CHAPTER 3 SECURITY DEVICES AND TECHNOLOGIES (3.4 DMZ(demilitarized zone)…
CHAPTER 3 SECURITY DEVICES AND TECHNOLOGIES
3.1 Firewall components
Four of component firewall
1) Packet filters
2) Proxy server
3) Authentication system
4) Network Address Translation (NAT)
3.2 Packet filtering
Three types of packet filtering
1) Stateful packet filtering
2) Stateless packet filtering
3.3 Firewall architecture
Four differentiate types of firewall architecture
1) Dual Homed Host
2) Screened Host
3) Screened Subnet
4) Screening router
3.4 DMZ(demilitarized zone) concepts
A DMZ is a physical or logical sub network that separates an internal local area network (LAN) from other untrusted networks, usually the internat
External facing servers, resources and service are located in the DMZ so they are accessible from the internet but the rest of the internal LAN remains unreachable
A more secure approach is to use two firewalls to create a DMZ.
3.5 Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
Intrusion Prevention System (IPS)
An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
Intrusion Detection System (IDS)
a device or software application that monitors a network or systems for malicious activity or policy violations. Any malicious activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system.
3.6 IDS framework, Signatures and tools
a knowledge based (signature based intrusion detection system (IDS) references a database of previous attack signatures and know system vulnerabilities.
privacy preservation IDS framework
collect SCADA data - select portions of important using PCC
apply EM for clustering normal and abnormal data
assess the performances of proposed privacy IDS technique
3.7 proxy server
proxy server (application gateway or forwarder) is a application between traffic and two network segment
proxies replace the filter so it can block the traffic from going through direclty
3.8 Bastion Host and Honeypots
Definition Bastion Host
a system identified by the firewall administrator as a critical strong point in the network security. generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software
a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.
3.9 Virtual Private Network (VPN) fundamentals
Allows two hosts to exchange (swap over) data using a secure channel.
the data stream (flow) is encrypted for security
A VPN can be configured as a connection between two endpoints or between many endpoints