Packet Filtering controls (allows or drops) packet or data transfer based on the ff standards: - The address the packet is coming from. - The address the packet is going to. - *The application protocols or rules set to transfer the data*. - Parang immigration. 2. **Application Gateway Firewalls** - Is a type of firewall that provides application-level control over network traffic. - We filter access from private networks to distrusted users over the internet. - Can be used to deny access to the resources of private networks to distrusted users over the internet. - The proxy found in the internet (restricted access lang siya) 3. **Circuit Gateways** - More on the transmission of connection using UDP and TCP. - A firewall that provides User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) connection security. - Works between an Open Systems Interconnection (OSI) network model’s transport and application layers such as the session layer. - Unlike application gateways, circuit-level gateways monitor TCP data packet handshaking and session fulfillment of firewall rules and policies. 4. **MAC Layer Firewalls** - The MAC sublayer of the ISO-OSI data link layer is concerned with MAC Addresses, the hard coded addresses that are generally burned into network cards when they are manufactured. - This kind of firewall will check the MAC address of a requester to determine whether the device being used to make the connection is authorized to access the data in question. - This would be useful in situations where devices are placed in lobbies for customers who are allowed to browse a catalog, but not allowed to place orders that would affect inventory. 5. **Hybrid Firewalls** - Combination of firewall elements like packet filtering and proxy services, or of packet filtering and circuit gateways. ## Firewall in ISO-OSI Network Model 1. **Application Gateways** - Application (Layer 7) [Network Services: File, Print, Message, Application, DB] - Presentation (Layer 6) [Translation: Bit, byte, translations], [Encryption] - Session (Layer 5) [Dialog Control: simplex, half-duplex, duplex], [Session Administration] 2. **Circuit Gateway** - Transport (Layer 4) [Address/Name Resolution], [Segment Developing], [Addressing], [Connection Services] 3. **Packet Filtering Firewalls** - Network (Layer 3) 4. **MAC Layer Firewalls** - Data Link (Layer 2) 5. **No Firewall** - Physical Layer (Layer 1) ## Firewall Generation 1. **First Generation** - Static packet-filtering firewalls. 2. **Second Generation Firewall** - Application-level firewalls or proxy servers. - These are dedicated systems that are separate from the filtering router and that provide intermediate services for requestors. 3. **Third Generation Firewall** - Stateful inspection firewalls. - Monitors the state of active connections and uses the information to permit the network packets through the firewall. 4. **Fourth Generation Firewall** - Dynamic packet-filtering firewalls. 5. **Fifth Generation Firewall** - Kernel proxy firewalls (found in Operating Systems) ## Firewalls by Structure - Commercial Appliances - Commercial Systems - Small Office - Home Office appliances (for small organizations) - Residential (consumer) software # IAS2 - SECURITY TECHNOLOGY: INTRUSION DETECTION AND PREVENTION SYSTEMS ## Intrusion Detection & Prevention Systems (IDPS) - It operates by *monitoring network traffic* , analyzing it and providing remediation tactics when malicious behavior is detected. - It usually looks for matching behavior or characteristics that would indicate malicious traffic, send out alerts and block attacks. - IDPS tools can detect *malware, socially engineered attacks* and other web-based threats, including DDoS attacks. - Provide preemptive intrusion prevention capabilities for internal threats and potentially compromised systems. - For identifying problems with security policies and deterring individuals from violating security policies. - Imaginin niyo yung trabaho ng mga security guards and immigration officers. ## Primary Functions of IDPS Solutions 1. **Monitoring** - Monitors IT systems using either *signature-based or anomaly-based intrusion detection* to identify abnormal behavior and signature malicious activity. 2. **Alerts** - After identifying potential threats, IDPS software will log and send out alert notifications to inform administrators of abnormal activity. 3. **Remediation** - It does provide a blocking mechanisms for malicious threats, giving administrators time to take action. 