Chapter 7
Network Security Fundamentals
Network Security Posture
Network Security Fundamentals
- Once information security and network security were virtually synonymous
- The network was viewed as the protecting wall around which client computers could be kept safe
- Not all applications are designed and written with security and reliability in mind, so falls to network to provide protection
- Network-delivered services can scale better for larger environments and can complement server and application functionality
Network Security Strategy
- Organizations should make network defenses one of first priorities in protecting information
Design of the network
Network technologies
Load Balancing
- Technology to help evenly distribute work across network
- Allocate requests among multiple devices
Advantages of load-balancing technology
Reduces probability of overloading a single server
Optimizes bandwidth of network computers
Reduces network downtime
Load Balancer Techniques
Layer 4 and Layer 7 load balancers can distribute work in different ways:
Based on a “round-robin” rotation to all devices equally
To devices that have the least number of connections
Proxies
- Person who authorized to act as substitute or agent on behalf of another human
- Proxy server - Computer or application that intercepts and processes user requests:
- If previous request has been fulfilled a copy of Web page may reside in proxy server’s cache
- If not, proxy server requests item from external Web server using its own IP address
Reverse Proxies
Does not serve clients but routes incoming requests to correct server
Reverse proxy’s IP address visible to outside users
Internal server’s IP address hidden
Network Security Hardware
- Specifically designed security hardware devices
- Greater protection than standard networking devices
Network Firewalls
Host-based application software firewall runs as program on one client
Hardware-based network firewall designed to protected an entire network
Both essentially same: to inspect packets and either accept or deny entry
Spam Filters
- Enterprise-wide spam filters block spam before it reaches the host
Email systems use two protocols:
Simple Mail Transfer Protocol (SMTP) - Handles outgoing mail
Post Office Protocol (POP) - Handles incoming mail
Virtual Private Network Concentrators
Virtual private network (VPN) - Uses unsecured network as if were secure
- All data transmitted between remote device and network is encrypted
Types of VPNs:
Remote-access VPN - User to LAN connection
Site-to-site VPN - Multiple sites can connect to other sites over the Internet
Internet Content Filters
Monitor Internet traffic and block access to preselected Web sites and files
Unapproved sites can be restricted based on:
Uniform Resource Locator (URL filtering)
Searching for and matching keywords such as sex or hate (content inspection)
Looking for malware (malware inspection)
Host-Based Intrusion Detection System (HIDS)
- Software-based application that runs on local host computer that can detect an attack as occurs
- HIDS relies on agents installed directly on system being protected
Disadvantages of HIDS:
Cannot monitor network traffic that does not reach local system
All log data is stored locally
Resource-intensive and can slow system
Network Intrusion Detection System (NIDS)
- Network intrusion detection system (NIDS) - Watches for attacks on network.
- NIDS sensors installed on firewalls and routers to gather information and report back to central device