technologies supporting the information security blueprint, identifies complete technical solutions, Designs physical security measures, and prepares project plans for the implementation phase
prevents specific types of information from moving between the outside world, known as the untrusted network, and the inside world, known as the trusted network
Processing Mode: Packet filtering
firewalls examine the header information of data packets that come into a network. NETWORK LAYER.
Processing Mode: Application Gateway
also known as an application-level firewall or application firewall, is frequently installed on a dedicated computer, separate from the filtering router, but is commonly used in conjunction with a filtering router. APPLICATION, PRESENTATION, AND SESSION LAYER
Processing Mode: Circuit gateway
firewall operates at the transport layer. Connections are authorized based on addresses. DON'T Look at data traffic flowing between one network and another, but do prevent connections between one network and another. TRANSPORT LAYER
Processing Mode: MAC Layer
designed to operate at the media access control layer of the OSI network model. This gives these firewalls the ability to consider the specific host computer’s identity in its filtering decisions. DATA LINK LAYER
Processing Mode: Hybrid
type of firewalls combine the elements of other types of firewalls
firewall device, called "broadband gateways" connect the user’s local area network or a specific computer system to the Internetworking device
Packet filtering routers
router used as interface to the Internet and perimeter between external and internal networks
Screened host firewalls
combines packet filtering router and dedicated firewall. Allows the router to prescreen packets to slow traffic and load to internal proxy
bation host has two NICS one connected to the internal network, one connected to the external network.All must go through firewall with this implementation
dominant architecture used today. Provides DMZ. DMZ can be dedicated port or connected to subnet
Best Practices for Firewalls
1. let trusted network traffic out 2. firewall is not directly accessible by public network 3) SMTP data can pass through, but should be routed to SMTP gateway 4) ICMP data should be denied 5) Telnet from public networks = blocked 6)HTTP traffic should be denied from external networks through some form of proxy access
essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations
an automatic phone-dialing program that dials every number in a configured range and checks to see if a person, machine or modem picks up.
uses symmetric key encryption to validate an individual user to various network resources
a private and secure network connection between systems that uses the data communication capability of an unsecured and public network
used leased circuits from a service provider & conducts packet switching over these leased circuits
uses security protocols and encrypts traffic transmitted across unsecured public networks like the Internet
combination of both types of VPNS
Keys to VPN
Encapsulation, Encryption, and Authentication
the organization establishes two perimeter tunnel servers. These servers serve as the encryption points, encrypting all traffic that will traverse an unsecured network.
a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers
The mathematical formula used to convert an unencrypted message into an encrypted message.
The transformation of the individual components (characters, bytes, or bits) of an unencrypted message into encrypted components.
The unintelligible encrypted or encoded message that results from an encryption.
The transformation of the larger components (words or phrases) of an unencrypted message into encrypted components
To decrypt or convert ciphertext to plaintext.
To encrypt or convert plaintext to ciphertext.
The information used in conjunction with the algorithm to create ciphertext from plaintext.
The original unencrypted message that is encrypted
uses the same key, also known as a secret key, to encrypt and decrypt a message.
another category of encryption techniques also known as public-key encryption.
an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.
encrypted messages that can be mathematically proven authentic.
an electronic document, similar to a digital signature that is attached to a file and certifies that the file is from the organization it claims to be from and has not been modified from the original format.
an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages between a client and server across the Internet
protocol to use public-key encryption to secure a channel over the public Internet, thus enabling secure communications.
developed by Phil Zimmerman and uses the IDEA Cipher along with RSA for key exchange.
the attacker encrypts every word in a dictionary using the same cryptosystem as used by the target
uses symmetric for the session, asymmetric for the message