Domain 3
Cloud Infrastructures chapter 1:
The following models have a mix of shared responsibilities, SaaS, PaaS, LaaS and On Prem
On Prem is fully managed by the customer, while LaaS and backwards has the least to most provider management
Infrastructure as code: defines servers, network, and applications as code,
modify the infrastructure and create versions, multiple infrastructures can be created,
Function as a Service: server less architecture, Applications are separated into individual autonomous functions (removes the OS from the equation)
The developer still creates the server side logic, all OS security concerns the 3parties
Microservices and APIs: Monolithic is outdates
APIs: application programming interfaces, is glue for microservices work together to act as the application, scalable resilient, and security and compliance is better.
Network Infrastructure:
Physical Isolation: devices are physically separate(need air gap) to prevent communication with one another. (No opportunity of mixing data)
Virtual Local Area network: logical segmentations, separated logically instead of physically
Software Defined Network: 3 separate planes: data, control and management planes. Split the functions into separate logical units. Perfectly built for the cloud.
Infrastructure Layer(Data plane): process the network frames, and packets. Forwarding, trunking, and encrypting, NAT
Control Layer (Control plane)L manages the actions of the data plane, routing tables, session tables, nat tables, Dynamic routing protocol updates
Application layer(management plane): config changes, and manages traffic.
decentralized: most orgs are physically decentralized there are many locations, cloud providers, and OS it is difficult to manage and protect so many diverse systems.
Centralized: correlated alerts, consolidates log files analysis and comprehensive systems status and maintenance/patching.
virtualization: each vm needs its own os and adds overhead and complexing which is expensive but can run many different OS on the same hardware but need own instance for each OS
Containers: multiple applications are contained and can switch out and use the same host operating system the applications don’t interact with each other and are self contained.
IOT: weak defaults, not security professionals
SCADA(Supervisory Control and Data Acquisition System): larger machinery that are pieced together with network. IT is very large scale also known as multi-state industrial control Systems. (ICS) Required extensive segmentation, DOS (most secure in the works)
RTOS(Real time operating system): deterministic process scheduling there is no wait time for other processes, industrial equipment auto mobiles, military environments
Mean time to Repair(MTTR): the amount of time it takes to replace unavailable resources with available resources.
Secure Infrastructures Chapter 2:
Security zones: allows logically separate devices to a specific zone such as trusted or untrusted zone. It is more flexible an secure than IP address ranges. Simplifies security policies.
Application level Encryption: data is encrypted any data that is being passed within the application is encrypted
Network level encryption: that would include IPsec tunnels, VPN connections
Intrusion Prevention System(IPS): which stops it before it gets into the network. could be a known vulnerability there is also Intrusions detection system (IDS) that alerts you
Failure modes:
fail open: when a system fails and data continues to flow
fail close: when a system fails and data does not flow
Device connections
Active monitoring: system is connected inline and use IPS(watches real time) IPS could be blocking general could block more traffic than needed so its not always favorable
Passive monitoring: A copy of the network traffic is examined using a tap or port monitor, data can’t be blocked real time and intrusion detection is commonly passive (switch) (known as the IDS) Port mirror (SPAN_ or network tap (common with IDS)
jump server: access secure network zones it is a device inside the private networks that is hardened and monitored. usually a two step connection need SSH/TUnnel/VPN to the jump server and need proper auth. Compromising the jump server would be a significant breach.
Proxies server: sits in the middle of a conversation and makes requests. Communicates to the internet to the servers. and Validates the response is not malicious, could also could be used for caching and saves bandwidth and time. Could also perform URL filtering and content scanning
Load balancer: can provide tcp offload, ssl offload, and caching there can also be prioritization and content switching
Collectors: Details collected by the sensors are being sent to one centralized database called collectors, they sometimes use proprietary console that work with ips and firewalls Siem(security information and event manager) powerful reporting tool. Also includes the different types of log.
Extensible Auth Protocol(EAP): works with wireless access points 802.1x manages auth process on networks
IEEE 802.1x : port based network access control (NAC) cant access network until you authenticate
Network based firewall: filter traffic by port number or application OSI layer 4(tcp/udp) vs layer 5 and traditional vs NGFW( application based)
(unified threat management) UTM: URL filtering, malware inspection, spam filter, CSU/DSU, router swithc, firewall and IDS/ips can also be used as a bandwidth shaper or vpn endpoint
Only operate at layer 4 so look at ports,
NeXT gen firewall OSI layer : can be also known as application layer gateways state full multilayer inspection and deep packet inspection. Every packet must be analyzed. controls traffic flow based on application (looks at application) does not specifically look at only port
web application firewall: based input based on http/https major focus for payment card industry.
