Network Security Summary¶
Types of Firewalls¶
Packet Filtering Firewall¶
- Operation: Filters packets based on IP addresses, port numbers, and protocols.
- Advantages: Simple, low overhead.
- Disadvantages: Limited inspection, vulnerable to IP spoofing.
Stateful Inspection Firewall¶
- Operation: Tracks active connections, filters based on connection state.
- Advantages: Improved security, session hijacking detection.
- Disadvantages: More resource-intensive, limited higher-layer inspection.
Proxy Firewall¶
- Operation: Intermediary at the application layer, inspects specific protocols.
- Advantages: Granular control, content filtering.
- Disadvantages: Latency, complex configuration.
Next-Generation Firewall (NGFW)¶
- Operation: Multiple OSI layers, advanced threat detection.
- Advantages: Application-aware filtering, centralized management.
- Disadvantages: Expensive, requires specialized knowledge.
Firewall Topologies¶
Topology | Description |
---|---|
Bastion Host | Firewall between internal and external networks. |
Screened Subnet | DMZ in front of the firewall for public servers, extra firewall for stricter control. |
Multi-Homed | Three interfaces: internal network, DMZ, external network for granular control. |
Belt-and-Suspenders | Combines screened subnet and bastion host for maximum security. |
Screened Host | Single host in DMZ for public access services. |
Proxy Server | Intermediary filtering all traffic from internal to external networks. |
Vulnerability Scanning¶
Nessus¶
- Functions: Scans systems, identifies vulnerabilities, assigns severity levels, provides remediation guidance.
- Benefits: Proactive security, prioritization, compliance.
- Versions:
- Nessus Essentials: Free, limited features.
- Nessus Professional: Paid, advanced features.
Capabilities of Network-Based Security¶
- Intrusion Detection and Prevention: Monitors and blocks suspicious traffic.
- Threat Intelligence: Uses data to identify/respond to threats.
- Traffic Analysis: Detects anomalies in network patterns.
- Access Control: Ensures authorized user access.
- Encryption: Protects data in transit and at rest.
By understanding these concepts, organizations can better protect their networks from threats and vulnerabilities.