Product Directory
Product Installation
Product Activation

Products > Security+ > Cram Notes

Security+ (SY0-401) Cram Notes

Previous        Next  

1. Network Security

1.1 Explain the security function and purpose of network devices and technologies

Firewalls: Firewalls protect against and filter out unwanted traffic. A firewall can be an individual device or can be added to a router. For example, most SOHO routers have a firewall built in, and Cisco Integrated Services Routers include the Cisco IOS Firewall. Regular routers, and routers with firewall functionality, have the ability to block certain kinds of traffic. For example, if the ICMP protocol has been blocked, then you would not be able to ping the router.

A personal firewall is software that resides on the end users computers. This is different from a regular firewall, in the sense that a personal firewall is geared to protect a single user computer.

The following are the basic types of firewall architectures:

a. Bastion host

b. Screened host gateway

c. Screened subnet gateway or DMZ

Hub: A hub is basically a multi-port repeater. When it receives a packet, it repeats that packet out each port. This means that all computers that are connected to the hub receive the packet whether it is intended for them or not. It's then up to the computer to ignore the packet if it's not addressed to it. This might not seem like a big deal, but imagine transferring a 50 MB file across a hub. Every computer connected to the hub gets sent that entire file (in essence) and has to ignore it.

Bridge: A bridge is a kind of repeater, but it has some intelligence. It learns the layer 2 (MAC) addresses of devices connected to it. This means that the bridge is smart enough to know when to forward packets across to the segments that it connects. Bridges can be used to reduce the size of a collision domain or to connect networks of differing media/topologies, such as connecting an Ethernet network to a Token Ring network.

Switch: A switch is essentially a multi-port bridge. The switch learns the MAC addresses of each computer connected to each of its ports. So, when a switch receives a packet, it only forwards the packet out the port that is connected to the destination MAC address. Remember that a hub sends the packet out every port.

Router: A router works at the logical layer of the IP stack. It is basically required to route packets from one network (or subnet) to another network (or subnet). In the given question, all the computers are within the same subnet and a router is inappropriate.

Gateway: A gateway works at the top layers of the TCP/IP stack. For example, a Gateway may be used to facilitate communication between a Unix mail server and a Windows mail server.

Load Balancer: A load balancer is used to distribute workload across multiple computers or a computer cluster. It could be done by a dedicated hardware or software.

Proxies: proxies also called as proxy servers cache website information for the clients, reducing the amount of requests that need to be forwarded to the actual corresponding web server on the Internet. These save time, use bandwidth efficiently also help to secure the client connections.

VPN ( Virtual Private Network): VPN is private network formed using public Internet. It is formed between two hosts using tunneling protocols such as PPTP, L2TP, etc. Using VPN, you can connect two LANs in geographically distant locations together, as if they were located in the same building. The cost of connecting these LANs together is small since public Internet is used for providing the WAN link.

The VPN can be implemented in any of the following combinations:

a. Gateway-to-gateway VPN: It is transparent to the end users.

b. Gateway-to-host VPN

c. Host-to-gateway VPN

d. Host-to-host VPN :This configuration provides the highest security for the data

The host-to-host configuration provides the highest security for the data. However, a Gate-to-Gateway VPN is transparent to the end users.

VPN concentrators allow for secure encrypted remote access.

Intranet: It is used by the employees within the organization.

Extranet : The customers and vendors of the company use this for order processing, and inventory control on-line.

NIDS (Network Intrusion Detection System): It is a type of IDS (intrusion detection system) that Detects malicious network activities. It constantly monitor the network traffic. A honeypot or honeynet is used to attract and trap potential attackers. Example Snort.

NIPS (Network Intrusion Prevention System): It is designed to inspect traffic, and based on its configuration or security policy, it can remove, detain, or redirect malicious traffic. It removes, detains, or redirects malicious traffic. Example MacAfee Intrushield.

Protocol Analyzer And Packet Analyzer (Sniffer): These are loaded on a computer and are controlled by the user in a GUI environment; they capture packets enabling the user to analyze them and view their contents. Example Network Monitor

Spam filters: Spam filters will help to filter out spam (unwanted e-mail). They can be configured in most e-mail programs or can be implemented as part of an anti-malware package

Network firewalls: These are also called as packet filters and these operate at low level of the TCP/IP stack. These do not allow packets to pass through unless they meet some established set of rules.

Application Firewall: It can control the traffic associated with specific applications. These work on the application layer of TCP/IP stack. These inspect each packet traveling to and from an application like browser, telnet and block them if they are improper according to set rules.

URL Filtering: URL filtering is used categorize the websites on the internet. You can allow/block specific website access to o the web users of the organization. This can be done by referring to central database or by classifying the websites in real time. URL filtering can also be made applicable only during certain times of a day or days of a week, if required.

Content inspection: Content inspection is the process in which user data is actively monitored for malicious elements, and bad behavior according to configured policies before allowing or denying the content to pass through the gateway and enter into the network. This prevents any confidential data going outside the network.

Previous        Next

Contact Us