Professional Documents
Culture Documents
1.1. Firewall.
A firewall is defined as a cybersecurity tool that monitors incoming and outgoing
network traffic and permits or blocks data packets based on a set of cybersecurity rules.
Firewalls are generally deployed to isolate network nodes from egress and ingress data
traffic or even specific applications. Firewalls operate by using software, hardware, or cloud-
based methods for safeguarding the network against any external attack. The primary
objective of a firewall is to block malicious traffic and data packets while allowing legitimate
traffic to pass through.
Some of the more popular advanced authentication devices in use today are called one-time
password systems. A smartcard or authentication token, for example, generates a response
that the host system can use in place of a traditional password. Because the token or card
works in conjunction with software or hardware on the host, the generated response is
unique for every login. The result is a one-time password that, if monitored, cannot be
reused by an intruder to gain access to an account.
1.2.3. Packet filtering.
IP packet filtering is accomplished using a packet filtering router that filters packets as they
pass between the router’s interfaces. A packet-filtering router usually can filter IP packets
based on source IP address, destination IP address, TCP/UDP source port, or destination
port.
Not all packet filtering routers currently filter the source TCP/UDP port. However, more
vendors are starting to incorporate this capability. Some routers examine which of the
router’s network interfaces a packet arrived at and then use this as an additional filtering
criterion.
Hardware-based applications
Hardware firewalls use a physical appliance that acts as a traffic router to intercept data
packets and traffic requests before they’re connected to the network’s servers. Physical
appliance-based firewalls like this excel at perimeter security by making sure malicious
traffic from outside the network is intercepted before the company’s network endpoints are
exposed to risk. The major weakness of a hardware-based firewall, however, is that it is
often easy for insider attacks to bypass them. Also, the actual capabilities of a hardware
firewall may vary depending on the vendor manufacturing it; some may have a more limited
capacity to handle simultaneous connections than others.
Cloud-based applications
Whenever a cloud solution is used to deliver a firewall, it can be called a cloud firewall or
firewall-as-a-service (FaaS). Cloud firewalls are analogous to proxy firewalls, where a cloud
server is often used in a proxy firewall setup. The advantage of having cloud-based firewalls
is that they are very easy to scale with any organization. As the needs grow, one can add
additional capacity to the cloud server to filter larger traffic loads. Cloud firewalls provide
perimeter security to network architecture.
1.3.2. Advantages.
Block spyware
In today’s data-driven world, stopping spyware from gaining access and getting into a
system is of paramount importance. As systems become more sophisticated and robust,
criminals trying to gain access to the systems also increase. One of the most common ways
unwanted people gain access is by employing spyware and malware. These are software
programs designed to infiltrate systems, control computers, and steal sensitive or critical
data. Firewalls serve as an important blockade against such malicious programs.
Maintain privacy
Another benefit of employing a firewall is the promotion of privacy. By proactively working
to keep your data and your customer’s data safe, you build an environment of privacy that
your clients can trust. No one likes their data stolen, especially when it is known that steps
could have been taken to prevent the intrusion.
Prevent hacking
The trend followed by most businesses today is that of digital operations, which is inviting
more thieves and bad actors into the picture. With the rise of data theft and criminals
holding systems hostage, firewalls have become even more important, as they prevent
hackers from gaining unauthorized access to data, emails, systems, and more. A firewall can
stop a hacker completely or deter them from choosing an easier target.
Denial of service.
This increasingly popular type of cyberattack can slow or crash a server. Hackers utilize this
method by requesting to connect to the server, which sends an acknowledgment and
attempts to establish a connection. However, as part of the attack, the server will not be
able to locate the system that initiated the request. Flooding a server with these one-sided
session requests allows a hacker to slow down server performance or take it offline entirely.
While there are ways firewalls can be used to identify and protect against certain forms of
denial of service attacks, they tend to be easily fooled and are usually ineffective. For this
reason, it’s important to have a variety of security measures in place to protect your
network from different types of attacks.
Macros.
Macros are scripts that applications can run to streamline a series of complicated
procedures into one executable rule. Should a hacker gain access to your customers’
devices, they can run their own macros within the applications. This can have drastic effects,
ranging from data loss to system failure. These executable fragments can also be embedded
data attempting to enter your network, which firewalls can help identify and discard.
