Firewalls
Section and protect
Three main types:
Hardware-based- a standalone device that's part of your network stack
Software-based- run as a piece of software on a host or server
Embedded- work as a single function out of many on a single device- like a firewall that comes with a home router
Packet filtering- Inspects packets, accepts or rejects based on rules
Inbound Port 80 and Port 443 commonly used
Two types- stateless and stateful packet filtering
Stateless Packet Filtering- accept or reject based on IP address and port requested
Stateful Packet Filtering- tracks requests leaving the network used to eliminate IP spoofing
NAT filtering- filters traffic based on port and TCP or UDP connection
Application layer gateway- applies security mechanisms to specific applications. Resource-intensive, but is powerful.
Application layer gateway is a layer 7 firewall
Circuit-Level gateway works at session layer, ONLY inspects traffic during the establishment of the session over TCP or UDP
MAC filtering- filtering and preventing access based on MAC address
Access Control List: allow, explicit allow (example allow TCP 10.0.0.2 any port 80, explicit deny (example deny TCP any any port 23) implicit deny (deny TCP any any port any).
Firewalls process traffic from first rule to last rule, when it meets a rule that matches, it stops the traffic
Layer 3- blocking IP addresses
Layer 4- blocking ports
WAF- web application firewall- installed on your server, inspects data being sent to and from. Useful to prevent XSS and SQL-injection attacks
Honeypots and honeynets
Use to attract and catch a would-be attacker
Honeypot: A single computer/file/group of files, or IP range that might be attractive to an attacker
Honeynets: A group of computers, servers, or an area of a network being used to attract
DLP systems- data loss prevention- analyze what's being sent out- also known as extrusion prevention systems (EPS) or Information Leak Protection (ILP)
Network based IDS- (NIDS) Attempts to detect, log, and alert on malicious network activities- like port scans and denial of service attacks- can be placed before or behind firewall. Can only detect, can't act, can only log
Network based IPS- (NIPS) Designed to inspect traffic AND, based on its configuration, attempts to remove, detain, redirect malicious traffic. NIPS can also perform functions as a protocol analyzer
Unified Threat Management- because one firewall is not enough! UTM is a single device that combines many other devicies and technologies into it- like firewall, NIDS/NIPS, content filter, anti-malware, DLP, VPN, often has a GUI instead of command line
Cloud computing
Cloud computing is a way of offering on-demand services that extend the traditional capabilities of a computer or network
Cloud computing relies heavily on virtualization
Microsoft Azure uses Secure Enclaves
Secure Volumes though, are a method of keeping data at rest, secure from prying eyes
Four different cloud types: Public, Private, Hybrid, Community
Google Drive is a Public Cloud service
Private- used by companies for example, with their own environment, servers, and resource use- US Government. Private clouds are chosen when security is more important than cost
Hybrid- mixture, rules about what type of data is hosted where
Community cloud- resources shared
SaaS- ordered from least to most vendor-equipped
IaaS
PaaS
SECaaS- Security as a Service- anti-malware products. Upside- quick updates. Downside- highly reliant on an internet connection.
65,536 ports for a computer to use
35 are worth memorizing
Source:
CompTIA Security+ (SY0-501)
https://www.udemy.com/course/securityplus/
Top comments (0)