What are firewalls?
Firewalls monitor and filters network traffic using DMZ, zone segregation, and can be implemented as hardware or software appliance.
What are firewalls rules and policies?
They are set rules to tell a firewall what to do; eg. deny all incoming TCP traffic in all ports.
How does firewall help?
- Reduce port scanning as it can lock down port access
- Limit DoS/DDoS
What is packet filtering firewall?
- Tests each packet that crosses the firewall according to a set of user-defined rules.
- Has both stateless and stateful.
What’s the difference between stateless and stateful firewalls?
- Stateless firewalls do not look at state of connections but just the packets itself.
- Stateful firewalls maintains information about a user connections in a state table.
What is a Network Intrusion Detection System?
NDIS detects unauthorized access to networks and host resources without needing traffic flow through it.
How are NIDS connected to networks?
- Hubs: in promiscuous mode
- Switch: port mirroring
What can NDIS do?
- Monitor large scope
- Able to support IoT networks via agents
- Supports DPI
- Signature-based or statistical anomaly detection
- Used with IPS
What is a Network Intrusion Prevention System?
Similar to NIDS but also provide automated responses to block intrusions and protect system against attacks.
It is located inbetween firewall and the network.
What are proxy firewalls?
Application gateway that protects network resources by redirecting web requests at the application layer.
Scans for Layer 7 protocols like HTTP & FTP with DPI.
Provides private or anonymous internet access.
What are virtual private networks?
VPNs allows you to extend a private network across a public one such as the internet; hence encrypted and cannot be read.
What are the three VPN subsystems?
- Authentication: user must be authenticated to establish a secure tunnel.
- Tunneling: encapsulation of one type of protocol packet within the datagram of a different protocol.
- Encryption: to protect data travelling through the tunnel
What are some IPSec vulnerabilities?
Oracle attack can be used to bypass authentication and spoof clients & servers.
IKEv2 susceptible to offline dictionary attacks.
What are some TLS VPN vulnerabilities?
- MITM attack allows attacker to observe compression of information, the better the compression, the more accurate the password.
What is a honeypot?
It is a decoy (often a VM) that is designed to be intentionally vulnerable that should look like a production environment.