Cloud: On-demand access to a shared pool of configurable computing resources, such as storage, applications, and services over the Internet.
Responsibility matrix: A framework that delineates the responsibilities of different parties in a cloud computing environment.
Hybrid considerations: Factors involving the integration of private and public cloud services and infrastructure.
Third-party vendors: External providers that deliver various cloud computing services and solutions.
Infrastructure as code (IaC): A practice of managing and provisioning computing infrastructure through machine-readable definition files rather than through physical hardware configuration.
Serverless: A cloud computing execution model where the cloud provider dynamically manages the allocation of resources, allowing developers to build and run applications without dealing with server management.
Microservices: An architectural style that structures an application as a collection of small, loosely coupled services, independently deployable.
Network infrastructure: The hardware and software resources of a network that enable network connectivity, communication, operations, and management.
Physical isolation: The configuration where devices are physically separated to prevent unauthorized communication.
Air gapped: A security measure where a secure system is physically isolated from unsecured systems.
Logical segmentation: Dividing a network into separate segments that are distinct from each other without physical separation.
Software-defined networking (SDN): A network architecture that separates the control plane from the data plane, enabling easier management and configuration of network resources.
On-premises: Infrastructure that is deployed and operated on the premises of the organization rather than hosted in the cloud.
Centralized vs. decentralized: Centralized systems concentrate operations and resources in one location, while decentralized systems distribute them across various locations.
Containerization: The encapsulation of an application and its dependencies in a container that can run in any environment.
Virtualization: A technology that allows multiple virtual instances of operating systems to run on a single physical hardware system.
IoT (Internet of Things): A network of interconnected devices that communicate and exchange data using the Internet.
Industrial control systems (ICS)/supervisory control and data acquisition (SCADA): Systems used for industrial automation and control, managing large-scale machinery and processes.
Real-time operating system (RTOS): An operating system designed to serve real-time applications, ensuring that tasks are executed within specific timing constraints.
Embedded systems: Specialized computing systems that perform dedicated functions within larger systems, often embedded within hardware.
Chapter 10 notes
ACL default rule is to deny all
SIEM software: collects and analyzes data from various network sources to identify security events. Provide real time alerts, essential for a proactive defense network .
After ensuring the servers are secure you need to ensure the hosts are secure as well. EDR, MDM, and MFA are great for safeguard user devices from malware and unauthorized access.
Cloud Services:
Infrastructure as a service(IaaS): csp will provide network infrastructure (hardware devices for the network) default settings need to be reconfigured . Customers need to configure and patch devices and install an OS.
Software as a Service(Saas): these would be examples like goldmine and salesforce csp hosts a predefined software application accessed through a webserver.
Platform as a Service(Paas): offers developers the necessary environment to build application seamlessly. Applications that include the full suite like Azure, Mysql including IOS, android and window devices.
Security as a Service(SECaas): provides Identity and access management(IAM) which grants secure access to applications from anywhere at any time.
Anything as a service(Xaas): describes a multitude of other available cloud services such as network as a service(Naas)
data management: maintain control and visibility over data
third - party vendors: are external suppliers or service providers engaged by organizations to deliver specific products or services.
The following are risks associated with relying on third party vendors: Data breaches, security vulnerabilities, compliance challenges, operational disruptions.
Infrastructure as code (IaC): is the practice of defining and managing IT infrastructure through machine readable code or scripts. usually written in YAML and JSON the following are the benefits for having IaC : Efficiency redefined, consistency and reproducibility, version control and collaboration, and provider tools.
Serverless: is a type of computing that offloads operational overhead, enabling developers to focus solely on writing and deploying code. The CSP handles everything, no provision is required on the companies end. It good for applications that have heavy or unpredictable loads.
Customers are still responsible for the data in the application and managing the application.
Microservices: breaks down the application into a collection of smaller, self contained services that communicate with each other with APIs
Network infrastructure: is a mixture of networking devices, protocols, and routing packets that all work together in an interconnected environment.
Address resolution protocol: when connections are made to switch, each port is allocated to a MAC address. Is used to map an IP address to MAC address.
