Chapter 3
End Point Proctection & Management
End point security- a concept that assumes that each device (end point) is responsible for its own security
Host and sever based security component & technologies
c)anti-virus software
d)operating system patches
b)personal firewall
a)device hardening
Lock down unused port
disable unneeded services
access control list(ACL)
control device access
application which controls the network traffic to and from the computer
permit or deny communications based on a security policy
works as an application layer firewall
2 category firewall:
software: Norton Personal Firewall,McAfee
hardware: Linksys,Cisco's PIX
Features:
stops hackers
improve PC performance
blocks spyware
used to prevent,detect,and remove malware
a piece of software designed to fix problems with or update a computer program or its supporting data
e)intrusion detection and prevention systems
IDS- is designed to monitor all inbound and outbound network activity
IPS- can be any device that uses access control to guard systems from misuse of attacks
Firewall Components
Proxy Server
Authentication System
Packet Filters
Network Address Translation(NAT)
click to edit
a DMZ is a physical or logical sub-network that separates an internal local arae network(LAN) from other untrusted networks, usally the Internet
provides an additional layer of security to the LAN as it restricts th ability of hackers to directly access internal servers and data via the internet
Firewall Architecture
Packet-Filtering Routers(screening routers)
Screened-Subnet Architecture
Dual-Homed Host Architecture
Screened-Host Architecture(bastian host)
Packet Filtering
works at hte network layer of the OSI model
packet filter can permit or deny service advertisements on an interface
the basic method for proctecting the intranet border
VPN- an encrypted connection between private networks over a public network such as the terminal
Two types of VPN :
allows two hosts to exhance(swap over) data using a secure channel
the data stream(flow) is encrypted for security
a VPN can be configured as a connection between two endpoints or between many endpoints
we can connect two offices over an Internet connection, or connect several offices to create a secure private network
remote VPN clients are also supported
Remote Access VPN- extension/evolution of dial-up access
Site-to-Site VPN- extension of classic WAN
Bastian Host
a bastian is a specialized computer that is deliberately exposed on a public network perspective,it is the only node exposed to the outside world and is therefore veryprone attack
Honeypots
a honeypot is a computer system that is set up to act as a decoy to lure cyberattackers and to detect,deflect or study attempts to gain unauthorized access to information systems
Proxy Server
is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device,such as a computer and another server from which a user or client is requesting a service