This document discusses various network security concepts including VLANs, VPNs, firewalls, intrusion detection/prevention systems, and secure/unsecure application protocols. It defines network-based and host-based firewalls, describes common firewall technologies like ACLs and DMZs, and examines features such as content filtering, signature identification, and zones. The document also covers intrusion detection systems, access control principles and models, and ways to secure network devices and configuration.
1. VLAN & VPNs
Physical and Hardware Security
By
MSc. Kaki A.(azadkaki@live.co.uk)
@MahabadNetworkAdmin
Network+
N10-006 from CompTIA IT Certification
2. VLAN & VPNs
Using Hardware and Software
Security Devices
The DMZ is used to create a
security zone that allows
public traffic but the traffic is
isolated from the company
private network
3. VLAN & VPNs
Defining Firewalls
Firewalls are usually a combination of hardware and software. The hardware
part is usually a router, but it can also be a computer or a dedicated piece of
hardware called a black box that has two Network Interface Cards (NICs) in it.
The software part is configured to control how the firewall actually works to
protect your network by scrutinizing each incoming and outgoing packet and
rejecting any suspicious ones.
4. VLAN & VPNs
Defining Firewalls
Network-Based Firewalls
Host-Based Firewalls
A network-based firewall is what companies use to protect their
private network from public networks. The defining characteristic
of this type of firewall is that it’s designed to protect an entire
network of computers instead of just one system, and it’s usually
a combination of hardware and software.
5. VLAN & VPNs
Defining Firewalls
Network-Based Firewalls
Host-Based Firewalls
a host-based firewall is implemented on a single machine so it
only protects that one machine This type of firewall is usually a
software implementation, because you don’t need any additional
hardware in your personal computer to run it.
6. VLAN & VPNs
Firewall Technologies
Access Control Lists(ACL)
Standard ACLs
Extended ACLs
Inbound ACLs
Outbound ACLs
8. VLAN & VPNs
Firewall Technologies
Protocol Switching Protocol switching protects data on the inside of a firewall
Use a protocol other than TCP/IP on the internal network inside the firewall. IP-based
attacks aimed at your development server just can’t work if you use Internetwork Packet
Exchange (IPX) on the internal-network side of a router, which gives you an automatic
firewall.
Use TCP/IP on both the internal network and the Internet, and use a different protocol
like IPX in a dead zone between them. Basically, you’ll have things set up to switch from
IP to IPX in that dead zone and switch back to IP again once inside your network.
10. VLAN & VPNs
Firewall Technologies
Dynamic Packet Filtering
Packet filtering
refers to the
ability of a router
or a firewall to
discard packets
that don’t meet
The right criteria.
13. VLAN & VPNs
Firewalls at the Application
Layer vs. the Network Layer
Stateful vs. Stateless Network-Layer Firewalls
Application-layer Firewalls
14. VLAN & VPNs
Scanning Services and Other Firewall Features
Most firewalls are capable of performing scanning services, which means that they scan
different types of incoming traffic in an effort to detect problems
Content Filtering
Zones
content filtering means blocking data based on the content
of the data rather than the source of the data
Signature Identification
15. VLAN & VPNs
Scanning Services and Other Firewall Features
Most firewalls are capable of performing scanning services, which means that they scan
different types of incoming traffic in an effort to detect problems
Content Filtering
Signature Identification
Zones
Firewalls can also stop attacks and problems through a process
called signature identification. Viruses that are known will have a
signature, which is a particular pattern of data, within them.
Firewalls (and antivirus programs) can use signatures to identify a
virus and remove it. The same holds true for other software bugs
such as worms and spyware.
16. VLAN & VPNs
Scanning Services and Other Firewall Features
Most firewalls are capable of performing scanning services, which means that they scan
different types of incoming traffic in an effort to detect problems
Content Filtering
Signature Identification
Zones
A zone is an individual area of the network that has been
configured with a specific trust level. Firewalls are ideal
devices to regulate the flow of traffic between zones
17. VLAN & VPNs
Intrusion-Detection and –Prevention Systems
Misuse-Detection IDS (MD-IDS)
It works by looking for fingerprints. That’s right—I said fingerprints,
which in this case means strange or abusive use of the network.
IDS sends up an alarm only if it recognizes the fingerprints typical of
attackers
18. VLAN & VPNs
Intrusion-Detection and –Prevention Systems
Anomaly-Detection IDS (AD-IDS)
An AD-IDS basically watches for anything out of the ordinary; if it
discovers fingerprints where there shouldn’t be any, it will send out
an alert. And a really cool feature is that it’s known as a smart system
because it learns on the go by keeping track of and building a history
of network activity for norms to compare unusual activity to
25. VLAN & VPNs
Access-Control Principles
Utilize implicit denies
Follow the least-privilege model
Separate out administrative duties
Rotate administrator jobs
26. VLAN & VPNs
Access-Control Models
Mandatory Access Control
Discretionary Access Control
Role-Based Access Control
Rule-Based Access Control