Security Infrastructure Flashcards
Firewall Types
Packet Filtering
Stateful
Proxy
Dynamic Packet Filtering
Kernel Proxy
Packet Filtering Firewall
Checks packet headers for traffic allowance based on IP addresses and port numbers
Cannot prevent certain attacks due to limited inspection capabilities in the packet header.
Proxy Firewall
Acts as an intermediary between internal and external connections, making connections on behalf of other endpoints.
Circuit Level - Like a SOCKS firewall, it operates at layer 5 of the OSI model (Session Layer).
Application Level - Conducts various proxy functions for each type of application at layer 7 of the OSI model (Application Layer)
Kernel Proxy Firewall (Fifth Generation Firewall)
Has minimal impact on network performance while thoroughly inspecting packets across all layers.
Next-Generation Firewall (NGFW)
Aims to address the limitations of traditional firewalls by being more aware of applications and their behaviors
Can distinguish between different types of traffic specific applications are sending into or out of a network.
Benefits:
Conducts deep packet inspection for traffic
Operates fast with minimal network performance impact
offers full-stack traffic visibility
integrates with various security products
Unified Threat Management Firewall (UTM)
It provides the ability to conduct multiple security functions in a single appliance.
Includes functionality from multiple devices:
Network firewalls
Network Intrusion Prevention Systems
Gateway Antivirus
VPN Concentration
Content Filtering
Load Balancing
DLP
NGFW has a single engine.
UTM has separate individual engines.
Web Application Firewall (WAF)
Focuses ont eh inspection of the HTTP traffic
Can function as a standalone appliances or as software integrated into web servers
Inline Configuration
Device sits between the network firewall and the web servers