4. **Maintenance** - IDPS tools can also monitor the performance of IT hardware and security components with health checks. This ensures a security infrastructure is operating properly at all times. ## Intrusion Detection System vs Intrusion Prevention System - **IDS**: Are detection and monitoring tools. These tools do not take action on their own. IDS requires a human or another system to look at the results. - **IPS**: Is a control system. The control system accepts and rejects a packet based on the ruleset. IPS requires that the database gets regularly updated with new threat data. ## Types of IDPS 1. **Network-based IDPS** - It does *monitor the inbound and outbound network traffic* and the text and prevents intrusions by analyzing network protocol activities. - Examine packets that are traveling through the network for known signs of intrusive activity. 2. **Host-based ID/PS** - Software package installed in a host. It monitors the activities of a single host and the text and prevents malicious activities. - Examines information at the local host or operating system. ## IDPS Methodologies - These systems *identify potential threats* based on built-in rules and profiles. ## Two (2) Key Intrusion Detection Methods 1. **Signature-based Intrusion Detection** - Used for threats we know. - Designed to detect possible threats by comparing given network traffic and log data to existing attack patterns. - These patterns are called sequences and could include byte sequences, known as malicious instruction sequences. - Enables you to accurately detect and identify possible known attacks. 2. **Anomaly-based Intrusion Detection** - Used for changes in behavior. - Complete opposite of the signature-based. - Designed to pinpoint unknown attacks. - The Machine learning techniques enable an intrusion detection system. - False alarms can occur when using an anomaly-based IDS. # IAS2 - Honeypots, Scanning & Analyzing Tools, and Biometrics AC ## Honeypots - Software or an application that uses or baits the cyber attacks to attack. In return, it will learn the attacks for future prevention. - Serves as the decoy. - Mostly used for prevention. ## Two (2) Types of Honeypots 1. **Research Honeypot** - It identifies the potential attacks that may be used by the attackers against the system by researching or deep diving different attacks. 2. **Production Honeypot** - Implemented in production systems to lure the attacks and preventing them in attacking the critical systems. ## Different Types of Honeypot 1. **Spam Honeypot** - Used for spam emails, and etc. 2. **Malware Honeypot** - Used for malware, and etc. ## Advantages of using Honeypot 1. Lures the attackers. 2. Knowing the attacks. 3. Prevention against the attacks. ## Scanning and Analyzing Tools - Every system and architecture must have their own scanning and analyzing tools. ## Different Scanning and Analyzing Tools 1. **Vulnerability Scanners** - Scans and identifying the system’s weaknesses. - It scans the points of weaknesses. - Examples: Nesus, OpenScan, OpenVas 2. **Network Scanning Tools** - It checks the security of the network (open ports, connected networks). - It checks the entire network of the system. - Example: NMap(Network Mapper), IP Scanner (For IP Address) 3. **Penetration Testing Tools** - We test our system’s IP to know if our system can be penetrated by unauthorized person. - Example: SQL Injection Tools: Kali Linux. 4. **Malware Analysis Tools** - They are checking if there is suspicious activity in our system. - Example: Antivirus Scanner (Avast, McAfee, Norton, Cuckoo, Sandbox) 5. **Log Analysis & Monitoring Tools** - List of activities (logs). - Analyzes suspicious activities in the logs. 6. **Packet Sniffers & Traffic Analysis Tools** - Analyzes the packets of the Networks. - Focuses on the packets only. - Example: TCP Dump 7. **Web Application Scanning Tool** - It detects the vulnerabilities in our WebApp. ## Biometric Authentication Control Methods - An authentication control method that uses human body parts for extra authentication and security of the applications, or systems. ## Always REMEMBER the following: 1. Something you know (passwords). 2. Something you have (Chips). 3. Something you are (Biometrics). 4. Something you do. 5. Somewhere you go. ## Human Body Parts that are usually used for Biometrics: 1. **Head** - Iris (Iris Scan, Retinal Scan). - Whole Face (Facial Geometry). - Voice (Voice Recognition). 2. **Body** - Hand (Fingerprint, Thumb).

IAS2 - Firewall/Access Controls PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue