Chapter 7 - 03 - Understand Different Types of Firewalls and their Role - 05_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Application Proxy
_'_‘ Corporate network
Application s.
QO An application-level proxy Internet Firewal oty e @’m‘
works as a proxy server and
filters connections for
*u........ g::-:-............................... =.
( i)......... g
N@ réz

specific services
D lt filterS Connections based ‘.".__"_.._"_,,_-:,_"__,,_,__“_..'§ DNS ; Sessssasssnssasessssesenssans %.. [ETTTTTTTTTTTTP PP PP PP

on the services and External network i Internal network
protocols LU
i HTIPS i
Q For example, an FTP proxy iONNT
will only allow FTP. trafficto o
Filters traffic for
’
pass through, while all specific server
other services and
protocols will be blocked

Copyright © by EC iL All Rights Reserved. Reproductionis Strictly Prohibited

Application Proxy
An application-level proxy works as a proxy server and filters connections for specific services. It
filters connections based on the services and protocols. For example, an FTP proxy will only
allow FTP traffic to pass through, while all other services and protocols will be blocked.
It is a type of server that acts as an interface between the user workstation and the Internet. It
correlates with the gateway server and separates the enterprise network from the Internet. It
receives requests from users for services and responds to the original requests only. A proxy
service is an application or program that helps forward user requests (for example, FTP or
Telnet) to the actual services. Proxies are also called application-level gateways as they renew
the connections and act as a gateway to the services. Proxies run on a firewall host that is
either a dual-homed host or some other bastion host for security purposes. Some proxies,
named caching proxies, run for the purpose of network efficiency. They keep copies of the
requested data of the hosts they proxy. Such proxies can provide the data directly when
multiple hosts request the same data. Caching proxies help in reducing load on network
connections whereas proxy servers provide both security and caching.
A proxy service is available between a user on an internal network and a service on an outside
network (Internet) and is transparent. Instead of direct communication between each, they talk
with the proxy and it handles all the communication between user and the Internet service.
Transparency is the key advantage when using proxy services. To the user, a proxy server
presents the illusion that they are dealing directly with the real server whereas the real server
thinks that it is dealing directly with the user.

Module 07 Page 779 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls - Technical Controls

Corporate network.i Applicatio
Application
Firewall PP
Ppi :
Internet Server proxy
server proxy

™ r= e L]
------- -_-—---llllununno---

e e e.----.

eeennneeeaan.

i P
Y osmTP| SG
External network : : Internal network
: FTP :
:! HTTPS
HTTPS i
i: NNTP
NNTP

Filters traffic for
specific server

Figure 7.49: Application proxy

Advantages
Proxy services can be good at logging because they can understand application
protocols and allow logging in an effective way.
Proxy services reduce the load on network links as they are capable of caching copies of
frequently requested data and allow it to be directly loaded from the system instead of
the network.
Proxy systems perform user-level authentication, as they are involved in the connection.

Proxy systems automatically provide protection for weak or faulty IP implementations
as they sit between the client and the Internet and generate new IP packets for the
client.
Disadvantages
Proxy services lag behind non-proxy services until a suitable proxy software is made
available.
Each service in a proxy may use different servers.
Proxy services may require changes in the client, applications, and procedures.
The complexity of application proxies makes them vulnerable to various attacks such as
DosS.

If the proxy is not configured for SSL/TLS inspection, it cannot filter or examine
encrypted packets.

Module 07 Page 780 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls - Technical Controls

Network Address Translation (NAT)

0010 §0 100100
o0 181110300.
30300100012 : P:d":‘e ol Public 1P
~rayn i IPID: 192.168.168.2 ress Address

O Network address translation separates IP addresses into two sets
i! ’
v
192.168.168.1
v
200.0.0.45
and enables the LAN to use these addresses for internal and : [:] 4
external traffic respecfivelv. “.............. -. PR e~ STTTTIIIICID

: " Switch o
O It also works with a router, the same as packet filtering does; NAT | 1pp: 192.168.168.3 Internet
will also modify the packets the router sends at the same time

O 1t has the ability to change the address of the packet and make it
appear to have arrived from a valid address ‘\‘ D ’

Q 1t limits the number of public IP addresses an organization can use
e IPID: 192.168.168.2

