Physical and Hardware Security

Chapter 15Networking Essentials

Spring, 2013

Defining FirewallsFirewalls are a combination of ___ & ___

What is a “black box?” (p. 502)

Default deny or default allow – which one?

Types of FirewallsNetwork-based firewalls protect __ from __.

Host-based firewalls protect ____.

Access Control ListsHow they are processed

Lines are compared in sequential orderAfter a match is made, ACL is exitedImplicit deny at the end – why?

Standard ACLs vs Extended ACLsInbound vs outbound ACLs

Ways to make things more secure

DMZ - Image on page 507Protocol switching – shift to IPX – why?Proxy Services

IP proxyWeb proxyFTP proxySMTP proxy

More Firewall StuffNetwork Layer Firewalls

Stateful – Stateless –

Application Layer FirewallsSlower, because they …

Scanning ServicesDefault Scanning Settings:

Filtering for ContentCommon things to filter:

Local Browser SettingsZones

Trusted Sites

Customizing Settings

Intrusion Detection Systems (IDS)

More of a watchdog than a firewallCan be software or an actual devicePassive responses:

(honeypot) -

VPN ConcentratorsLike a firewall, but made for VPNs

Allows for higher-speed throughput

Allows for encryption

Problems Affecting Device Security

Physical security – where to keep stuff

Climate conditions –

Three barriers to your server –

Security zones ID Badges

Logical Security Configurations

Logging On LocallyOnly administrator can log onto server

Administrator must log on locally – why?

Access-Control PrinciplesUtilize implicit denies

(UNIX) - .allow file(UNIX) - .deny file

Least-privilege model

Separate administrative duties

Rotate administrator jobs

Access Control MethodsMandatory Access Control (MAC) Model…Discretionary Access Control (DAC)… Role-Based Access Control (RBAC)…Rule-Based Access Control (RBAC)…

Unsecure Protocols (UNIX) –(UNIX) –

Secure Protocols