{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

N also called application layer gateway stateful

Info iconThis preview shows pages 11–14. Sign up to view the full content.

View Full Document Right Arrow Icon
n Also Called Application Layer Gateway Stateful Inspection Firewalls – Third Generation n Packets Analyzed at all OSI layers n Queued at the network level n Faster than Application level Gateway Dynamic Packet Filtering Firewalls – Fourth Generation n Allows modification of security rules n Mostly used for UDP n Remembers all of the UDP packets that have crossed the network’s perimeter, and it decides whether to enable packets to pass through the firewall. Kernel Proxy – Fifth Generation n Runs in NT Kernel n Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies.
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Firewall Architectures: Packet Filtering Routers: n Sits between trusted and untrusted networks n Uses ACLs n ACLs can be manually intensive to maintain n Lacks strong user authentication n ACLs can degrade performance n Minimal Auditing Screened Host Firewall: n Employs packet filtering and Bastion Host n Provides network layer (packet filtering) and application layer (proxy) services n Penetration requires getting by external router (packet filtering) and Bastion Host (proxy). Dual Homed Host Firewall n Contains two NICs n One connected to the local “trusted” network n One connected to the external “untrusted” network n Blocks or filters traffic between the two. n IP forwarding is disabled
Background image of page 12
Screened Subnet Firewall n One of the most secure n Two packet filtering routers and a Bastion Host n Provides network layer (packet filtering) and application layer (proxy) services n Provides DMZ n Complex configuration SOCKS Server n Circuit level proxy server n Requires SOCKS client on all machines n Used to manage outbound Internet access n IT Overhead intensive NAT – Network Address Translation 3 Private IP Address Ranges – Global Nonroutable Addresses 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 n Class A addresses are for large networks with many devices. 1-127 n Class B addresses are for medium-sized networks. 128-191 n Class C addresses are for small networks (fewer than 256 devices). 192-223 n Class D addresses are multicast addresses . Virtual Private Networks: n Secure connection between two nodes using secret encapsulation method. n Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used) n Tunnel can be created by the following three methods: n Installing software or agents on client or network gateway. n Implementing user or node authentication systems. n Implementing key and certificate exchange systems. VPN Protocol Standards: PPTP – Point-to-Point Tunneling Protocol n Works at the Data Link Layer n Single point to point connection from client to server n Common with asynchronous connections with NT and Win 95 L2TP - Layer 2 Tunneling Protocol n Combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F) n Multiple protocols can be encapsulated within the L2TP n Single point to point connection from client to server n Common with Dial up VPNs IPSec n Operates at the network layer n Allows multiple and simultaneous tunnels n
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 14
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}