Layer 3 switch (multilayer switch): is network switch that operates at data link and network layer of the OSI model.
Load balancer: distributes incoming traffic evenly across multiple servers, ensuring efficient handling of high traffic loads.
NIPS: uses signature based detection, anomaly detection and behavior analyses to identify and prevent unauth access.
Air-gapped network: physically isolated, there are no devices within that network that have a cable or wireless connection from which data might be stolen.
subnetting: breaks down the network into smaller networks called subnets. reduces broadcast domain.
Virtual local area network: allows you to group multiple network ports together, creating a distinct and separate network within the larger network.
SDN(Software Defined Networking)
Management plane: monitors network traffic.
Control plane: servers as the networks brain, Centralized entity that makes high level decisions about traffic routing.
Data plane: consists of switches, routers, and access points. responsible for forwarding data packets based on instructions received from the control plane.
Centralized vs Decentralized
centralized organizations have a hierarchical structure where decision making authority is concentrated at the top. Decentralized is distributed decisions making authority across various levels.
Blockchain is an example of decentralized uses public ledger to record transactions
Containerization: bundles software into containers. They are portable, self sufficiently units that package all the essential components of an application including its code libraries dependencies and configurations. (allow deployment regardless of OS)
Virtualization: csp has total control over the image. only mouse clicks and keyboard strokes are exchanged between the desktop and the virtual machine.
IOT: embedded with sensors, software and connectivity capabilities. Can exchange data over central systems. real time data monitoring, automation and smarter decision making.
Cons: lack of standardization, data privacy concerns, insecure communications, lifecycle management, physical attacks, supply chain risks, user awareness
SCADA: monitoring, managing, and controlling industrial process, allowing for seamless coordination and oversight across different phases of production.
SCADA system runs on the same software as client computers and is vulnerable to the same threats. The below are the scada levels.
plant level: lowest level of scada includes the physical equipment and process on the factory floor
controller level: responsible for real time control of the physical processes. Includes Programmable logic controllers(PLC) that receive input from sensors on the plant floor
coordinating computer level: Human machine interface systems that provide a centralized view of the plants operations. Collect data from controller level display it to operations
programing logic controller level: manages and controls the overall production process. Needs to coordinate multiple production lines
SCADA is a prime target for cybercrime they deal with crucial services such as : energy, facilities, manufacturing, logistics, industrial
RTOS(real time operating systems): light control or navigation systems where everything happens in real time. ensure high priority tasks are executed within a predetermined time frame.
Geo-Zone Redundant Storage(GZRS):the data is duplicated across these various regions and zones dispersed regions
Chapter 11 Infrastructure Considerations:
Device Placement: Determines the strategic positioning of security Network is divided into three sperate zones LAN, screened subnet, WAN
LAN: ips, ids, load balancers, switches and sensors,
Screened subnet(DMZ): ips, ids, jump server, proxy server, reverse proxy load balancer, sensors
Demilitarized Zone (DMZ): is where you would place resources that can be accessed by both the trusted and untrusted zones (boundary layer between wan and lan as a buffer zone)
WAN: router and ACL (untrusted zone there is no control over it)
Fail-closed: when a problem is encountered it automatically goes into a closed or blocked state to prevent unauth access
fail open: defaults to pen state that allows for unrestricted access
device attributesL
active devices: are proactive force within your network security arsenal . Can block and mitigate threats in real time such as IPS
passive devices: observers such as ids without actively blocking traffic
inline: devices that are placed directly in the data path of network traffic. Firewalls are an example they control the inbound and outbound of the traffic
tap/monitor: tap into traffic and duplicate and monitor it does not affect orginal data flow packet sniffer
Network appliances:
Jump servers: connect via SSH or the remote desktop protocol and from there they access and manage servers switches routers and other internal network
Proxy server intermediary between clients seeking resources on the internet or external network. maintains log file of these requests to allow admins to track users internet usage.
url filtering: checks against a predefined list (like blocking social media during work hours)
content filtering: access to gambling websites can be blocked from key words like gambling or by category
web page caching: reduces bandwidth usage and increase browsing speed but real time stock data cant be cached due to its dynamic nature.,
reverse procy server: is placed in the boundry network performs authentication and decryption of secure sessions to enable it to filter incoming traffic.
Load balancer: 4 can balanced based on packet header, port number and destination address. layer 7 can be more sophisticated can be based on content based routing for web applications, apis, and servicers that require application level awareness.
