DEV Community

UnicodeRogue
UnicodeRogue

Posted on

Perimeter Security notes

Firewalls

Section and protect
Three main types:
Hardware-based- a standalone device that's part of your network stack
Software-based- run as a piece of software on a host or server
Embedded- work as a single function out of many on a single device- like a firewall that comes with a home router

Packet filtering- Inspects packets, accepts or rejects based on rules
Inbound Port 80 and Port 443 commonly used
Two types- stateless and stateful packet filtering
Stateless Packet Filtering- accept or reject based on IP address and port requested
Stateful Packet Filtering- tracks requests leaving the network used to eliminate IP spoofing

NAT filtering- filters traffic based on port and TCP or UDP connection

Application layer gateway- applies security mechanisms to specific applications. Resource-intensive, but is powerful.
Application layer gateway is a layer 7 firewall

Circuit-Level gateway works at session layer, ONLY inspects traffic during the establishment of the session over TCP or UDP

MAC filtering- filtering and preventing access based on MAC address

Access Control List: allow, explicit allow (example allow TCP 10.0.0.2 any port 80, explicit deny (example deny TCP any any port 23) implicit deny (deny TCP any any port any).

Firewalls process traffic from first rule to last rule, when it meets a rule that matches, it stops the traffic

Layer 3- blocking IP addresses
Layer 4- blocking ports

WAF- web application firewall- installed on your server, inspects data being sent to and from. Useful to prevent XSS and SQL-injection attacks

Honeypots and honeynets
Use to attract and catch a would-be attacker

Honeypot: A single computer/file/group of files, or IP range that might be attractive to an attacker

Honeynets: A group of computers, servers, or an area of a network being used to attract

DLP systems- data loss prevention- analyze what's being sent out- also known as extrusion prevention systems (EPS) or Information Leak Protection (ILP)

Network based IDS- (NIDS) Attempts to detect, log, and alert on malicious network activities- like port scans and denial of service attacks- can be placed before or behind firewall. Can only detect, can't act, can only log

Network based IPS- (NIPS) Designed to inspect traffic AND, based on its configuration, attempts to remove, detain, redirect malicious traffic. NIPS can also perform functions as a protocol analyzer

Unified Threat Management- because one firewall is not enough! UTM is a single device that combines many other devicies and technologies into it- like firewall, NIDS/NIPS, content filter, anti-malware, DLP, VPN, often has a GUI instead of command line

Cloud computing

Cloud computing is a way of offering on-demand services that extend the traditional capabilities of a computer or network

Cloud computing relies heavily on virtualization

Microsoft Azure uses Secure Enclaves

Secure Volumes though, are a method of keeping data at rest, secure from prying eyes

Four different cloud types: Public, Private, Hybrid, Community

Google Drive is a Public Cloud service

Private- used by companies for example, with their own environment, servers, and resource use- US Government. Private clouds are chosen when security is more important than cost

Hybrid- mixture, rules about what type of data is hosted where

Community cloud- resources shared

SaaS- ordered from least to most vendor-equipped

IaaS

PaaS

SECaaS- Security as a Service- anti-malware products. Upside- quick updates. Downside- highly reliant on an internet connection.

65,536 ports for a computer to use

35 are worth memorizing

Source:
CompTIA Security+ (SY0-501)
https://www.udemy.com/course/securityplus/

Top comments (0)