Chapter 7 - 02 - Discuss Security Benefits of Network Segmentation - 04_ocred_fax_ocred.pdf

Full Transcript

el et anie ot — T PRAHNCIan Networ. k Sec Cmmeeeny seuninCidn urity Con trols — Technical Controls Network Security Controls — Technical Controls Exam 212-82 Exam 212-82 Typsesof ofBasti Baston ionHosts Type Host:s:Sing Sinle-h gle omed Q Afirewall device with only one networ k interface Afirewall device with only one network interface Q Al the traffic, bot h incoming and out going, is routed Q All the traffic, bastion both through through host incoming and outgoing, is routed the bastion host Q It tests data agains t securi guidelines O It tests data against security ty s accordingly guidelines and ang actsactaccordingly Q.B E : Single-homed Single-homed ' Bast * Bastion ion HostHost & Interior Firewall fi Interior Firewall v Types of Bastion Hosts: Multi-homed Q - Q A firewall device with at least two network interfaces : Q' Q - This type of bastion host is capable of separating internal and external networks, thereby improving security ‘ Internet Internet B v B = v.. Multi-homed. Multi-homed Bastion Host Bastion Host v ‘ ‘ Module 07 Page 743 Module 07 Page 743 Exterior Firewal| A \4 Interior Firewall Interior Firewall CertifCertified Copyright © by EC-Council ied CybersCybersecuri ecurity TectyhniTechnician cian Copyrighto— © = by= All RigAll EC-Councijl hts Rights ReserReserved. Ranrads.asi Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Types of Bastion Hosts: Internal Bastion Host They reside inside the internal network of an organization —e — It can be single-homed or multi-homed The internal network devices communicate with the internal bastion host Types of Bastion Hosts (Cont’d) Non-routing Dual-homed Hosts v ! Victim Machines They operate with multiple network v Victim machines allow any user to login com'\ections, b“? the network connections v They are useful in testing new applications don’t interact with each other whose security flaws are not yet known and to run services which are not secure............................................................................................................................................................ Y External Services Hosts v’ v" One-box Firewalls Bastion hosts are visible to everyone, which v They require only minimum access privileges to the internal network, providing only a few services v' The entire site’s security relies on this single machine, so it is necessary to guarantee that this machine is absolutely secure makes them vulnerable to attack If a machine is constructed as a firewall, it is prone to more attacks All Rights Reserved. Reproductionis Strictly Prohibited Types of Bastion Hosts In most of the configurations, the central bastion host is connected to certain internal hosts. For example, the bastion host may pass the email to an internal mail server, harmonizing with an internal name server. These internal servers are secondary bastion hosts, and they must be more organized and monitored like the bastion hosts than like internal hosts. A few services may be left enabled on these systems, but they must be configured in the same way as the bastion hosts are configured. Module 07 Page 744 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls = Exam 212-82 Single-homed Bastion Host A single-homed bastion host is a firewall device with only one network interface. All the traffic, both incoming and outgoing, is routed through the bastion host. It tests data against security guidelines and acts accordingly. 9 > EEE===E ryterior Firewall 157 1T A. Internet §< >B : ——_ Y e Bastion Host Interior Firewall Intranet v ~ Single-homed v v @ v g = \ A = S — Figure 7.34: Single-homed bastion host * Multi-homed Bastion Host A multi-homed bastion host is a firewall device with at least two network interfaces. This type of bastion host is capable of separating internal and external networks, thereby improving security. EELELERERERS = fi Internet Exterior Firewall A\74 B -~ —— Multi-homed Bastion Host A \4 % Intranet Interior Firewall V Figure 7.35: Multi-homed bastion host Module 07 Page 745 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls = Exam 212-82 |Internal Bastion Host Internal bastion hosts reside inside the internal network of an organization. They can be single-homed or multi-homed bastion hosts. The internal network devices communicate with the internal bastion host. Exterior Firewall Internet A4 :................................>: eorer] Interior Firewall v PV N v Vv B[E: Intranet v \, £3 v — v.’ Internal Bastion Host Figure 7.36: Internal bastion host * Non-routing Dual-homed Hosts A non-routing bastion host has a dual-homed host with multiple network connections that do not interact with each other. This type of the host is completely a firewall, or it might be a component of a multi-faceted firewall. If the host is a firewall, one must be careful that the configuration and the bastion host’s instructions must be followed with concern. = Victim Machines In cases where there is a necessity to run services that are not secure and certain new applications whose security flaws are not yet known; you can use a machine (a victim machine) to install them. Such machines allow any user to log in. There is no issue, even if such machines are compromised. A victim machine is disposable in the sense that it is only used for the applications with security implications and for no other purpose. Victim machines are configured in the procedure similar to a typical bastion host expecting that they will always have users to log in. It will be wise if pressures are resisted, such as the user’s desire for more services and programs than the ones that are provided on the usual bastion system. It must also be made sure that the user must not be comfortable with the victim machines, because the intended design may no longer work. The important factor that must be considered is that it is not reusable. Module 07 Page 746 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 External Services Hosts Bastion hosts, which provide exclusive services for the Internet, have a unique concern; they are visible to everybody. This makes it vulnerable to attacks and the increased vulnerability will be prone to more successful attacks. If one of the internal services provided to the internal users is compromised, it is not obvious that the outsiders can assess the services. If one of the pages of the website is become aware of the change and take note of it. These security features, and they do not have minimum features They require only minimum access privileges to the internal replaced, then everyone will machines should have more to make it easier to secure. network. One-box Firewalls If the machine is constructed as a firewall, rather than as part of a wall, then it is more prone to attacks. The entire site’s security relies on this one machine. It is always necessary to guarantee that this machine is absolutely secure. A replica of the original system can be used to test the new configuration without risking the Internet connection. Module 07 Page 747 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.