Copyright © by L All Rights Reserved. Reproductionis Strictly Prohibited

Network Address Translation (NAT)
Network address translation separates IP addresses into two sets and enables the LAN to use
these addresses for internal and external traffic, respectively. A NAT helps hide an internal
network layout and forces connections to go through a choke point. It works with the help of a
router, helping to send packets and modifying them. When the internal machine sends the
packet to the outside machine, NAT modifies the source address of the particular packet to
make it appear as if it is coming from a valid address. Similarly, when the outside machine
sends the packet to the internal machine NAT modifies the destination address to turn the
visible address into the correct internal address. It limits the number of public IP addresses an
organization can use. It can act as a firewall filtering technique where it allows only those
connections which originate on the inside network and will block the connections which
originate on the outside network. NATs can also modify the source and destination port
numbers. NAT systems use the following schemes for translating between internal and external
addresses:
= One external host address is assigned for each internal address, and the same
translation is always applied. This scheme slows down connections and does not provide
any savings in address space. This type of mapping is also known as 1:1 mapping and can
be either static or dynamic.
= An external host address is dynamically allocated without modifying the port numbers
at the time when the internal host initiates a connection. This scheme restricts the
number of internal hosts that can simultaneously access the Internet to the number of
available external addresses.
= A fixed mapping is created from internal addresses to externally visible addresses, and
port mapping is used such that multiple internal machines use the same external

Module 07 Page 781 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

address. This type of mapping is also known as overloaded NAT or network address port
translation (NAPT).
A pair of an external host address and a port is dynamically allocated each time an
internal host initiates a connection. This scheme has the highest possible efficiency in
the use of external host addresses.
A router’s IP address is used to communicate with external hosts and to forward
incoming packets to a different IP address. That is, the router processes the requests
originating from the Internet for a particular application and forwards them to the
target application server residing inside a DMZ or internal network. This mapping is
known as destination NAT or port forwarding.

E‘., kL Private
dad IP Public IP
IPID: 192.168.168.2 -, Address Address

NV v
P “, 192.168.168.1 200.0.0.45
‘};\\\(‘.............
———
HCICICRC SEEEEEREEE &...........

,.".Switch
o NAT
o Internet
IP1D: 192.168.168.3

&
IP ID: 192.168.168.2

Figure 7.50: Illustration of network address translation

Advantages
NAT help enforce the firewall's control over outbound connections.
It restricts incoming traffic and allows only packets that are part of a current interaction
initiated from the inside.
It helps hide the internal network's configuration and thereby reduces vulnerability of
the network or system from outside attacks.
Disadvantages
The NAT system has to guess how long it should keep a particular translation, which is
impossible to
correctly guess every time.

NAT interferes with encryption and authentication systems that ensure security of the
data.
Dynamic allocation of ports may interfere with packet filtering.

Module 07 Page 782 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Virtual Private Network

A VPN is a private network VPN Router / e VPN Router /
constructed using public networks, Firewall Firewall
such as the Internet

It is used for the secure transmission VPN Tunnel
of sensitive information over an
untrusted network, using
encapsulation and encryption

It establishes a virtual point-to-
point connection through the use of
dedicated connections

The computing device running the
VPN software can only access the VPN Pri VoRS roRwor k PriTusto Retwor k

Copyright © by | L All Rights Reserved. Reproduction
is Strictly Prohibited.

Virtual Private Network

A VPN is a private network constructed using public networks, such as the Internet. It is used
for the secure transmission of sensitive information over an untrusted network, using
encapsulation and encryption. It establishes a virtual point-to-point connection through the use
of dedicated connections. The computing device running the VPN software can only access the
VPN.
It is used for connecting Wide Area Networks (WAN). VPN allows computers of one network to
connect to computers on another network. It employs encryption and integrity protection to
enable utilization of a public network as a private network. A VPN performs encryption and
decryption outside the packet-filtering perimeter to allow the inspection of packets coming
from other sites; it encapsulates packets sent over the Internet. A VPN combines the
advantages of both public and private networks. They have no relation to firewall technology,
but firewalls are convenient tools for adding VPN features as they help in providing secure
remote services. Any VPN that runs over the Internet employs the following principles:
= Encrypts all traffic
= Checks for integrity protection
= Encapsulates new packets, which are sent across the Internet to something that reverses
the encapsulation
= Checks for integrity
= Finally, decrypts the traffic

Module 07 Page 783 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

VPN Router / VPN Router/. Internet.
Firewall Firewall

7 (7
) ULl VPN Tunnel

Private network
) #
Private network

Figure 7.51: Virtual private network

Advantages

VPNs provide several security advantages, and they are listed below:
= A VPN hides all the traffic that flows through it, ensures encryption, and protects the
data from snooping.
= |t provides remote access for protocols while also defending against outside attacks.
Disadvantages
= As a VPN runs on a public network, the user remains vulnerable to an attack on the
destination network.

Module 07 Page 784 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.