Chapter 3

End Point Proctection & Management

End point security- a concept that assumes that each device (end point) is responsible for its own security

Host and sever based security component & technologies

c)anti-virus software

d)operating system patches

b)personal firewall

a)device hardening

Lock down unused port

disable unneeded services

access control list(ACL)

control device access

application which controls the network traffic to and from the computer

permit or deny communications based on a security policy

works as an application layer firewall

2 category firewall:

software: Norton Personal Firewall,McAfee

hardware: Linksys,Cisco's PIX

Features:

stops hackers

improve PC performance

blocks spyware

used to prevent,detect,and remove malware

a piece of software designed to fix problems with or update a computer program or its supporting data

e)intrusion detection and prevention systems

IDS- is designed to monitor all inbound and outbound network activity

IPS- can be any device that uses access control to guard systems from misuse of attacks

Firewall Components

Proxy Server

Authentication System

Packet Filters

Network Address Translation(NAT)

click to edit

a DMZ is a physical or logical sub-network that separates an internal local arae network(LAN) from other untrusted networks, usally the Internet

provides an additional layer of security to the LAN as it restricts th ability of hackers to directly access internal servers and data via the internet

Firewall Architecture

Packet-Filtering Routers(screening routers)

Screened-Subnet Architecture

Dual-Homed Host Architecture

Screened-Host Architecture(bastian host)

Packet Filtering

works at hte network layer of the OSI model

packet filter can permit or deny service advertisements on an interface

the basic method for proctecting the intranet border

VPN- an encrypted connection between private networks over a public network such as the terminal

Two types of VPN :

allows two hosts to exhance(swap over) data using a secure channel

the data stream(flow) is encrypted for security

a VPN can be configured as a connection between two endpoints or between many endpoints

we can connect two offices over an Internet connection, or connect several offices to create a secure private network

remote VPN clients are also supported

Remote Access VPN- extension/evolution of dial-up access

Site-to-Site VPN- extension of classic WAN

Bastian Host

a bastian is a specialized computer that is deliberately exposed on a public network perspective,it is the only node exposed to the outside world and is therefore veryprone attack

Honeypots

a honeypot is a computer system that is set up to act as a decoy to lure cyberattackers and to detect,deflect or study attempts to gain unauthorized access to information systems

Proxy Server

is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device,such as a computer and another server from which a user or client is requesting a service