Domain 4 Communication and Network Security
Domain 4 Communication and Network Security
Domain 4 Communication and Network Security
Security
Secure network architecture design (IP and non-IP protocols, segmentation) –
Firewall and DMZ questions appear on the test
Secure network components
Secure communication channels – Encrytion like TLS vs SSL all the way to
which way to point satellite dishes
Network attacks – know of ping of death, tear drop, and every other DOS attack
Secure Network Design and Components
Bastion host
Exposed to the internet
Hardened – You expect an attack, it’s your front line
Screened subnet
A bastion host between an internal and an external firewall
MOST SECURE
Proxy Server
Can be used outbound or inbound to mask a client’s identity
Secure Network Design and Components
Honeypots
Lure bad people into doing bad things
Lets you watch or monitor them
Entice:
Attract by temptation
Does not mean someone downloads a file
Entrap:
Catch someone in a trap
Downloads a payroll file
Firewalls
Stateless:
Stateless firewalls watch network traffic and restrict or block packets based on source
and destination addresses or other static values. They are not aware of traffic patterns
or data flows. A stateless firewall uses simple rule-sets that do not account for the
possibility that a packet might be received by the firewall “pretending” to be
something you asked for. Typically faster and perform better under heavy loads.
Stateful:
Stateful firewalls can watch traffic streams from end to end. They are aware of the
communication paths and can implement various IP security (IPSec) functions such as
tunnels and encryption. In technical terms, this means that stateful firewalls can tell
what stage a TCP connection is in (Open, Open sent, synchronized, synchronization
acknowledge or established), it can tell if the MTU has changed, whether packets have
fragmented, etc. Better at identifying unauthorized and forged communications.
Firewalls
Stateless:
Stateless firewalls watch network traffic and restrict or block packets based on source
and destination addresses or other static values. They are not aware of traffic patterns
or data flows. A stateless firewall uses simple rule-sets that do not account for the
possibility that a packet might be received by the firewall “pretending” to be
something you asked for. Typically faster and perform better under heavy loads.
Stateful:
Stateful firewalls can watch traffic streams from end to end. They are aware of the
communication paths and can implement various IP security (IPSec) functions such as
tunnels and encryption. In technical terms, this means that stateful firewalls can tell
what stage a TCP connection is in (Open, Open sent, synchronized, synchronization
acknowledge or established), it can tell if the MTU has changed, whether packets have
fragmented, etc. Better at identifying unauthorized and forged communications.
IDS/IPS
Intrusion Detection
A device or application that analyzes whole packets looking for known events. A log is
generated detailing these events.
Intrusion Prevention
A device or application that analyzes whole packets, both header and payload, looking
for known events. When a known event is detected the packet is rejected (inline mode
only).
Secure Communication channels