Domain 3
Cloud Infrastructures chapter 1:
The following models have a mix of shared responsibilities, SaaS, PaaS, LaaS and On Prem
On Prem is fully managed by the customer, while LaaS and backwards has the least to most provider management
Infrastructure as code: defines servers, network, and applications as code,
modify the infrastructure and create versions, multiple infrastructures can be created,
Function as a Service: server less architecture, Applications are separated into individual autonomous functions (removes the OS from the equation)
The developer still creates the server side logic, all OS security concerns the 3parties
Microservices and APIs: Monolithic is outdates
APIs: application programming interfaces, is glue for microservices work together to act as the application, scalable resilient, and security and compliance is better.
Network Infrastructure:
Physical Isolation: devices are physically separate(need air gap) to prevent communication with one another. (No opportunity of mixing data)
Virtual Local Area network: logical segmentations, separated logically instead of physically
Software Defined Network: 3 separate planes: data, control and management planes. Split the functions into separate logical units. Perfectly built for the cloud.
Infrastructure Layer(Data plane): process the network frames, and packets. Forwarding, trunking, and encrypting, NAT
Control Layer (Control plane)L manages the actions of the data plane, routing tables, session tables, nat tables, Dynamic routing protocol updates
Application layer(management plane): config changes, and manages traffic.
decentralized: most orgs are physically decentralized there are many locations, cloud providers, and OS it is difficult to manage and protect so many diverse systems.
Centralized: correlated alerts, consolidates log files analysis and comprehensive systems status and maintenance/patching.
virtualization: each vm needs its own os and adds overhead and complexing which is expensive but can run many different OS on the same hardware but need own instance for each OS
Containers: multiple applications are contained and can switch out and use the same host operating system the applications don’t interact with each other and are self contained.
IOT: weak defaults, not security professionals
SCADA(Supervisory Control and Data Acquisition System): larger machinery that are pieced together with network. IT is very large scale also known as multi-state industrial control Systems. (ICS) Required extensive segmentation, DOS (most secure in the works)
RTOS(Real time operating system): deterministic process scheduling there is no wait time for other processes, industrial equipment auto mobiles, military environments
Mean time to Repair(MTTR): the amount of time it takes to replace unavailable resources with available resources.
Secure Infrastructures Chapter 2:
Security zones: allows logically separate devices to a specific zone such as trusted or untrusted zone. It is more flexible an secure than IP address ranges. Simplifies security policies.
Application level Encryption: data is encrypted any data that is being passed within the application is encrypted
Network level encryption: that would include IPsec tunnels, VPN connections
Intrusion Prevention System(IPS): which stops it before it gets into the network. could be a known vulnerability there is also Intrusions detection system (IDS) that alerts you
Failure modes:
fail open: when a system fails and data continues to flow
fail close: when a system fails and data does not flow
Device connections
Active monitoring: system is connected inline and use IPS(watches real time) IPS could be blocking general could block more traffic than needed so its not always favorable
Passive monitoring: A copy of the network traffic is examined using a tap or port monitor, data can’t be blocked real time and intrusion detection is commonly passive (switch) (known as the IDS) Port mirror (SPAN_ or network tap (common with IDS)
jump server: access secure network zones it is a device inside the private networks that is hardened and monitored. usually a two step connection need SSH/TUnnel/VPN to the jump server and need proper auth. Compromising the jump server would be a significant breach.
Proxies server: sits in the middle of a conversation and makes requests. Communicates to the internet to the servers. and Validates the response is not malicious, could also could be used for caching and saves bandwidth and time. Could also perform URL filtering and content scanning
Load balancer: can provide tcp offload, ssl offload, and caching there can also be prioritization and content switching
Collectors: Details collected by the sensors are being sent to one centralized database called collectors, they sometimes use proprietary console that work with ips and firewalls Siem(security information and event manager) powerful reporting tool. Also includes the different types of log.
Extensible Auth Protocol(EAP): works with wireless access points 802.1x manages auth process on networks
IEEE 802.1x : port based network access control (NAC) cant access network until you authenticate
Network based firewall: filter traffic by port number or application OSI layer 4(tcp/udp) vs layer 5 and traditional vs NGFW( application based)
(unified threat management) UTM: URL filtering, malware inspection, spam filter, CSU/DSU, router swithc, firewall and IDS/ips can also be used as a bandwidth shaper or vpn endpoint
Only operate at layer 4 so look at ports,
NeXT gen firewall OSI layer : can be also known as application layer gateways state full multilayer inspection and deep packet inspection. Every packet must be analyzed. controls traffic flow based on application (looks at application) does not specifically look at only port
web application firewall: based input based on http/https major focus for payment card industry.
