Pi's Website - Archived

Vista Q & A
Home
Common Errors
Helpful Links
Linux
Tutorial Index
Windows Vista
Contact Us
Site Map
PC & Certification Info
Tweaks
Programs

3.1 Understand security concerns and concepts of the following types of devices

o Firewalls
o Routers
o Switches
o Wireless
o Modems
o RAS (Remote Access Server)
o Telecom / PBX (Private Branch Exchange)
o VPN (Virtual Private Network)
o IDS (Intrusion Detection System)
o Network Monitoring / Diagnostics
o Workstations
o Servers
o Mobile Devices

 

Firewalls

What are firewalls?
In a basic form, firewalls are devices that separate and control traffic between two networks. There are both hardware and software firewalls and they are generally between an internal and external network, but may separate two internal networks. There are many different functions of firewalls including:

  • Traffic forwarding
  • Separate networks (network differentiation)
  • Protection against certain attacks including DOS, scanning, and sniffing
  • IP & port forwarding - can allow or reject any conection based on the IP address and port
  • Content filter - proxy firewalls can block specified content that may be inappropriate
  • Packet redirection
  • Authentication
  • Encryption
  • Logging


Before continuing, I would recommend reading about zones in Domain 3.3.

What types of firewalls are there?
There are four main types:

  1. Packet filters are layer 3 (network) devices that examine certain characteristics of packets including the source and destination IP and port as well as the IP protocol, such as TCP or UDP. The firewall has rules that were previously set and/or configured and either allows, rejects, or drops the packet. Dropping makes the sender have to wait for it to time-out, which can increase the time a network scan takes to complete for an attacker. The difference between rejecting and dropping a packet is that the user is notified if the packet is rejected. In general, packet filters are fairly fast and relatively inexpensive, but not very secure.
  2. There is an improved version known as a stateful inspection firewall. These firewalls keep a record of sessions of communication between computers and only scans the first packet, which can increase performance.  Stateful firewalls are usually among the fastest firewalls and may be slightly more secure than packet filters.
  3. Application Proxies are layer 7 (application) devices that stop and examine every packet, then compare them to a set of rules.  If the packet passes, it is remade.  This type of firewall can stop unknown attacks, but a separate application proxy is necessary for each application type, such as http and FTP.  These are the most expensive and slowest, but provide the best protection.
  4. Circuit level firewalls are layer 3 devices.  These review the packet's header information and see if they meet specified requirements.  If they do, the traffic is allowed for the session without being checked again.

Routers

Routers are layer 3 (network) devices that connect networks and "route" data. Unlike hubs and switches, they are protocol "aware."  Routers have a routing table with network address and the ports they belong to, and they use routing protocols to exchange this information with other routers (if any) in the network.  Many routers have a basic packet filter and can have an Access Control List (ACL).

 

How do they provide security?

  • Network Address Translation (NAT)
  • ACLs and packet filters

Switches

Switches connect computers and segment networks to help increase performance.  Switches have a table of MAC addresses and their ports.  In networks without switches, a packet sent from one computer to another on the same LAN goes to every computer (in other words, is broadcast), but is usually ignored by all but the recipient.  This provides security and increases performance.

 

How do they provide security?

  • VLANs - virtual local area networks (domain 3.3)
  • Port security - a switch only forwards frames to the port of the recipient only, which helps limit the usefulness of sniffers since they only can capture data sent on their segment.  Unused ports can and should be disabled.

Wireless

Wireless devices allow for connections without wires.  This can save money and administration since cables are expensive and may brake.  However, wireless devices are not secure and should be secured with WAP or 802.1x at the minimum.

Modems

Modem stands for modulator/demodulator.  Modems are used to convert analog signals coming from a telephone line into a digital signal that a computer can understand.  Many servers can be accessed by their modem for remote access, but these should be turned off if not needed, and the number should not be within the public listing of your telephone number range or attackers can "war-dial" and dial all those numbers to see which numbers are assigned to computers.  At least, a username and password should be required to connect with a limit of logon attempts.

RAS

RAS stands for remote-access service.  These should be secured so they can only be accessed by clients who are meant to access this and logon attempts should be limited.

Telcom/PBX

PBX stands for private branch exchange and Telcom stands for telecommunications.   A PBX is a telephone switch that your company has and provides services such as voicemail and call tree (like when you call a store and push a button to talk to different departments).  Telcom communications should have a "telewall" (like a firewall) to prevent misuse.

VPN

See domain 2.1.

IDS

See domain 3.4.

Network Monitoring/Diagnostics

It is highly recommended that all networks are periodically checked for vulnerabilities.  There are many vulnerability scanners out there such as SAINT and SATAN that hackers also use to find weaknesses in your network.  Networks should also be monitored and compared against the security baseline, or regular usage.

Workstations

Workstations are the client computers on a network that access information from the servers.  All unnecessary services and software should be disabled and/or uninstalled and workstations should be monitored for exploits.  The Operating System (OS) and software should be updated and patched frequently.

Servers

Servers are the dedicated computers that share information and software with other servers and with workstations.  All unnecessary services and software should be disabled and/or uninstalled and servers should be monitored for exploits.  They also should be updated often.  Some servers that need to be accessed by the public, yet need to be secured from some attacks should be placed on a DMZ (domain 3.3).

Mobile Devices

Mobile devices, such as notebook computers (laptops), Personal Digital Assistants (PDAs), cell phones, smart phones, etc. are becoming increasingly popular.  However, their portability makes them easy to steal, so it is important that any important data is encrypted on them.

Resources:
Security+ Study Guide & DVD Training System, Second Edition. By: Ido Dubrawsky, Jeremy Faircloth
ISBN: 1597491535 http://www.syngress.com/catalog/?pid=4350

PrepLogic Security+ Mega Guide - http://www.preplogic.com/products/mega-guides/mega-guides-product-details.asp?eid=129

ExamCram CompTIA Security+ ISBN 0-7897-2910-5 Que Publishing July 2006.

TechExams.Net.  Security+ TechNotes:  Network Devices.  By: Johan Hiemstra.  http://www.techexams.net/technotes/securityplus/network_devices_security.shtml

This page was last modified on 07/28/07 02:03 PM