assignment 1 firewall, Study notes of English Language

assignment 1 firewallassignment 1 firewallassignment 1 firewallassignment 1 firewall

Typology: Study notes

2018/2019

Uploaded on 12/14/2021

nam-nguyen-21
nam-nguyen-21 🇻🇳

4.9

(15)

10 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1.1. Firewall.
A firewall is defined as a cybersecurity tool that monitors incoming and outgoing
network traffic and permits or blocks data packets based on a set of cybersecurity rules.
Firewalls are generally deployed to isolate network nodes from egress and ingress data
traffic or even specific applications. Firewalls operate by using software, hardware, or cloud-
based methods for safeguarding the network against any external attack. The primary
objective of a firewall is to block malicious traffic and data packets while allowing legitimate
traffic to pass through.
Firewalls scrutinize inbound traffic based on predefined security rules and filter traffic
coming from unsecured or suspicious sources to prevent attacks. Traffic is guarded at a
computer’s entry point called ports, where information is actually exchanged with external
devices. Consider an example where source address ‘198.21.1.1’ is allowed to reach
destination ‘198.21.2.1’ over port 22. Here, port 22 is looked at as a point of data exchange,
and therefore firewall safeguards it against intruder attacks.
1.2. Key Components of a Firewall.
1.2.1. Network policy.
The design, installation, and use of a firewall in a network are largely influenced by two
levels of network policy — the higher-level policy and the lower-level policy.
- The higher-level policy is an issue-specific network access policy that defines
services that are allowed or explicitly denied from the restricted network, how
they would be used, and the conditions for exceptions to this policy.
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download assignment 1 firewall and more Study notes English Language in PDF only on Docsity!

1.1. Firewall.

A firewall is defined as a cybersecurity tool that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of cybersecurity rules. Firewalls are generally deployed to isolate network nodes from egress and ingress data traffic or even specific applications. Firewalls operate by using software, hardware, or cloud- based methods for safeguarding the network against any external attack. The primary objective of a firewall is to block malicious traffic and data packets while allowing legitimate traffic to pass through. Firewalls scrutinize inbound traffic based on predefined security rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Traffic is guarded at a computer’s entry point called ports, where information is actually exchanged with external devices. Consider an example where source address ‘198.21.1.1’ is allowed to reach destination ‘198.21.2.1’ over port 22. Here, port 22 is looked at as a point of data exchange, and therefore firewall safeguards it against intruder attacks.

1.2. Key Components of a Firewall.

1.2.1. Network policy.

The design, installation, and use of a firewall in a network are largely influenced by two levels of network policy — the higher-level policy and the lower-level policy.

  • The higher-level policy is an issue-specific network access policy that defines services that are allowed or explicitly denied from the restricted network, how they would be used, and the conditions for exceptions to this policy.
  • The lower-level policy discloses how the firewall will handle access restriction and service filtration defined in the higher-level policy. o Service access policy The service access policy focuses on internet-specific usage issues and all outside network accesses (i.e., dial-in policy, SLIP, and PPP connections). For a firewall to be successful, the service access policy must be realistic and sound and should be drafted before implementing a firewall. A realistic policy is one that provides a balance between protecting the network from known risks while still providing users access to network resources. A firewall can implement several service access policies. However, a typical policy may be to allow no access to a site from the internet but allow access from the site to the internet. Another typical policy would be to allow access from the internet, but perhaps only to selected systems such as information servers and email servers. Firewalls often implement service access policies that allow some user access from the internet to selected internal hosts. However, this access would be granted only if necessary and only if it could be combined with advanced authentication. o Firewall design policy The firewall design policy is specific to the firewall and defines the rules used to implement the service access policy. One cannot design this policy in a vacuum isolated from understanding firewall capabilities and limitations and threats and vulnerabilities associated with TCP/IP. Firewalls generally implement one of two basic design policies — permit any service unless it is expressly denied and deny any service unless it is explicitly permitted. A firewall that implements the first policy allows all services to pass into the site by default, except services that the service access policy has identified as disallowed. The second policy follows the classic access model used in all areas of information security, where the second policy denies all services by default but then passes those services that have been identified as allowed.

1.2.2. Advanced authentication.

Advanced authentication measures such as smartcards, authentication tokens, biometrics, and software-based mechanisms are designed to tackle weak traditional passwords. While the authentication techniques vary, they are similar in that the passwords generated by advanced authentication devices cannot be reused by an attacker who has monitored a connection. Given the problems posed by passwords on the internet, an internet-accessible firewall that does not use or does not contain the hooks to use advanced authentication may be regarded as irrelevant in the current setting. Some of the more popular advanced authentication devices in use today are called one-time password systems. A smartcard or authentication token, for example, generates a response that the host system can use in place of a traditional password. Because the token or card

firewall may vary depending on the vendor manufacturing it; some may have a more limited capacity to handle simultaneous connections than others.  Cloud-based applications Whenever a cloud solution is used to deliver a firewall, it can be called a cloud firewall or firewall-as-a-service (FaaS). Cloud firewalls are analogous to proxy firewalls, where a cloud server is often used in a proxy firewall setup. The advantage of having cloud-based firewalls is that they are very easy to scale with any organization. As the needs grow, one can add additional capacity to the cloud server to filter larger traffic loads. Cloud firewalls provide perimeter security to network architecture.