Remote logins.
Remote logins can vary in severity, but always refer to someone connecting to and
controlling your computer. They can be a useful technique for allowing IT professionals to
quickly update something on a specific device without being physically present—but if
performed by bad actors, they can be used to access sensitive files or even execute
unwanted programs.
Spam.
While most spam is harmless, some spam can also be incredibly malicious. Spam often will
include links—which should absolutely never be clicked! By following links in spam mail,
users may accept cookies onto their systems that create backdoor functionality for hackers.
It is important that your customers receive cybersecurity awareness training in order to
reduce vulnerabilities from within their network.
Viruses.
Viruses are small programs that replicate themselves from computer to computer, allowing
them to spread between devices and across networks. The threat posed by some viruses
can be relatively small, but others are capable of doing more damage—such as erasing your
customers’ data. Some firewalls include virus protection, but using a firewall alongside
antivirus software is a smarter and more secure choice.
1.6. IDS.
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious
activity and alerts when such activity is discovered. While anomaly detection and reporting
are the primary functions, some intrusion detection systems are capable of taking actions
when malicious activity or anomalous traffic is detected, including blocking traffic sent from
suspicious Internet Protocol (IP) addresses.
An IDS can be contrasted with an intrusion prevention system (IPS), which monitors network
packets for potentially damaging network traffic, like an IDS, but has the primary goal of
preventing threats once detected, as opposed to primarily detecting and recording threats.
Usage
Intrusion detection systems are used to detect anomalies with the aim of catching
hackers before they do real damage to a network. They can be either network- or host-
based. A host-based intrusion detection system is installed on the client computer, while
a network-based intrusion detection system resides on the network.
Intrusion detection systems work by either looking for signatures of known attacks or
deviations from normal activity. These deviations or anomalies are pushed up the stack
and examined at the protocol and application layer. They can effectively detect events
such as Christmas tree scans and domain name system (DNS) poisonings.
Diagrams
1.7. The potential impact (Threat-Risk) of a
firewall and IDS if they are incorrectly configured
in a network.
1.7.1. The potential impact (Threat-Risk) of a firewall.
Network firewalls are not easy to update. Keeping rules up to date when environments
and applications are dynamic and complex is almost impossible.
Because of this challenge, firewall policy is often behind the current status of your
applications and data. This means you are increasing risk in your data center until you
manage to manually set the rules. Moreover, those rules may well become obsolete
again almost immediately, so you can never truly stem the issue of growing risk.
At the same time, companies have to deal with compliance mandates and governance,
which are just as strict on the cloud environments as on-premises environments. While
the increased agility of a hybrid cloud ecosystem is helpful for streamlining business
processes, the speed of change has caused many organizations to fall badly short of
compliance requirements.
It’s especially difficult to get full visibility into hybrid cloud environments – and without
visibility, you can easily fall prey to blind spots resulting from misconfigurations. Take
the Capital One breach, for example, where hackers could exfiltrate “data through a
‘misconfiguration’ of a firewall on a web application. That allowed the hacker to
communicate with the server where Capital One was storing its information and,
eventually, obtain customer files.” The result was the loss of the personal data of more
than 100 million people, including tens of millions of credit card applications.
- VPC access:
Of course, your business doesn’t want anyone on the internet to be able to access your
VPCs. That said, this is a common mistake. Many businesses use ACLs to manage the
problem, but it can be time-consuming and leave blind spots.
- Services permissions:
It often happens that unnecessary services are left running on the firewall, opening up
enterprises to risk and broadening the attack surface. When devices are configured from
the start with the principle of zero-trust and least privilege, this removes that risk. It also
ensures that devices can only do the specific function you need them for.
- Inconsistent authentication:
Enterprises often have networks that work across multiple geographies and locations, as
well as different environments. Consistent authentication across these different places is
a cornerstone of good firewall hygiene. If some requirements are weaker than others,
the misalignment creates vulnerable areas of the enterprise that can be leveraged like
an unlocked door. The result is that your business will be open to attacks.