Please enable JavaScript.
Coggle requires JavaScript to display documents.
Network Security Fundamentals - Coggle Diagram
Network Security Fundamentals
Layered Security
A defense that uses multiple types of security devices to protect a network.
Layered network security can be achieved by using networking devices or hardware designed for security
Network Hardware
Provide basic level of security.
Classified based on their function in the OSI model
OSI Model
Breaks networking steps into seven layers
Each layer has different networking tasks and cooperates with adjacent layers
Switches, Routers, Load balancers, and Proxies
Switches
A network switch is a device that connects network devices together and operates at Data Link Layer (Layer 2)
Can determine which device is connected to each port, can forward frames sent to that specific device (unicast) or frames sent to all devices (broadcast) and uses MAC addresses to identify devices
An attacker attached to a switch will see only frames that are directed to that device and not others
Hubs
Earlier networks used to connect devices to a network
Repeated all frames to all attached network devices
Attackers could use a protocol analyzer to capture all packets and protocol analyzers could decode and analyze packet contents
Traffic Monitoring
Helps identify and troubleshoot network problems.
Traffic monitoring methods
Port mirroring
- Allows administrator to configure the switch to copy traffic that occurs on some or all ports to a designated monitoring port on the switch
Network tap
(test access point) - Separate device installed between two network devices
Routers
Forward packets across different computer networks and operate at Network Layer (Layer 3)
Can be set to filter out specific types of network traffic.
Load balancers
Help evenly distribute work across a network and allocate requests among multiple devices
Advantages of load-balancing technology
Reduces probability of overloading a single server, optimizes bandwidth of network computers and reduces network downtime
Load balancing is achieved through software or hardware device (load balancer)
Load balancers are grouped into two categories
Layer 4 load balancers
- Act upon data found in Network and Transport layer protocols.
Layer 7 load balancers
- Distribute requests based on data found in Application layer protocols.
Advantages of load balancing
Can detect and stop attacks directed at a server or application, can detect and prevent denial-of-service (DoS) and protocol attacks, can deny attackers information about the network, hide HTTP error pages and remove server identification headers from HTTP responses
Proxies
Proxy server
- A computer or an application program that intercepts user requests from the internal network and processes that request on behalf of the user
Application-aware proxy
- A special proxy server that “knows” the application protocols that it supports
Advantages of proxy servers
Increased speed, reduced costs, improved management, and stronger security
Reverse proxy – Does not serve clients and routes incoming requests to the correct server
Network Security Hardware
Network Firewalls
Can be software-based or hardware-based, both types inspect packets and either accept or deny entry and hardware firewalls are usually located outside the network security perimeter
Methods of firewall packet filtering
Stateless packet filtering
- Inspects incoming packet and permits or denies based on conditions set by administrator.
Stateful packet filtering
- Keeps a record of the state of a connection and makes decisions based on the connection and conditions
Firewall actions on a packet
Allow, Drop and Reject
Rule-based firewalls – Use a set of individual instructions to control actions
Application-Aware Firewalls / next-generation firewall (NGFW)
Operate at a higher level by identifying applications that send packets through the firewall and make decisions about actions to take
Web application firewall
Special type of application-aware firewall that looks deeply into packets that carry HTTP traffic and can block specific sites or specific types of HTTP traffic
Spam filters
Enterprise-wide spam filters block spam before it reaches the host.
Email systems use two protocols – Simple Mail Transfer Protocol (SMTP)
Handles outgoing mail – Post Office Protocol (POP) • Handles incoming mail
Spam filters installed with the SMTP server, Spam filters installed on the POP3 server,