Firewall [midtem] Flashcards
(37 cards)
controls traffic entering/exiting network interfaces
scans only 1 packet at a time
scans (protocol,src/dest IP address & TCP/UDP port)
low security - no scans above Layer 3 OSI (network)
high performance and scalebility
router at internet edge to filter out noise for firewalls
STATIC PACKET FILTERING
series of packets in/out of network
tracks state & characteristics of network connections connections tracked via state table
extra security (NAT & VPN)
new packets are compared to the state table
better security (scans Layer 3 and UP)
high performance, transparency & extensibility
state table can automatically adjust firewall
dynamic
STATEFUL PACKET INSPECTION (SPI)
network gateway between networks or security zones
does the same as SPI & SPF firewalls + more!
operates on Layer 7 with application awareness
filter based off apps, protocols and users (LDAP & AD)
very expensive $$$$
resource heavy (depending on security ft enabled)
single gateway device + security controls = Unified Threat Management (UTM)
Next Generation Firewall (NGFW) (third-gen)
firewall feature that is based on patterns or signatures…
Intrusion Detection System (IDS)
can reset or block connections based on patterns and signatures that perform malicious activities
Intrusion Prevention System (IPS)
inspects files travelling over the firewall for virus signatures, can detect and block malware BEFORE downloaded
Inline Antivirus
detects and blocks specific data structures from being exported
Data Loss Prevention (DLP)
block based on predetermined web site categorization (porn)
Web Proxy | Web Content Filtering
gateway placed before SMTP server for extra filtering
Email Filtering
- protects web applications
- inspects HTTP traffic going to and from web apps
- prevents attacks i.e: buffer overflows, cross site scripting (XSS) *token hi-jacking and SQL injection (SQLi) *injection attacks should not exist if setup correctly!
- sometimes a reverse proxy
- a proxy will sit between webserver and internet
Web Application Firewall (WAF)
- scans traffic flowing North South
- does not protect network from attacks originating from within network!
- analogous with trust but verify
Perimeter-Centric Approach
- removes assumption of trust and inspects all possible traffic
- made up of user and application identification
- content scanning to move trust boundary as close to resource as possible
- scans traffic in all directions North, South, East & West
- never trust!, always verify!
- protects internal network from lateral attacks
Zero Trust Security Model
connection-oriented
Connections start with 3-way handshake
connections end with session being terminated
Transmission Control Protocol (TCP)
- client sends server SYN packet to synchronize sequence numbers
- server responds with synchronization acknowledge, or SYN/ACK
- client sends acknowledge (ACK), and TCP connection is established
- data is now interchangeable between server & client
- SYN/ACK flags are contained IN the TCP header
TCP 3-Way Handshake
SYN—->
ACK
client sends FIN-ACK packet
server responds FIN-ACK
client responds final ACK packet
TCP Connection Termination
- are large port numbers(#) for clients source port(s)
- chosen at random!
- 49152-65535 recommended port range via IANA
Ephemeral Source Port
LISTEN (linux) LISTENING (windows) ------------------------------------ ESTABLISHED -------------------------------------- TIME-WAIT
TCP Connection States
Domain
Private
Public
Windows Firewall profiles
you can use __________________ to detect profile and enable rules based on profile….
Application Programming Interface (API)
if you want to secure devices even more when on public network you can use ___________
Group Policy Object (GPO)
• packet filtering framework on Linux kernel with;
i. Stateless packet filtering ii. Stateful packet filtering iii. Network Address Translation (NAT) iv. Port Address Translation (PAT)
Netfilter
code that handles intercepted function calls events or messages passed between the software components
Hook
standard firewall in Linux
configure view tables of packet filter rules
IPtables
+ nftables (modern varient)
i. packet protocol type
ii. source address
iii. destination address
iv. source port
v. destination port
vi. network interface being used
vii. relation to previous packets
IPtable definable Rules
