Video Content Lesson 8 Flashcards
Network Devices
Hubs Bridges Switches Routers Gateways Firewalls
Hubs
Operates at physical layer
often also called (concentrator, repeater, multistation access unit MAU)
works by (all inbound traffic is echoed to all connected devices) (produces lots of excess traffic on network)
Used to connect multiple LAN devices (an in Star typologies)
Bridges
Operates at Data-link layer
Forwards messages from one network segment to another network segment
Can filter traffic based on the data-link layer address
used to bridge two networks (can be using different protocols)
Switches
Operates at Data-link layer (some at network layer)
Only forward packets to the specific port where the destination machine is located
can be used to increase performance of network by decreasing network bandwidth utilization
Only sends message to one destination machine by looking at data-link layer address
parallel transmission is possible (machine A transmits to B while C to D)
Routers
Operates at network layer (generally)
Read network address (IP) of the destination and forward the packet to that network
work at higher level don’t need to bridge networks of different types
Gateways
generally software products
often used to translate between dissimilar network protocols (high level)
copy packets from one network protocol to another protocol
all the way to application layer filtering
Firewalls
several types of firewalls
generally operate at network layer (can at application)
can perform sophisticated or simplistic filtering
look at packets desiring to enter/exit network (does it make sense to let it through)
Most common first point of contact for attackers
Attackers look for ways through or around firewall
look for open ports
Firewalls
1st Generation 2nd and 3rd Generation 4th and 5th Generaion Packet Filtering Router Screened Host Dual-Homed Host Screened Subnet
1st Generation
Packet filtering
operates at network or transport layer
Examines source and target addresses and target port
uses ACLs to accept or deny packet (drop packet-don’t tell that it’s denied)
Easily fooled by spoofing
2nd and 3rd Generation
Application Layer Gateway filter (proxy) (2nd Gen)
Operates at Application layer
Copies packets from one network to another
Changes the source and destination address from original packet (protects the identity of the true source machine)
Can filter content of message
Stateful Inspection (3rd Gen)
Similar to 1st Gen but also looks at state of connection
if packet is part of previous connection will allow packet through as it is expected
4th and 5th Generaion
Dynamic Filtering (4th Gen)
Combination of Application Layer and stateful inspection firewalls
Rules can be determined dynamically
Works well with UDP traffic
UDP is a connectionless protocol
Every packet is a separate datagram and not part of a connection
Once you receive original UDP packet from source machine can make filtering and firewall rules
Kernel Proxy (5th Gen)
Multilevel firewall integrated into the OS kernel
Being an internal firewall it increases Performance and Security as it operates dynamically
Firewall Architecture (4 types)
1-Packet filtering router
2-Screened Host
3-Dual Homed Host
4-Screened Subnet (DMZ)
Packet Filtering Router
Oldest and most common
Firewall placed between untrusted and trusted networks
uses ACLs to determine whether or not to allow packets to pass through it (filter packets)
look at source, destination, port
filters incoming and outgoing packets
Screened Host
Packet filtering router plus application gateway (placed between untrusted and trusted networks)
Bastion Host is placed between firewall (router) and trusted network
Provides packet filtering and proxey services (filters higher level packets that make it through the firewall)
Dual-Homed Host
Similar to screen host, except bastion hast has two NICs
One NIC is connected to the trusted network
The other NIC is connected to the untrusted network
Also has 2 routers–Untrusted Network, Router, Bastion Host, Router, Trust Network
Allows Bastion Host to filter packets and copy to other network
Screened Subnet (DMZ)
Almost identical to Dual-Homed Host with addition of subnet attached to Bastion Host
This is where Web Server is placed
Port 80 and 443 (HTTPS) (HTTP)
Can make a secure connection between web server and trusted network
Security Protocols and Services
TCP-IP Network Layer Security Protocols Transport Layer Security Protocols Application Layer Security Protocols Multiple layers in OSI reference Model (each layer has different protocols)
TCP/IP
Transmission Control Protocol/Internet Protocol
Operates at Transport and Network Layers
This is the most common protocol
It is actually a suite-combination of two different layers and protocols
TCP (splits outbound messages into packets and passes packets down to the next layer, IP; Assembles inbound messages in the correct order into a message and passes it up to the next layer)
IP (Manages addressing the packets and getting them to their destination)
Network Layer
IPSec - ensures IP confidentiality and integrity; Uses either ESP (Encapsulation Security Payload) (for confidentiality) or AH (Authentication Header) (for authentication) to secure packets
Standard protocol used to implement VPNs
Operates in 2 modes- 1 Transport Mode (clear text header with encrypted payload) and 2 Tunnel mode (encrypted payload and header) primarily used to connect two different networks (use VPN connection to the gateways of networks)
Transport Layer
SWIPE (Network layer security protocol for IP (provides confidentiality, integrity, and availability))
SKIP (Simple Key Management for Internet Protocols) (provides high availability using encryption at transport level)
SSL (Secure Sockets Layer) (most commonly used for secure Web application communication) (communication for web browser to web server for secure communication)
TLS (Transport Layer Security) (replaced SSL) (implements secure communication through the use of encryption) (NOTE: Encryption ONLY takes place between the browser and web server)
Application Layer
S/MIME (Secure MIME)
Protocol that secures e-mail using the Rivest-Shamir-Adleman encryption system
SET (Developed by Visa and MasterCard to authenticate both sender and receiver; uses digital certificates and signatures to provide data confidentiality and integrity) (dual action, two-way protocol)
PEM (developed by IETF for secure e-mail)
SDLC-HDLC
Synchronous Data Link Control (SDLC) (Developed by IBM to ease connections to mainframe computers)(Submitted to ISO who took and expanded it to form HDLC)
High-level Data Link Control (HDLC)(Derived from SDLC, HDLC provides both point-to-point and multipoint configurations) USED for WAN and Mainframe connections
Frame Relay
High performance WAN protocol Cost efficient data transfer uses NO error correction if receive defective packet discard it and have it retransmitted cheaper to resend packet
ISDN
Integrated Services Digital Network (ISDN)
Service that allows voice and digital to b e combined on same channel
Combination of digital telephony and data trasport services
Target of this was small businesses
Allows voice and digital communication over existing wires
2 basic variations-1-Basic Rate Interface (BRI) and 2-Primary Rate Interface (PRI)
for Small business and large businesses
BRI got two 64-KB channels and one 16-KB channel or 128-KB Channel
PRI got twenty-three 64-KB channel and one 16-KB Channel (or mix as desired)
