Chapter 7 - 08 - Discuss Other Network Security Controls - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Web Content Filter QO The content filter is either a software or a hardware that blocks browsing of harmful websites and undesirable content on the world wide web (WWW)..... Q It prevents the network from malware, phishing, and pharming attacks Q 1t filters content based on keywords, URLs, and contextual analysis Q 1t provides additional protection other than traditional network firewalls and antivirus software Internet ‘:fin-nl BN BE Client Side Internet Filtering Web Content Filter Web content filters block deceptive web pages or emails. They protect the network from malware and other systems that are unreceptive and interfering. A content filter allows the organization to block certain websites. Organizations can implement different types of internet filtering such as: = Browser-based filters = E-mail filters = (Client-side filters = Content-limited filters = Network-based filtering = Search engine filters Internet ‘ Internet Firewall / om (sé.,m., 7 ‘ H Internet Firewall ‘ Firewall H Figure 7.126: Client-side Internet filtering, gateway level content filtering, and end-to-end content filtering Module 07 Page 975 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 In the process of content filtering, a web content filter compares each character string on the website in order to screen it. Most of the organizations filter pornographic or violence related websites. Content filtering can protect a network from all kinds of malware codes or other attacks that can make massive changes in the system and network. Advantages of Web Content Filters They can control the productivity: It is often difficult to manage employee activities in a large organization. The internet content filter can assist an organization from restricting the employees from using any social networking sites or any illegitimate sites. Security professionals can block the sites that are not related to work and thereby increase the efficiency and productivity of the organization. They provide a high-level of protection: Internet software. content filters normally provide protection from malware programs and They restrict all kinds of liability issues: Content filtering software can prevent users from sharing files and other documents outside the organization. They are highly flexible: Web content filters enable the organization to decide on the sites that need to be blocked. They also provide the organization with the ability to change the site blocking setting at any time. They increases the speed of the internet connection: The use of web content filtering allows the organization to control the bandwidth consumption of the internet connection by blocking sites. This in turn increases the speed of the internet connection. Module 07 Page 976 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Examples of Web Content Filters OpenDNS OpenDNSfiltersthe web contentand prevents access to RS unsafe orinappropriate websiteson your network NetSentron https://www.netsentron.com Barracuda Web Security and OpenDNS A Filtering https://www.barracuda.com Check Point URL Filtering This site is blocked due to content filtering. https://www.checkpoint.com ».com Sorry, FortiGuard Web Filtering »00M has boen blockid by your retwork adminktrator. Service » Report an incormect block https://www.fortiguard.com 16 Adut Themes, Ungeria/Dibini, Nudity, Pornogrsphry, Sesualty » Dagnostic o ContentProtect Professional Tarms | Privacy Poscy | Contact https://www.contentwatch.com https://www.opendns. com I. All Rights Reserved. Reproduction Is Strictly Prohibited. Examples of Web Content Filters = OpenDNS Source: https://www.opendns.com OpenDNS filters the web content and prevents access to unsafe or inappropriate websites on your network. It enables you to quickly block content using three predefined web filtering levels. You can also customize the web categories to filter or allow access only to the websites you specify. A This site is blocked due to content filtering. L.com Sorry,.com has been biocked by your network administrator. » Report an incorrect block 1 in: Adult Themes, Lingerie/Bikinl, Nudity, Pornography, Sexuality » Diagnostic Info Terms | Privacy Policy | Contact Figure 7.127: Screenshot of OpenDNS Module 07 Page 977 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Some of the additional web content filters are listed below: = NetSentron (https://www.netsentron.com) Barracuda Web Security and Filtering (https://www.barracuda.com) Check Point URL Filtering (https://www.checkpoint.com) FortiGuard Web Filtering Service (https.//www.fortiguard.com) ContentProtect Professional (https.//www.contentwatch.com) Module 07 Page 978 Certified Cybersecurity Technician Copyright © by EG-Gouncil Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Unified Threat Management (UTIM) » Unified threat management (UTM) is a network security management solution which allows an administrator to monitor and manage an organization’s network security through a centralized management console » It provides firewall, intrusion detection, anti-malware, spam filter, load balancing, content filtering, data loss prevention, and virtual private network (VPN) capabilities using a single UTM appliance Load Balancer * © / \' UTM Content Filter Solutions o Network Firewall ® Anti-virus and * IDS/IPS Anti-spam ® Virtual Private network (VPN) « g Copyright O by £ | All Rights Reserved. Reproduction is Strictly Prohibited. Unified Threat Management (UTIM) Unified threat management (UTM) is a security management method that enables the security professional to evaluate and examine security related applications and other components through a single console. UTM helps in minimizing the complexity of the network by protecting users from blended threats. It provides firewall, intrusion detection, anti-malware, spam filter, load balancing, content filtering, data loss prevention, capabilities using a single UTM appliance. and virtual private network (VPN) \ Load Balancer i Network Firewall Anti-virusand Content Filter Virtual Private network (VPN) \ / Anti-spam IDS/IPS Figure 7.128: Unified Threat Management (UTM) Advantages of UTM: * Low cost: It reduces the cost of buying multiple devices as a UTM console that can manage the whole network. * Low maintenance cost: As only a single console is used, it requires little maintenance. Module 07 Page 979 requires a single Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Easy installation and management: UTM involves the use of only a single console that requires minimum wiring and other installation requirements. Fully integrated: UTM is a complete console that incorporates every feature required for protecting a network. Disadvantages of UTM: Less specialization: Since a UTM is a single console managing the whole security of the network, there are chances of it missing out certain features required for maintaining the security. However, this can be avoided by using dedicated devices for each feature. Single point-of-failure: UTM involves the use of a single console with all features included in it. Failure of one feature can affect the performance of other features and consequently the working of the UTM console as a whole. Possible performance constraints: A single console in UTM performs various tasks at the same time. There are chances that all the tasks or features do not get the CPU time adequately. This situation may lead to many attacks on the system. Module 07 Page 980 Certified Cybersecurity Technician Copyright © by EG-Council