devices chapter 9. learning objectives understand the purpose of a network firewall and the kinds of...
TRANSCRIPT
![Page 1: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/1.jpg)
Devices
Chapter 9
![Page 2: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/2.jpg)
Learning Objectives
Understand the purpose of a network firewall and the kinds of firewall technology available on the market
Understand the role of routers, switches, and other networking hardware in security
Determine when VPN or RAS technology works to provide a secure network connection
![Page 3: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/3.jpg)
Firewalls
Hardware or software device that provides means of securing a computer or network from unwanted intrusion Dedicated physical device that protects
network from intrusion Software feature added to a router, switch, or
other device that prevents traffic to or from part of a network
![Page 4: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/4.jpg)
Management Cycle forFirewall Protection
1. Draft a written security policy
2. Design the firewall to implement the policy
3. Implement the design by installing selected hardware and software
4. Test the firewall
5. Review new threats, requirements for additional security, and updates to systems and software; repeat process from first step
![Page 5: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/5.jpg)
Drafting a Security Policy
What am I protecting? From whom? What services does my company need to
access over the network? Who gets access to what resources? Who administers the network?
![Page 6: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/6.jpg)
Available Targets and Who Is Aiming at Them
Common areas of attack Web servers Mail servers FTP servers Databases
Intruders Sport hackers Malicious hackers
![Page 7: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/7.jpg)
![Page 8: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/8.jpg)
Who Gets Access to Which Resources?
List employees or groups of employees along with files and file servers and databases and database servers they need to access
List which employees need remote access to the network
![Page 9: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/9.jpg)
Who Administers the Network?
Determine individual(s) and scope of individual management control
![Page 10: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/10.jpg)
Designing the Firewallto Implement the Policy
Select appropriate technology to deploy the firewall
![Page 11: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/11.jpg)
What Do Firewalls Protect Against?
Denial of service (DoS) Ping of death Teardrop or Raindrop attacks SYN flood LAND attack Brute force or smurf attacks IP spoofing
![Page 12: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/12.jpg)
How Do Firewalls Work?
Network address translation (NAT) Basic packet filtering Stateful packet inspection (SPI) Access control lists (ACL)
![Page 13: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/13.jpg)
Network Address Translation (NAT)
Only technique used by basic firewalls Enables a LAN to use one set of IP addresses for
internal traffic and a second set for external traffic
Each active connection requires a unique external address for duration of communication
Port address translation (PAT) Derivative of NAT Supports thousands of simultaneous connections on a
single public IP address
![Page 14: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/14.jpg)
Basic Packet Filtering
Firewall system examines each packet that enters it and allows through only those packets that match a predefined set of rules
Can be configured to screen information based on many data fields:
Protocol type IP address TCP/UDP port Source routing information
![Page 15: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/15.jpg)
Stateful Packet Inspection (SPI)
Controls access to network by analyzing incoming/outgoing packets and letting them pass or not based on IP addresses of source and destination
Examines a packet based on information in its header Enhances security by allowing the filter to
distinguish on which side of firewall a connection was initiated; essential to blocking IP spoofing attaches
![Page 16: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/16.jpg)
Access Control Lists (ACL)
Rules built according to organizational policy that defines who can access portions of the network
Access-list 101 permit tcp any 1.2.1.222 0.0.0.0 eq 80 Access-list 101 deny ip any 1.2.1.222 0.0.0.0
![Page 17: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/17.jpg)
Routers
Network management device that sits between network segments and routes traffic from one network to another
Allows networks to communicate with one another
Allows Internet to function Act as digital traffic cop (with addition of
packet filtering)
![Page 18: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/18.jpg)
How a Router Moves Information
Examines electronic envelope surrounding a packet; compares address to list of addresses contained in router’s lookup tables
Determines which router to send the packet to next, based on changing network conditions
