Please enable JavaScript.
Coggle requires JavaScript to display documents.
15 - Secure Network Components - Strategic network components - Coggle…
15 - Secure Network Components - Strategic network components
Network Access Control (NAC)
Pre-admission philosophy: a system is required to meet all current security requirements (such as patch application and malware scanner updates) before it is allowed to communicate with the network
Post-admission philosophy: Allows and denies access based on user activity, which is based on a predefined authorization matrix
NAC options
Agent-based on hosts
Dissolvable
Web/mobile language, downloaded and executed to each local machine
Set to run once and terminate
Permanent
Installed onto the monitored system as a persistent software background service
Agent-less at network level
Firewall
Static Packet-Filtering Firewall (packets)
Apply rules to accept/deny network traffic (Layer 3 & 4)
Synonyms
Screening router
Stateless firewall
Advanced firewall
Synonyms
Multifunction Device (MFD)
Unified Threat Management (UTM)
Next-generation Firewall (NGFW)
Features
Application filtering
Deep packet inspection
TLS offloading and/or inspection
Domain name and URL filtering
IDS/IPS
Web content filtering
QoS management
Bandwidth throttling/management
NAT
VPN anchoring
Authentication services
Identity management
Antivirus scanning
Application-level firewall
Layer 7
Example: WAF
Circuit-level firewall (connections)
Synonyms
Circuit proxy
Layer 5
Stateless firewall
Checks the validity of connections, not packets.
Stateful Inspection Firewall
Synonyms
Dynamic packet filtering firewall
Correlate previous packets and current ones to make decisions
Layer 3 and up
Internal Segmentation Firewall (ISFW)
Commonly used in micro-segmentation architectures
To prevent the further spread of malicious code
Proxy server
Used to mediate between clients and servers
Proxy types
Forward proxy
Standard proxy
Reverse proxy
Forward traffic to corresponding server
Transparency
transparent proxy
Configured at network level
non-transparent proxy
Configured at host level with Proxy Auto-Config (PAC)
Content/URL filter
Endpoint security
Endpoint Detection and Response (EDR)
Managed Detection and Response (MDR)
Focuses on threat detection and mediation but is not limited to the scope of endpoints
Includes
SIEM
Network Traffic Analysis (NTA)
EDR
IDS
Endpoint Protection Platform (EPP)
Variation of EDR = equivalent of IPS for IDS
Four main security functions
Predict
Prevent
Detect
Respond
Extended Detection and Response (XDR)
Includes
EDR
MDR
EPP