Network services to enhance network security

Firewalls

Common firewall

Benefits of using a firewall

Limitations of firewall

Resistant to network attacks

All traffic flows through the firewall

Enforce the access control policy

Data from application cannot be passed over firewalls securely

Network performance can slow down

Sanitizes protocol flow

Blocks malicious data from servers and clients

Firewall Type Descriptions

Packet filtering (Stateless) firewalls

Application gateway firewalls (Proxy firewall)

Host-based (server and personal) firewall

Transparent firewall

Hybrid firewall

A combination of the various firewall types

A PC or server with firewall software running on it.

Filters IP traffic between a pair of bridged interfaces

Filters information at Layers 3, 4, 5, and 7

Permits or denies traffic based on Layer 3 and Layer 4 information

Stateful firewalls

Allows or blocks traffic based on state, port, and protocol

IDS and IPS

Both to detect pattern of misuse in network traffic

Both detect Atomic patterns(single-Packet) and composite patterns (Multi-Packet)

Specialize devices to enhance network security

Specialized Security Appliances

Cisco Advanced Malware Protection (AMP)

Cisco Web Security Appliance (WSA) with Cloud Web Security (CWS)

Cisco Email Security Appliance (ESA)

Traffic Control with ACLs

Limit network traffic to increase network performance

Provide traffic flow control

Provide a basic level of security for network access

Filter traffic based on traffic type

Screen hosts to permit or deny access to network services

SNMP

Allows administrators to manage end devices such as servers, workstations, routers, switches, and security appliances.

NetFlow

Provides data to enable network and security monitoring, network planning, traffic analysis, and IP accounting for billing purposes

Port Mirroring

Allows a switch to make duplicate copies of traffic passing

Syslog Servers

Allows networking devices to send their system messages across the network to syslog servers

NTP

Allows routers on the network to synchronize their time settings with an NTP server and use strata levels

Can be set up to synchronize to a private master clock or it can synchronize to a publicly available NTP server on the Internet

AAA Servers

Authentication

Authorization

Accounting and auditing

AAA authentication provides a centralized way to control access to the network.

Determine which resources the user can access and which operations the user is allowed to perform

Accounting records what the user does