Cloud: On-demand access to a shared pool of configurable computing resources, such as storage, applications, and services over the Internet.
Responsibility matrix: A framework that delineates the responsibilities of different parties in a cloud computing environment.
Hybrid considerations: Factors involving the integration of private and public cloud services and infrastructure.
Third-party vendors: External providers that deliver various cloud computing services and solutions.
Infrastructure as code (IaC): A practice of managing and provisioning computing infrastructure through machine-readable definition files rather than through physical hardware configuration.
Serverless: A cloud computing execution model where the cloud provider dynamically manages the allocation of resources, allowing developers to build and run applications without dealing with server management.
Microservices: An architectural style that structures an application as a collection of small, loosely coupled services, independently deployable.
Network infrastructure: The hardware and software resources of a network that enable network connectivity, communication, operations, and management.
Physical isolation: The configuration where devices are physically separated to prevent unauthorized communication.
Air gapped: A security measure where a secure system is physically isolated from unsecured systems.
Logical segmentation: Dividing a network into separate segments that are distinct from each other without physical separation.
Software-defined networking (SDN): A network architecture that separates the control plane from the data plane, enabling easier management and configuration of network resources.
On-premises: Infrastructure that is deployed and operated on the premises of the organization rather than hosted in the cloud.
Centralized vs. decentralized: Centralized systems concentrate operations and resources in one location, while decentralized systems distribute them across various locations.
Containerization: The encapsulation of an application and its dependencies in a container that can run in any environment.
Virtualization: A technology that allows multiple virtual instances of operating systems to run on a single physical hardware system.
IoT (Internet of Things): A network of interconnected devices that communicate and exchange data using the Internet.
Industrial control systems (ICS)/supervisory control and data acquisition (SCADA): Systems used for industrial automation and control, managing large-scale machinery and processes.
Real-time operating system (RTOS): An operating system designed to serve real-time applications, ensuring that tasks are executed within specific timing constraints.
Embedded systems: Specialized computing systems that perform dedicated functions within larger systems, often embedded within hardware.
Chapter 10 notes
ACL default rule is to deny all
SIEM software: collects and analyzes data from various network sources to identify security events. Provide real time alerts, essential for a proactive defense network .
After ensuring the servers are secure you need to ensure the hosts are secure as well. EDR, MDM, and MFA are great for safeguard user devices from malware and unauthorized access.
Cloud Services:
Infrastructure as a service(IaaS): csp will provide network infrastructure (hardware devices for the network) default settings need to be reconfigured . Customers need to configure and patch devices and install an OS.
Software as a Service(Saas): these would be examples like goldmine and salesforce csp hosts a predefined software application accessed through a webserver.
Platform as a Service(Paas): offers developers the necessary environment to build application seamlessly. Applications that include the full suite like Azure, Mysql including IOS, android and window devices.
Security as a Service(SECaas): provides Identity and access management(IAM) which grants secure access to applications from anywhere at any time.
Anything as a service(Xaas): describes a multitude of other available cloud services such as network as a service(Naas)
data management: maintain control and visibility over data
third - party vendors: are external suppliers or service providers engaged by organizations to deliver specific products or services.
The following are risks associated with relying on third party vendors: Data breaches, security vulnerabilities, compliance challenges, operational disruptions.
Infrastructure as code (IaC): is the practice of defining and managing IT infrastructure through machine readable code or scripts. usually written in YAML and JSON the following are the benefits for having IaC : Efficiency redefined, consistency and reproducibility, version control and collaboration, and provider tools.
Serverless: is a type of computing that offloads operational overhead, enabling developers to focus solely on writing and deploying code. The CSP handles everything, no provision is required on the companies end. It good for applications that have heavy or unpredictable loads.
Customers are still responsible for the data in the application and managing the application.
Microservices: breaks down the application into a collection of smaller, self contained services that communicate with each other with APIs
Network infrastructure: is a mixture of networking devices, protocols, and routing packets that all work together in an interconnected environment.
Address resolution protocol: when connections are made to switch, each port is allocated to a MAC address. Is used to map an IP address to MAC address.
