https://www.youtube.com/watch?v=XEqnE_sDzSk
Which characteristics make a network vulnerable to attacks?
Several characteristics make networks vulnerable to attack, including:
- System complexity
- Many points of attack
- Unknown boundary
- Resource and workload sharing
- Anonymity
What is a port scanner? How does a network admin use this tool?
Is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it. A network administrator or security analyst can use a port scanner to evaluate the strengths and weaknesses of a network.
A port scan or portscan can be defined as a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port. While not a nefarious process in and of itself, it is one used by hackers to probe target machine services with the aim of exploiting a known vulnerability of that service. However the majority of uses of a port scan are not attacks and are simple probes to determine services available on a remote machine.
What is a firewall? Which tasks can be fulfilled by a firewall?
A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.
A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.
Just as a brick wall can create a physical barrier, a firewall creates a barrier between the Internet and your computer.
A firewall isn't the same thing as an antivirus program. To help protect your computer, you need both a firewall and an antivirus and anti-malware program.
What is a firewall security policy? Name some examples!
A firewall security policy is a set of rules that a firewall relies upon to determine which traffic should be allowed to pass through a network boundary.
Examples of firewall security policy rules:
- Block all access from the outside, allow all access to the outside
- Allow access from outside
- Only for certain activities
- Only for certain sub-networks, hosts, applications, or users
Firewalls may have a default security policy:
- Default permit
- Anything that is not expressly prohibited is allowed
- Default deny
- Anything that is not expressly allowed is denied
What can be done by stateful inspection firewall?
A dynamic or "stateful" packet inspection firewall maintains a table of active TCP sessions and UDP "pseudo" sessions. Each entry records the session's source and destination IP address and port numbers, and the current TCP sequence number. Entries are created only for those TCP connections or UDP streams that satisfy a defined security policy. Packets associated with these sessions are permitted to pass through the firewall. Sessions that do not match any policy are denied, as are any packets received that do not match an existing table entry.
Stateful inspection is more secure than packet filtering because it only allow packets belonging to an allowed session. For example, instead of permitting any host or program to send any kind of TCP traffic on port 80, a stateful inspection firewall ensures that packets belong to an existing session. Furthermore, it can authenticate the user when the session is established, it can determine whether the packets really carry HTTP, and it can enforce constraints at the application layer (e.g., filtering URLs to deny access to black-listed sites).
What is an application proxy gateway? How does it increase security?
Also known as application proxy or application-level proxy, an application gateway is an application program that runs on afirewall system between two networks. When a client program establishes a connection to a destination service, it connects to an application gateway, or proxy
What is a circuit-level-gateway?
A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) connection security, and works between an Open Systems Interconnection (OSI) network model’s transport and application layers such as the session layer. Unlike application gateways, circuit-level gateways monitor TCP data packet handshaking and session fulfillment of firewall rules and policies.
A proxy server is a security barrier between internal and external computers, while a circuit-level gateway is a virtual circuit between the proxy server and internal client.
For example, when a user Web page access request passes through the circuit gateway, basic internal user information, such as IP address, is exchanged for proper feedback. Then, the proxy server forwards the request to the Web server. Upon receiving the request, the external server sees the proxy server’s IP address but does not receive any internal user information. The Web or real server sends the proxy server a proper response, which is forwarded to the client or end user via the circuit-level gateway.
What are guard firewalls? Which advantages do they have over application proxy gateways?
A firewall is designed to limit traffic to certain services, a guard aims to control the information exchange that the network communication is supporting at the business level. Further, unlike a firewall a guard provides assurance that it is effective in providing this control even under attack and failure conditions.
A guard will typically sit between a protected network and an external network, and ensure the protected network is safe from threats posed by the external network and from leaks of sensitive information to the external network.
A guard is usually dual-homed, though guards can connect more than two networks, and acts as a full application layer proxy, engaging in separate communications on each interface. A guard will pass only the business information carried by the protocols from one network to another, and then only if the information passes configured checks which provide the required protection.
Where is a personal firewall implemented? Can it replace a hardware firewall?
A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects.
The per-computer scope of personal firewalls is useful to protect machines that are moved across different networks. For example, a laptop computer may be used on a trustedintranet at a workplace where minimal protection is needed as a conventional firewall is already in place, and services that require open ports such as file and printer sharing are useful. The same laptop could be used at public Wi-Fi hotspots, where strict security is required to protect from malicious activity. Most personal firewalls will prompt the user when a new network is connected for the first time to decide the level of trust, and can set individual security policies for each network.
Name the six truths about firewalls!
- Exert only narrow control over the content that they allow to cross the network boundary
- Protect an environment only if they control the entire perimeter
- Systems should not contain any tools that could help an attacker who penetrates the firewall in subsequent exploits
- Do not protect data outside of the perimeter
- Must be properly configured, and their configuration settings must be periodically evaluated and updated
- From the outside, firewalls are the most visible component of a network, and are hence attractive targets for attack
Does NAT really increase the network security?
NAT does not add any real security to a network while it breaks almost any good concepts of a structured network design.
If you keep your network secure, it is no security leakage if the network is not hidden from the Internet by a NAT device. It is rather cumbersome that NAT breaks the end-to-end communication model and disrupts certain internet protocols.
The usage of NAT has several disadvantages, mainly because it breaks the end-to-end communication model which is essential for proper IP connections. For example, IPsec host-to-host tunnels cannot be used with NAT, the FTP protocol (active mode) does not work, VoIP (SIP) has troubles, and any other peer-to-peer protocols do not work out of the box if they need to establish connections to each other independently. To overcome this disadvantages, a few changes in the just mentioned protocols are proposed to use them also through NAT devices, called NAT traversal.
Sources:
http://en.wikipedia.org/wiki/Port_scanner
http://windows.microsoft.com/en-us/windows/what-is-firewall#1TC=windows-7
http://windows.microsoft.com/en-us/windows/understanding-firewall-settings#1TC=windows-7
https://www.netcetera.co.uk/Products/DedicatedServers/Additions/Firewall/
http://www.eircomictdirect.ie/docs/juniper/wp_firewall.pdf
http://en.wikipedia.org/wiki/Guard_(information_security)
http://www.wikiwand.com/en/Personal_firewall
http://www.slideshare.net/hiwashooter/personal-or-software-firewall
http://en.wikipedia.org/wiki/Network_address_translation
http://www.techopedia.com/definition/24780/circuit-level-gateway
Keine Kommentare:
Kommentar veröffentlichen