![Page 19: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/19.jpg)
How a Router Moves Information
![Page 20: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/20.jpg)
Beyond the Firewall
Demilitarized zone (DMZ) Bastion hosts (potentially)
![Page 21: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/21.jpg)
Demilitarized Zone
Area set aside for servers that are publicly accessible or have lower security requirements
Sits between the Internet and internal network’s line of defense
Stateful device fully protects other internal systems Packet filter allows external traffic only to services
provided by DMZ servers Allows a company to host its own Internet
services without sacrificing unauthorized access to its private network
![Page 22: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/22.jpg)
![Page 23: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/23.jpg)
Bastion Hosts
Computers that reside in a DMZ and that host Web, mail, DNS, and/or FTP services
Gateway between an inside network and an outside network
Defends against attacks aimed at the inside network; used as a security measure
Unnecessary programs, services, and protocols are removed; unnecessary network ports are disabled
Do not share authentication services with trusted hosts within the network
![Page 24: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/24.jpg)
Application Gateways
Also known as proxy servers Monitor specific applications (FTP, HTTP,
Telnet) Allow packets accessing those services to
go to only those computers that are allowed
Good backup to packet filtering
![Page 25: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/25.jpg)
Application Gateways
Security advantages Information hiding Robust authentication and logging Simpler filtering rules
Disadvantage Two steps are required to connect inbound or
outbound traffic; can increase processor overhead
![Page 26: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/26.jpg)
OSI Reference Model
Architecture that classifies most network functions
Seven layers Application Presentation Session Transport Network Data-Link Physical
![Page 27: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/27.jpg)
![Page 28: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/28.jpg)
The OSI Stack
Layers 4 and 5 Where TCP and UDP ports that control
communication sessions operate Layer 3
Routes IP packets Layer 2
Delivers data frames across LANs
![Page 29: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/29.jpg)
Limitations of Packet-Filtering Routers
ACL can become long, complicated, and difficult to manage and comprehend
Throughput decreases as number of rules being processed increases
Unable to determine specific content or data of packets at layers 3 through 5
![Page 30: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/30.jpg)
Switches
Provide same function as bridges (divide collision domains), but employ application-specific integrated circuits (ASICs) that are optimized for the task
Reduce collision domain to two nodes (switch and host)
Main benefit over hubs Separation of collision domains limits the possibility
of sniffing
![Page 31: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/31.jpg)
Switches
![Page 32: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/32.jpg)
Switch Security
ACLs Virtual Local Area Networks (VLANs)
![Page 33: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/33.jpg)
Virtual Local Area Network
Uses public wires to connect nodes Broadcast domain within a switched network Uses encryption and other security mechanisms
to ensure that Only authorized users can access the network Data cannot be intercepted
Clusters users in smaller groups Increases security from hackers Reduces possibility of broadcast storm
![Page 34: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/34.jpg)
Security Problems with Switches
Common ways of switch hijacking Try default passwords which may not have
been changed Sniff network to get administrator password
via SNMP or Telnet
![Page 35: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/35.jpg)
Securing a Switch
Isolate all management interfaces Manage switch by physical connection to a
serial port or through secure shell (SSH) or other encrypted method
Use separate switches or hubs for DMZs to physically isolate them from the network and prevent VLAN jumping
continued…
![Page 36: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/36.jpg)
Securing a Switch
Put switch behind dedicated firewall device
Maintain the switch; install latest version of software and security patches
Read product documentation Set strong passwords
![Page 37: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/37.jpg)
Quick Quiz
The process by which a private IP address in a corporate network is translated into a public address by a router or firewall is called_____________
True or False: Advanced firewalls use stateful packet inspection to improve security.
A computer providing public network services that resides inside a corporate network but outside its firewall is called a ______.
True or False: IP packets are routed by layer 2 of the OSI model.
A feature available in some switches that permit separating the switch into multiple broadcast domains is called _________.
