Skip to content

Network Security Summary

Types of Firewalls

Packet Filtering Firewall

  • Operation: Filters packets based on IP addresses, port numbers, and protocols.
  • Advantages: Simple, low overhead.
  • Disadvantages: Limited inspection, vulnerable to IP spoofing.

Stateful Inspection Firewall

  • Operation: Tracks active connections, filters based on connection state.
  • Advantages: Improved security, session hijacking detection.
  • Disadvantages: More resource-intensive, limited higher-layer inspection.

Proxy Firewall

  • Operation: Intermediary at the application layer, inspects specific protocols.
  • Advantages: Granular control, content filtering.
  • Disadvantages: Latency, complex configuration.

Next-Generation Firewall (NGFW)

  • Operation: Multiple OSI layers, advanced threat detection.
  • Advantages: Application-aware filtering, centralized management.
  • Disadvantages: Expensive, requires specialized knowledge.

Firewall Topologies

Topology Description
Bastion Host Firewall between internal and external networks.
Screened Subnet DMZ in front of the firewall for public servers, extra firewall for stricter control.
Multi-Homed Three interfaces: internal network, DMZ, external network for granular control.
Belt-and-Suspenders Combines screened subnet and bastion host for maximum security.
Screened Host Single host in DMZ for public access services.
Proxy Server Intermediary filtering all traffic from internal to external networks.

Vulnerability Scanning

Nessus

  • Functions: Scans systems, identifies vulnerabilities, assigns severity levels, provides remediation guidance.
  • Benefits: Proactive security, prioritization, compliance.
  • Versions:
  • Nessus Essentials: Free, limited features.
  • Nessus Professional: Paid, advanced features.

Capabilities of Network-Based Security

  • Intrusion Detection and Prevention: Monitors and blocks suspicious traffic.
  • Threat Intelligence: Uses data to identify/respond to threats.
  • Traffic Analysis: Detects anomalies in network patterns.
  • Access Control: Ensures authorized user access.
  • Encryption: Protects data in transit and at rest.

By understanding these concepts, organizations can better protect their networks from threats and vulnerabilities.