Section 13: Network Security Infrastructure Part 2

Firewalls

serve as the security guards at the perimeter of a network

Firewalls often sit

in the network perimeter in between routers and the internet

Routers connect three networks together

• Internet

• Intranet

• DMZ

DMZ 

contains systems that must accept direct external communications

Stateless Firewalls

evaluate each connection independently 

Stateful Inspection

tracks open connections (used by modern firewalls)

Firewall Rule Contents

set of rules firewall should act upon based on certain characteristics

Firewall Rule characteristics

• Source System address

• Destination system address

• Destination port and protocol 

• Action (Deny or Allow)

Implicit Deny (Default Deny)

if the firewall receives traffic not explicitly allowed by a firewall rule, then that traffic must be blocked. 

NGFWs incorporate

contextual info into their decision making

Other Firewall Roles

• Content/URL filtering

• Web Application

• NAT Gateway

Firewall Deployment Options

• Network hardware vs host-based software 

• open-source vs proprietary

• hardware appliance vs virtual appliance

VPN Endpoints

• Firewalls

• routers

• servers

• VPN concentrators

IP Security

provides secure transport, but difficult to configure and works at network layer 3 and supports layer 2 Tunneling Protocol

IPSec often used for static site-to-site VPN tunnels

True

SSL/TLS VPNs work at the application layer over TCP port 443

True

HTML5 VPNs work entirely within the web browser

True

Full Tunnel VPN

All network traffic leaving the connected device is routed through the VPN tunnel, regardless of its final destination

Split Tunnel VPN

only traffic destined for the corporate network is sent through the VPN tunnel. Other traffic is routed directly over is routed directly over the Internet.

Split-tunnel VPNs provide users with a false sense of security

True

Always-on VPN

all corpo mobile devices are configured to automatically connect to the VPN whenever they are powered on

Network Access Control (NAC)

intercepts network traffic coming from unknown devices and verifies that the system and the user are authorized before allowing further communication

NAC uses

802.1x authentication

Supplicant

responsible for performing all of the NAC related tasks on behalf of user and system

Authenticator

receives credentials from the end user

Authentication server

is a centralized server that performs authentication for all of the authenticators on the network. 

NAC roles

• role-based access

• user and device authentication

• posture checking

Devices failing posture checks go

to quarantine VLAN

NAC can be implemented by

agent-based or agentless and Inline or out-of-band

Smart Devices

began with a desire for wireless network connectivity 

Smart devices require regular updates and you need to check for default passwords

true

Automatic updates

install w/o user’s knowledge or intervention

Manual Updates

requires that the user check and manually download installed updates

Firmware Version control

updates applied in an orderly fashion

Security Wrappers

vet requests for embedded systems

Smart devices require this to secure networks

Network Segmentation 

Network Segmentation

is the most important control for embedded devices