You are on page 1of 20

SECURITY DEVICES AND TECHNOLOGIES

CHAPTER 3

HOST & SERVER BASED SECURITY COMPONENTS & TECHNOLOGIES


Device Hardening Personal Firewall Antivirus Software Operating System Patches Intrusion Detection and Prevention

DEVICE HARDENING
Device hardening is the most basic controls used to protect data and systems. The purpose of device hardening is to eliminate as many security risks as possible. It consists of
timely application of patches careful configuration of system components removing the most fundamental security vulnerabilities.

Supported by a well-designed and actively managed patch management process, proper device configuration is the most effective method of repelling exploits.

PERSONAL FIREWALL
A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Example of personal firewall are ZoneAlarm, Outpost, Comodo and etc.

Antivirus Software
Antivirus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Example: Kaspersky, Norton, Panda and etc.

OPERATING SYSTEM PATCHES


A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance

INTRUSION DETECTION & PREVENTION


An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDPSs are primarily focused on identifying possible incidents .

INTRUSION DETECTION & PREVENTION

INTRODUCTION OF FIREWALL

Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement and enforce a security policy for communication between networks Separate local network from the Internet
Trusted hosts and networks Firewall

Intranet DMZ

Router Demilitarized Zone: publicly accessible servers and networks

INTRODUCTION OF FIREWALL
Firewall cannot do: Cannot defend against attacks that do not go through. Cannot tell a security administrator when the firewall rules are inadequate. Not a monitoring tool h the firewall

FIREWALL ARCHITECTURE
Dual-Homed Host Architecture Screened-Host Architecture Screened-subnet Architecture

Dual-Homed Host Architecture

Screened-Host Architecture

Screened-subnet Architecture

FIREWALL TECHNOLOGIES
Packet Filtering Network Address Translation (NAT ) Circuit-Level Gateways Proxy - Application Proxies Virtual Private Network (VPNs)

Packet Filtering
The basic method for protecting the intranet border. Works at the network layer of the OSI model. The limitation: cannot distinguish (differentiate) usernames. Filter data, based on: service type, port number, interface number, source address, and destination address, among other criteria. For example, a packet filter can permit or deny service advertisements on an interface. You can use incoming and outgoing filters to dictate (order) what information passes into or out of your intranet.

Network Address Translation (NAT )


Maps private IP addresses to public IP addresses. NAT can perform this mapping both dynamically and statically. An alternative to NAT is a circuit-level gateway.

Circuit-Level Gateways
Works at the session layer in the OSI model, which means that more information is required before packets are allowed or denied. It monitor TCP handshaking between packets to determine whether a requested session is legitimate (genuine/legal). Access is determined based on: address, DNS domain name, or DNS username. Special client software must be installed on the workstation. Circuit-level gateways can bridge different network protocols, for example, IPX to IP. Our username is checked and granted (decided/approved) access before the connection to the router is established.

Proxy
Proxy Server (application gateway or forwarder) is a application between traffic and two network segment. Proxies replace the filter so it can block the traffic from going through directly. With a proxy as a connector, source and destination cannot directly connected. IP address of Proxy server is hide from user to prevent from outside user know the architecture of network.

Virtual Private Network


Allows two hosts to exchange (swap over) data using a secure channel. The data stream (flow) is encrypted for security. A VPN can be configured as a connection between two endpoints or between many endpoints. We can connect two offices over an Internet connection, or connect several offices to create a secure private network. Remote VPN clients are also supported.