1.3.2. Advantages.

 Block spyware In today’s data-driven world, stopping spyware from gaining access and getting into a system is of paramount importance. As systems become more sophisticated and robust, criminals trying to gain access to the systems also increase. One of the most common ways unwanted people gain access is by employing spyware and malware. These are software programs designed to infiltrate systems, control computers, and steal sensitive or critical data. Firewalls serve as an important blockade against such malicious programs.  Direct virus attacks A virus attack can shut down any enterprise’s digital operations faster and harder than expected. As the number of threats continues to evolve and grow in complexity, it is vital that the defenses are put in place to keep the systems healthy and up-and-running all the while. One of the most visible benefits of firewalls is controlling the system’s entry points and stopping virus attacks. The cost of damage from a virus attack on any system could be immeasurably high, depending on the type of virus.  Maintain privacy Another benefit of employing a firewall is the promotion of privacy. By proactively working to keep your data and your customer’s data safe, you build an environment of privacy that your clients can trust. No one likes their data stolen, especially when it is known that steps could have been taken to prevent the intrusion.  Network traffic monitoring All of the benefits of firewall security start with the ability to monitor network traffic. Data coming in and out of your systems creates opportunities for threats to compromise your operations. By monitoring and analyzing network traffic, firewalls leverage pre-established rules and filters to keep the systems protected. With a well-trained IT team, an enterprise can manage customized protection levels based on what is seen as coming in and out through the firewall.  Prevent hacking

The trend followed by most businesses today is that of digital operations, which is inviting more thieves and bad actors into the picture. With the rise of data theft and criminals holding systems hostage, firewalls have become even more important, as they prevent hackers from gaining unauthorized access to data, emails, systems, and more. A firewall can stop a hacker completely or deter them from choosing an easier target.

1.4. How firewalls provide security.

 Backdoors. While certain applications are designed to be accessed remotely, others may have bugs that give potential hackers a “backdoor,” or a hidden way to access and exploit the program for malicious purposes. Some operating systems may also contain bugs that provide backdoors for skilled hackers to manipulate to their own benefit.  Denial of service. This increasingly popular type of cyberattack can slow or crash a server. Hackers utilize this method by requesting to connect to the server, which sends an acknowledgment and attempts to establish a connection. However, as part of the attack, the server will not be able to locate the system that initiated the request. Flooding a server with these one-sided session requests allows a hacker to slow down server performance or take it offline entirely. While there are ways firewalls can be used to identify and protect against certain forms of denial of service attacks, they tend to be easily fooled and are usually ineffective. For this reason, it’s important to have a variety of security measures in place to protect your network from different types of attacks.  Macros. Macros are scripts that applications can run to streamline a series of complicated procedures into one executable rule. Should a hacker gain access to your customers’ devices, they can run their own macros within the applications. This can have drastic effects, ranging from data loss to system failure. These executable fragments can also be embedded data attempting to enter your network, which firewalls can help identify and discard.  Remote logins. Remote logins can vary in severity, but always refer to someone connecting to and controlling your computer. They can be a useful technique for allowing IT professionals to quickly update something on a specific device without being physically present—but if performed by bad actors, they can be used to access sensitive files or even execute unwanted programs.  Spam. While most spam is harmless, some spam can also be incredibly malicious. Spam often will include links—which should absolutely never be clicked! By following links in spam mail,

1.6. IDS.

An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered. While anomaly detection and reporting are the primary functions, some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious Internet Protocol (IP) addresses. An IDS can be contrasted with an intrusion prevention system (IPS), which monitors network packets for potentially damaging network traffic, like an IDS, but has the primary goal of preventing threats once detected, as opposed to primarily detecting and recording threats.  Usage Intrusion detection systems are used to detect anomalies with the aim of catching hackers before they do real damage to a network. They can be either network- or host- based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system resides on the network. Intrusion detection systems work by either looking for signatures of known attacks or deviations from normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and application layer. They can effectively detect events such as Christmas tree scans and domain name system (DNS) poisonings. An IDS may be implemented as a software application running on customer hardware or as a network security appliance. Cloud-based intrusion detection systems are also available to protect data and systems in cloud deployments.  Diagrams

1.7. The potential impact (Threat-Risk) of a

firewall and IDS if they are incorrectly configured

in a network.

1.7.1. The potential impact (Threat-Risk) of a firewall.

Network firewalls are not easy to update. Keeping rules up to date when environments and applications are dynamic and complex is almost impossible. Because of this challenge, firewall policy is often behind the current status of your applications and data. This means you are increasing risk in your data center until you manage to manually set the rules. Moreover, those rules may well become obsolete again almost immediately, so you can never truly stem the issue of growing risk. At the same time, companies have to deal with compliance mandates and governance, which are just as strict on the cloud environments as on-premises environments. While the increased agility of a hybrid cloud ecosystem is helpful for streamlining business processes, the speed of change has caused many organizations to fall badly short of compliance requirements. It’s especially difficult to get full visibility into hybrid cloud environments – and without visibility, you can easily fall prey to blind spots resulting from misconfigurations. Take the Capital One breach, for example, where hackers could exfiltrate “data through a ‘misconfiguration’ of a firewall on a web application. That allowed the hacker to communicate with the server where Capital One was storing its information and, eventually, obtain customer files.” The result was the loss of the personal data of more than 100 million people, including tens of millions of credit card applications.  Some of the most common firewall misconfigurations:

  • EC2 instances: Configuring security groups incorrectly can lead to unnecessary risk. AWS itself reports that “Among the most egregious were AWS Security Groups configured to leave SSH wide open to the Internet in 73 percent of the companies analysed.” Any approach that relies on IP addresses that constantly change is going to be error-prone.
  • VPC access: Of course, your business doesn’t want anyone on the internet to be able to access your VPCs. That said, this is a common mistake. Many businesses use ACLs to manage the problem, but it can be time-consuming and leave blind spots.
  • Services permissions: