Firewalls
Section and protect
Three main types:
Hardware-based- a standalone device that's part of your network stack
Software-based- run as a piece of software on a host or server
Embedded- work as a single function out of many on a single device- like a firewall that comes with a home router
Packet filtering- Inspects packets, accepts or rejects based on rules
Inbound Port 80 and Port 443 commonly used
Two types- stateless and stateful packet filtering
Stateless Packet Filtering- accept or reject based on IP address and port requested
Stateful Packet Filtering- tracks requests leaving the network used to eliminate IP spoofing
NAT filtering- filters traffic based on port and TCP or UDP connection
Application layer gateway- applies security mechanisms to specific applications. Resource-intensive, but is powerful.
Application layer gateway is a layer 7 firewall
Circuit-Level gateway works at session layer, ONLY inspects traffic during the establishment of the session over TCP or UDP
MAC filtering- filtering and preventing access based on MAC address
Access Control List: allow, explicit allow (example allow TCP 10.0.0.2 any port 80
, explicit deny (example deny TCP any any port 23
) implicit deny (deny TCP any any port any
).
Firewalls process traffic from first rule to last rule, when it meets a rule that matches, it stops the traffic
Layer 3- blocking IP addresses
Layer 4- blocking ports
WAF- web application firewall- installed on your server, inspects data being sent to and from. Useful to prevent XSS and SQL-injection attacks
Honeypots and honeynets
Use to attract and catch a would-be attacker
Honeypot: A single computer/file/group of files, or IP range that might be attractive to an attacker
Honeynets: A group of computers, servers, or an area of a network being used to attract
DLP systems- data loss prevention- analyze what's being sent out- also known as extrusion prevention systems (EPS) or Information Leak Protection (ILP)
Network based IDS- (NIDS) Attempts to detect, log, and alert on malicious network activities- like port scans and denial of service attacks- can be placed before or behind firewall. Can only detect, can't act, can only log
Network based IPS- (NIPS) Designed to inspect traffic AND, based on its configuration, attempts to remove, detain, redirect malicious traffic. NIPS can also perform functions as a protocol analyzer
Unified Threat Management- because one firewall is not enough! UTM is a single device that combines many other devicies and technologies into it- like firewall, NIDS/NIPS, content filter, anti-malware, DLP, VPN, often has a GUI instead of command line
Cloud computing
Cloud computing is a way of offering on-demand services that extend the traditional capabilities of a computer or network
Cloud computing relies heavily on virtualization
Microsoft Azure uses Secure Enclaves
Secure Volumes though, are a method of keeping data at rest, secure from prying eyes
Four different cloud types: Public, Private, Hybrid, Community
Google Drive is a Public Cloud service
Private- used by companies for example, with their own environment, servers, and resource use- US Government. Private clouds are chosen when security is more important than cost
Hybrid- mixture, rules about what type of data is hosted where
Community cloud- resources shared
SaaS- ordered from least to most vendor-equipped
IaaS
PaaS
SECaaS- Security as a Service- anti-malware products. Upside- quick updates. Downside- highly reliant on an internet connection.
65,536 ports for a computer to use
35 are worth memorizing
Source:
CompTIA Security+ (SY0-501)
https://www.udemy.com/course/securityplus/
Top comments (0)