Network Devices

 Network Devices:

Network connects computing devices together so that users can share resources, such as data, printers, and other devices.

Switch:
Switch can learn which computers are attached to each of its physical ports. It then uses this knowledge to create internal switched connections when two computers communicate with each other.

Security benefits of switch:
If an attacker connects his computer to the port of switch and installs the protocol analyzer. He would not capture the unicast traffic going through the switch to other ports. So, switch reduces the risk of an attacker capturing data with a sniffer. Switches also increase the efficiency of a network.

Router:
Router connects multiple network segments together into a single network and routes traffic between the segments. It route the traffic from segment to segment. Because routers don’t pass broadcasts, they effectively reduce traffic on any single segment. Segments separated by routers are sometimes referred to as broadcast domains.

Bridge:
Bridge connects multiple networks together and can be used instead of router in some situations. As router directs network traffic based on the destination IP address and a switch directs the traffic to specific ports based on the destination MAC address. Similarly, a bridge directs the traffic based on the MAC address.

Firewall:
Firewall filters incoming and outgoing traffic for a single host or between networks.It means that firewall can ensure only specific types of traffic are allowed into a network or host.

Host-Based Firewalls:
Host based firewall monitors traffic going in and out of a single host, such as a server or a workstation. It monitors traffic passing through the NIC and can prevent intrusions into the computer via the NIC. Personal firewalls provide valuable protection for systems against unwanted intrusions.

Network based firewall:
Network based firewall is usually a dedicated system with additional software installed to monitor, filter and log traffic. Network based firewalls would have two or more NIC cards and all traffic passes through the firewall. The firewall controls traffic going in or out of the network. It does this by filtering traffic based on firewall rules and allows only authorized traffic to pass through it.

Stateless Firewall:
It uses rules implemented as ACLs to identify allowed and blocked traffic. This is similar to how routers use rules. Firewall uses an implicit deny strategy to block all traffic that is not explicitly allowed.

Stateful Firewall:
It inspects traffic and makes decisions based on the context, or state of the traffic.It keeps track of established sessions and inspects traffic based on its state within a session.

Proxy Servers:
Proxy servers forward the request for services from clients. They can improve performance by caching content and some proxy servers can restrict user’s access to inappropriate web sites by filtering content.

UTM:
Unified Threat Modeling is a single solution that combines multiple security controls. Main purpose of UTMs is to provide better security, which also simplifies management requirements. UTM devices reduce the workload of administrators without sacrificing security. UTM security appliances combine the features of multiple security solutions into a single appliance. It might include a firewall, antivirus protection, anti-spam protection, URL filtering and content filtering.

Email Gateway:
Email gateway is the server that examines all incoming and outgoing email and attempts to reduce risks associated with email. It is located between email servers and the internet and configures it for their purpose. All the mail goes to the gateway before it goes to the mail server. It also includes the DPL(Data loss prevention) capabilities. It examines outgoing emails looking for confidential or sensitive information and blocks them.

HIDS:
Host based intrusion detection system is additional software installed on a system such as a workstation or server. It provides protection to individual host and can detect potential attacks and protect critical operating system files. HIDS can be installed on different internet facing servers such as web servers, mail servers, and database servers.

NIDS:
Network based intrusion detection system monitor activity on the network. NIDS installed on the router and firewalls. NIDS gather information and report to a central monitoring server hosting a NIDS console. There are two methods of detection signature based and heuristic or behavioral based( also known as anomaly based).

Signature Based Detection
It uses the database of known vulnerabilities or known attack patterns.It is similar to the antivirus software used to detect malware.

Heuristic based detection:
Heuristic based detection(also called anomaly-based detection) starts by identifying normal operation or normal behaviour of the network.It does this by creating a performance baseline under normal operating conditions.

IPS:
Intrusion prevention systems are an extension of IDS. IPS can detect, react, and prevent the attack. All traffic passes through the IPS and the IPS can block malicious traffic.This is also known as in-band.

Comments

Popular posts from this blog

Cyber Threat Intel

Analyzing Spear Phishing Email

Advance Attacks on Network