Professional Documents
Culture Documents
Lesson 10:
Implementing Network
Security Appliances
Ivan Jude Busgano, CTT+
CompTIA Certified Professional
Course Instructor
LESSON 10 OBJECTIVES
www.transientx.com
TOPIC 10A - IMPLEMENT FIREWALLS AND PROXY SERVERS
www.transientx.com
TOPIC 10A OUTLINE
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
TOPIC 10A KEY LEARNING POINT
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
FIREWALLS
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
FIREWALLS - MODES OF OPERATION
• stateful operation
- tracks information about a session
- session data is stored in a state table
- occurs at layer 4 and layer 7
- used in most firewalls now
www.transientx.com
FIREWALLS – TRANSPORT & APPLICATION
www.transientx.com
FIREWALLS – IPTABLES
www.transientx.com
FIREWALL IMPLEMENTATIONS
• hardware-based
- deployment modes:
- router mode (layer 3)
- bridged mode (layer 2)
• software-based:
- host firewall (personal)
- application firewall
- server firewall
www.transientx.com
TOPIC 10A KEY LEARNING POINT
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
PROXIES & GATEWAYS
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
ACCESS CONTROL LISTS (ACLS)
www.transientx.com
TOPIC 10A KEY LEARNING POINT
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
Network address translation (NAT)
www.transientx.com
TOPIC 10A KEY LEARNING POINT
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
VIRTUAL FIREWALLS
• common implementations:
- hypervisor-based
- virtual appliance
- multiple context
www.transientx.com
TOPIC 10A KEY LEARNING POINT
• Firewalls
• Firewall implementations
• Proxies & gateways
• Access Control Lists (ACLs)
• Network address translation (NAT)
• Virtual firewalls
• Open source vs proprietary firewalls
www.transientx.com
OPEN SOURCE VS PROPRIETARY FIREWALLS
• mostly proprietary:
- developed from Linux kernel
- checkpoint, fortigate, sonicwall
• open source
- pfsense
- smoothwall
• Play video 1
• Play video 2
• Topic Quiz
www.transientx.com
TOPIC 10B - IMPLEMENT NETWORK SECURITY MONITORING
www.transientx.com
TOPIC 10B OUTLINE
www.transientx.com
TOPIC 10B KEY LEARNING POINT
www.transientx.com
NETWORK-BASED INTRUSION DETECTION SYSTEM (IDS)
www.transientx.com
TOPIC 10B KEY LEARNING POINT
www.transientx.com
NETWORK-BASED INTRUSION PREVENTION SYSTEMS (NIPS)
www.transientx.com
TOPIC 10B KEY LEARNING POINT
www.transientx.com
DETECTION MECHANISMS
www.transientx.com
TOPIC 10B KEY LEARNING POINT
www.transientx.com
NEXT GEN FIREWALL (NGFW)
www.transientx.com
TOPIC 10B KEY LEARNING POINT
www.transientx.com
UNIFIED THREAT MANAGEMENT (UTM)
• all-in-one appliance
www.transientx.com
TOPIC 10B KEY LEARNING POINT
www.transientx.com
CONTENT/URL FILTER
www.transientx.com
HOST-BASED INTRUSION DETECTION SYSTEMS
www.transientx.com
TOPIC 10B KEY LEARNING POINT
www.transientx.com
WEB-APPLICATION FIREWALLS (WAF)
• specifically designed to
protect web servers &
backend databases
• uses application-aware
processing rules
• some examples:
- modsecurity (opensource)
- naxsi (opensource)
- imperva (commercial)
www.transientx.com
TOPIC 10B ACTIVITY
• Play video
• Topic Quiz
www.transientx.com
TOPIC 10C - SUMMARIZE THE USE OF SIEM
www.transientx.com
TOPIC 10C OUTLINE
• Monitoring services
• Security Information & Event Management (SIEM)
• Report review
• File manipulation
www.transientx.com
TOPIC 10C KEY LEARNING POINT
• Monitoring services
• Security Information & Event Management (SIEM)
• Report review
• File manipulation
www.transientx.com
MONITORING SERVICES
• Monitoring services
• Security Information & Event Management (SIEM)
• Report review
• File manipulation
www.transientx.com
SECURITY INFORMATION & EVENT MANAGEMENT
• SIEM tasks:
- log collection
- log aggregation
- log correlation
www.transientx.com
TOPIC 10C KEY LEARNING POINT
• Monitoring services
• Security Information & Event Management (SIEM)
• Report review
• File manipulation
www.transientx.com
REPORT REVIEW
www.transientx.com
TOPIC 10C KEY LEARNING POINT
• Monitoring services
• Security Information & Event Management (SIEM)
• Report review
• File manipulation
www.transientx.com
FILE MANIPULATION
www.transientx.com
TOPIC 10C ACTIVITY
• Play video
• Topic Quiz
www.transientx.com
LESSON 10 GUIDELINES (KEY TAKEAWAYS)