Network Devices

 Network Devices:

Network connects computing devices together so that users can share resources, such as data, printers, and other devices.

Switch:
Switch can learn which computers are attached to each of its physical ports. It then uses this knowledge to create internal switched connections when two computers communicate with each other.

Security benefits of switch:
If an attacker connects his computer to the port of switch and installs the protocol analyzer. He would not capture the unicast traffic going through the switch to other ports. So, switch reduces the risk of an attacker capturing data with a sniffer. Switches also increase the efficiency of a network.

Router:
Router connects multiple network segments together into a single network and routes traffic between the segments. It route the traffic from segment to segment. Because routers don’t pass broadcasts, they effectively reduce traffic on any single segment. Segments separated by routers are sometimes referred to as broadcast domains.

Bridge:
Bridge connects multiple networks together and can be used instead of router in some situations. As router directs network traffic based on the destination IP address and a switch directs the traffic to specific ports based on the destination MAC address. Similarly, a bridge directs the traffic based on the MAC address.

Firewall:
Firewall filters incoming and outgoing traffic for a single host or between networks.It means that firewall can ensure only specific types of traffic are allowed into a network or host.

Host-Based Firewalls:
Host based firewall monitors traffic going in and out of a single host, such as a server or a workstation. It monitors traffic passing through the NIC and can prevent intrusions into the computer via the NIC. Personal firewalls provide valuable protection for systems against unwanted intrusions.

Network based firewall:
Network based firewall is usually a dedicated system with additional software installed to monitor, filter and log traffic. Network based firewalls would have two or more NIC cards and all traffic passes through the firewall. The firewall controls traffic going in or out of the network. It does this by filtering traffic based on firewall rules and allows only authorized traffic to pass through it.

Stateless Firewall:
It uses rules implemented as ACLs to identify allowed and blocked traffic. This is similar to how routers use rules. Firewall uses an implicit deny strategy to block all traffic that is not explicitly allowed.

Stateful Firewall:
It inspects traffic and makes decisions based on the context, or state of the traffic.It keeps track of established sessions and inspects traffic based on its state within a session.

Proxy Servers:
Proxy servers forward the request for services from clients. They can improve performance by caching content and some proxy servers can restrict user’s access to inappropriate web sites by filtering content.

UTM:
Unified Threat Modeling is a single solution that combines multiple security controls. Main purpose of UTMs is to provide better security, which also simplifies management requirements. UTM devices reduce the workload of administrators without sacrificing security. UTM security appliances combine the features of multiple security solutions into a single appliance. It might include a firewall, antivirus protection, anti-spam protection, URL filtering and content filtering.

Email Gateway:
Email gateway is the server that examines all incoming and outgoing email and attempts to reduce risks associated with email. It is located between email servers and the internet and configures it for their purpose. All the mail goes to the gateway before it goes to the mail server. It also includes the DPL(Data loss prevention) capabilities. It examines outgoing emails looking for confidential or sensitive information and blocks them.

HIDS:
Host based intrusion detection system is additional software installed on a system such as a workstation or server. It provides protection to individual host and can detect potential attacks and protect critical operating system files. HIDS can be installed on different internet facing servers such as web servers, mail servers, and database servers.

NIDS:
Network based intrusion detection system monitor activity on the network. NIDS installed on the router and firewalls. NIDS gather information and report to a central monitoring server hosting a NIDS console. There are two methods of detection signature based and heuristic or behavioral based( also known as anomaly based).

Signature Based Detection
It uses the database of known vulnerabilities or known attack patterns.It is similar to the antivirus software used to detect malware.

Heuristic based detection:
Heuristic based detection(also called anomaly-based detection) starts by identifying normal operation or normal behaviour of the network.It does this by creating a performance baseline under normal operating conditions.

IPS:
Intrusion prevention systems are an extension of IDS. IPS can detect, react, and prevent the attack. All traffic passes through the IPS and the IPS can block malicious traffic.This is also known as in-band.

Comments

Post a Comment

Popular posts from this blog

Analyzing Spear Phishing Email

Image
Phishing is the technique of fraudulent attempt by the attacker to obtain sensitive and confidential information i.e. Credentials, PII information, credit card, bank details. It can also be targeted attack to focus on the specific organization of individual. The attacker often tailors an email to speak directory to targeted user. There are many types of phishing as follow. I wouldn't explain the types. You can read Here . In this article you'll learn how to analyze the sophisticated phishing email. So, Let's start the case study to explain.  Spearphising :  Spearphising is the technique in which attacker aims at one person and lures him/her into providing confidential data. Attacker compile the email according to the specific user. The email would consist some of the target's email, username, designation.  Case Study: User receive the spearphising email containing the PDF attachment with double extension. Email body contains the unprofessional statement "Kindly m
Read more

Cyber Threat Intel

Image
What is Cyber Threat Intel? Threat intel is the information about the threats. Cyber threat intel is used to better understand, predict and adopt to the behavior of malicious actors. It plays an important role in preventing the zero-day attacks. " Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes " (NIST). Threat Intel life Cycle: Intelligence lifecycle is the process of developing raw information into finished intelligence for policymaker to use in decision making and action. CTI Life Cycle Planning and Direction Planning and direction helps in setting up the goals for the threat intel program. Priorities and requirements are defined in this phase. Collection: Collection means gathering of data to produce the finished intelligence. Data includes logs(Firewall, IPS/IDS, Endpoints), threat feeds and OSINT(reports, social media, public forums). Collection Types of Collectio
Read more

Authentication Services

Image
  Authentication Services: In this section we will discuss the authentication services. The main goal of these services are to ensure that unencrypted credentials are not sent across the network. In other words they ensure that credentials are not sent in clear text. Kerberos: It is a network authentication mechanism mostly used in both windows active directory domain and some Unix environments. Kerberos provides mutual authentication that can help prevent MITM attacks and uses tickets to help prevent replay attacks. Working of Kerberos: The KDC(key distribution center) uses a complex process of issuing TGTs(Ticket granting tickets) and other tickets. The KDC packages user credentials within the ticket. Tickets provide authentication for users when they access resources such as files on the file server. These tickets are sometimes referred to as tokens. NTLM: New Technology LAN Manager is a suite of protocols that provide authentication, integrity, and confidentiality within windows sy
Read more