Layer 3 switch (multilayer switch): is network switch that operates at data link and network layer of the OSI model.
Load balancer: distributes incoming traffic evenly across multiple servers, ensuring efficient handling of high traffic loads.
NIPS: uses signature based detection, anomaly detection and behavior analyses to identify and prevent unauth access.
Air-gapped network: physically isolated, there are no devices within that network that have a cable or wireless connection from which data might be stolen.
subnetting: breaks down the network into smaller networks called subnets. reduces broadcast domain.
Virtual local area network: allows you to group multiple network ports together, creating a distinct and separate network within the larger network.
SDN(Software Defined Networking)
Management plane: monitors network traffic.
Control plane: servers as the networks brain, Centralized entity that makes high level decisions about traffic routing.
Data plane: consists of switches, routers, and access points. responsible for forwarding data packets based on instructions received from the control plane.
Centralized vs Decentralized
centralized organizations have a hierarchical structure where decision making authority is concentrated at the top. Decentralized is distributed decisions making authority across various levels.
Blockchain is an example of decentralized uses public ledger to record transactions
Containerization: bundles software into containers. They are portable, self sufficiently units that package all the essential components of an application including its code libraries dependencies and configurations. (allow deployment regardless of OS)
Virtualization: csp has total control over the image. only mouse clicks and keyboard strokes are exchanged between the desktop and the virtual machine.
IOT: embedded with sensors, software and connectivity capabilities. Can exchange data over central systems. real time data monitoring, automation and smarter decision making.
Cons: lack of standardization, data privacy concerns, insecure communications, lifecycle management, physical attacks, supply chain risks, user awareness
SCADA: monitoring, managing, and controlling industrial process, allowing for seamless coordination and oversight across different phases of production.
SCADA system runs on the same software as client computers and is vulnerable to the same threats. The below are the scada levels.
plant level: lowest level of scada includes the physical equipment and process on the factory floor
controller level: responsible for real time control of the physical processes. Includes Programmable logic controllers(PLC) that receive input from sensors on the plant floor
coordinating computer level: Human machine interface systems that provide a centralized view of the plants operations. Collect data from controller level display it to operations
programing logic controller level: manages and controls the overall production process. Needs to coordinate multiple production lines
SCADA is a prime target for cybercrime they deal with crucial services such as : energy, facilities, manufacturing, logistics, industrial
RTOS(real time operating systems): light control or navigation systems where everything happens in real time. ensure high priority tasks are executed within a predetermined time frame.
Geo-Zone Redundant Storage(GZRS):the data is duplicated across these various regions and zones dispersed regions
Chapter 11 Infrastructure Considerations:
Device Placement: Determines the strategic positioning of security Network is divided into three sperate zones LAN, screened subnet, WAN
LAN: ips, ids, load balancers, switches and sensors,
Screened subnet(DMZ): ips, ids, jump server, proxy server, reverse proxy load balancer, sensors
Demilitarized Zone (DMZ): is where you would place resources that can be accessed by both the trusted and untrusted zones (boundary layer between wan and lan as a buffer zone)
WAN: router and ACL (untrusted zone there is no control over it)
Fail-closed: when a problem is encountered it automatically goes into a closed or blocked state to prevent unauth access
fail open: defaults to pen state that allows for unrestricted access
device attributesL
active devices: are proactive force within your network security arsenal . Can block and mitigate threats in real time such as IPS
passive devices: observers such as ids without actively blocking traffic
inline: devices that are placed directly in the data path of network traffic. Firewalls are an example they control the inbound and outbound of the traffic
tap/monitor: tap into traffic and duplicate and monitor it does not affect orginal data flow packet sniffer
Network appliances:
Jump servers: connect via SSH or the remote desktop protocol and from there they access and manage servers switches routers and other internal network
Proxy server intermediary between clients seeking resources on the internet or external network. maintains log file of these requests to allow admins to track users internet usage.
url filtering: checks against a predefined list (like blocking social media during work hours)
content filtering: access to gambling websites can be blocked from key words like gambling or by category
web page caching: reduces bandwidth usage and increase browsing speed but real time stock data cant be cached due to its dynamic nature.,
reverse procy server: is placed in the boundry network performs authentication and decryption of secure sessions to enable it to filter incoming traffic.
Load balancer: 4 can balanced based on packet header, port number and destination address. layer 7 can be more sophisticated can be based on content based routing for web applications, apis, and servicers that require application level awareness.
