CompTIA Security+ Notes on Infrastructure Security

Module Objectives

• By the end of this module, you should be able to:
  • List the different types of security appliances and how they can be used.
  • Describe security software protections.
  • Explain how a secure design can aid in mitigating attacks.
  • Describe different access technologies and how they can be used.

Security Appliances

• Gap Analysis: Comparison of the organization’s security posture against recommended controls.
• Segmentation: Dividing a network into segments to enhance security and monitoring.
• Isolation: Keeping attack surfaces separate to limit the impact of an attack.
• Least Privilege: Granting minimal access necessary for users/devices.
• Configuration Enforcement: Applying security measures to reduce vulnerabilities.
• Decommissioning: Removing outdated technologies to minimize risks.
• Removal of Unnecessary Software: Deletes non-essential software to reduce attack vectors.
• Device Placement: Physical security of critical devices.

Common Network Devices

1. Network Switch

• Connects devices and learns MAC addresses to manage traffic.
• Hardening practices: Implementing port security, configuring defenses.
• Common Attack: MAC flooding.

2. Router

• Forwards frames across networks and filters traffic via Access Control Lists (ACLs).
• Protects against IP spoofing (antispoofing).

3. Server

• Distributes resources; hardening steps include:
  • Applying patches.
  • Monitoring.
  • Controlling access permissions.
  • Removing unnecessary software.
  • Securing physical location.

4. Load Balancer

• Distributes network traffic, detects/stops attacks, and provides security advantages like hiding server details.

Infrastructure Security Hardware

Firewalls

• Bidirectional Inspection: Examines outgoing/incoming packets based on rules.
• Policy-Based Firewalls: Flexible, allowing general rules instead of specific ones.
• Common Actions:
  • Allow: Explicitly permit traffic matching rules.
  • Deny: Block all traffic matching a rule.
  • Bypass: Allow traffic to evade the firewall under specific conditions.

Firewall Types

• Hardware vs. Software.
• Host vs. Appliance vs. Virtual.
• Stateful vs. Stateless.

Specialized Firewall Appliances

• Web Application Firewall: Filters and monitors HTTP traffic.
• Next-Generation Firewall: Deep packet inspection capabilities.
• Layer 7 Firewall: Filters traffic based on application/protocol.

Proxy Servers

• Acts on behalf of devices to forward requests (forward proxy) or route internal responses (reverse proxy).

Deception Technology

• Directs threats away from valuable assets; utilizes technologies like honeypots (for deception) and honeynets (network of honeypots).

Intrusion Detection/Prevention Systems (IDS/IPS)

• IDS: Detects attacks in real time.
• IPS: Blocks attacks actively.
• Inline vs. Passive Systems: Inline flows with network traffic; passive monitors via port mirroring.

Software Security Protections

Web Filtering

• Monitors web traffic, employing various scanning methods:
  • Browser scanning.
  • Agent-based scanning.
  • Cloud scanning.

DNS Filtering

• Blocks harmful content by controlling DNS resolutions.

Secure Infrastructure Design

• Infrastructure should provide general access in some areas with tighter controls in more sensitive areas.
• Air-gapped Network: Completely isolated from others.
• Segmentation: Physical and logical to enhance security.

Access Technologies

• Remote Access: Requires secure communication.
  • Common technologies include VPN and NAC.

Virtual Private Network (VPN)

• Allows secure connections over public networks.
• Types:
  • Remote access VPN: User to network.
  • Site-to-Site VPN: Network to network.

Network Access Control (NAC)

• Examines the state of endpoints before granting access, using both hardware and software verification.

Summary

• Understand types of security appliances, software protections, secure design principles, and access technologies to enhance network security effectively.