![Page 38: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/38.jpg)
Wireless
Almost anyone can eavesdrop on a network communication
Encryption is the only secure method of communicating with wireless technology
![Page 39: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/39.jpg)
Modems
![Page 40: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/40.jpg)
DSL versus Cable Modem Security
DSL Direct connection between computer/network and the
Internet Cable modem
Connected to a shared segment; party line Most have basic firewall capabilities to prevent files
from being viewed or downloaded Most implement the Data Over Cable Service
Interface Specification (DOCSIS) for authentication and packet filtering
![Page 41: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/41.jpg)
Dynamic versus Static IP Addressing
Static IP addresses Provide a fixed target for potential hackers
Dynamic IP addresses Provide enhanced security By changing IP addresses of client machines,
DHCP server makes them moving targets for potential hackers
Assigned by the Dynamic Host Configuration Protocol (DHCP)
![Page 42: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/42.jpg)
Remote Access Service (RAS)
Provides a mechanism for one computer to securely dial in to another computer
Treats modem as an extension of the network
Includes encryption and logging Accepts incoming calls Should be placed in the DMZ
![Page 43: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/43.jpg)
Security Problems with RAS
Behind physical firewall; potential for network to be compromised
Most RAS systems offer encryption and callback as features to enhance security
![Page 44: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/44.jpg)
Telecom/Private Branch Exchange (PBX)
PBX Private phone system that offers features such
as voicemail, call forwarding, and conference calling
Failure to secure a PBX can result in toll fraud, theft of information, denial of service, and enhanced susceptibility to legal liability
![Page 45: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/45.jpg)
IP-Based PBX
![Page 46: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/46.jpg)
PBX Security Concerns
Remote PBX management Hoteling or job sharing
Many move codes are standardized and posted on the Internet
![Page 47: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/47.jpg)
Virtual Private Networks
Provide secure communication pathway or tunnel through public networks (eg, Internet)
Lowest levels of TCP/IP are implemented using existing TCP/IP connection
Encrypts either underlying data in a packet or the entire packet itself before wrapping it in another IP packet for delivery
Further enhances security by implementing Internet Protocol Security (IPSec)
![Page 48: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/48.jpg)
![Page 49: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/49.jpg)
Intrusion Detection Systems (IDS)
Monitor networks and report on unauthorized attempts to access any part of the system
Available from many vendors Forms
Software (computer-based IDS) Dedicated hardware devices (network-based IDS)
Types of detection Anomaly-based detection Signature-based detection
![Page 50: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/50.jpg)
Computer-based IDS
Software applications (“agents”) are installed on each protected computer
Make use of disk space, RAM, and CPU time to analyze OS, applications, system audit trails
Compare these to a list of specific rules Report discrepancies
Can be self-contained or remotely managed Easy to upgrade software, but do not scale well
![Page 51: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/51.jpg)
Network-based IDS
Monitors activity on a specific network segment
Dedicated platforms with two components Sensor
Passively analyzes network traffic Management system
Displays alarm information from the sensor
![Page 52: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/52.jpg)
![Page 53: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/53.jpg)
Anomaly-based Detection
Builds statistical profiles of user activity and then reacts to any activity that falls outside these profiles
Often leads to large number of false positives Users do not access computers/network in static,
predictable ways Cost of building a sensor that could hold enough
memory to contain the entire profile and time to process the profiles is prohibitively large
![Page 54: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/54.jpg)
Signature-based Detection
Similar to antivirus program in its method of detecting potential attacks
Vendors produce a list of signatures used by the IDS to compare against activity on the network or host
When a match is found, the IDS take some action (eg, logging the event)
Can produce false positives; normal network activity may be construed as malicious
![Page 55: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/55.jpg)
Network Monitoring and Diagnostics
Essential steps in ensuring safety and health of a network (along with IDS)
Can be either stand-alone or part of a network-monitoring platform HP’s OpenView IBM’s Netview/AIX Fidelia’s NetVigil Aprisma’s Spectrum
![Page 56: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/56.jpg)
Ensuring Workstation andServer Security
Remove unnecessary protocols such as NetBIOS or IPX
Remove unnecessary user accounts Remove unnecessary shares Rename the administrator account Use strong passwords
![Page 57: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/57.jpg)
Personal Firewall Software Packages
Offer application-level blocking, packet filtering, and can put your computer into stealth mode by turning off most if not all ports
Many products available, including: Norton Firewall ZoneAlarm Black Ice Defender Tiny Software’s Personal Firewall
![Page 58: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/58.jpg)
Firewall Product Example
![Page 59: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/59.jpg)
Antivirus Software Packages
Necessary even on a secure network Many vendors, including:
McAffee Norton Computer Associates Network Associates
![Page 60: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/60.jpg)
Mobile Devices
Can open security holes for any computer with which these devices communicate
![Page 61: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/61.jpg)
Chapter Summary
Virtual isolation of a computer or network by implementing a firewall through software and hardware techniques: Routers Switches Modems Various software packages designed to run on
servers, workstations, and PDAs
continued…
![Page 62: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/62.jpg)
Chapter Summary
Virtual private networks (VPNs) Private branch exchanges (PBX) Remote Access Services (RAS)
![Page 63: Devices Chapter 9. Learning Objectives Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand](https://reader035.vdocuments.us/reader035/viewer/2022062408/56649e115503460f94afd038/html5/thumbnails/63.jpg)
Quick Quiz
The standard used to help secure cable modem communications is called ____________
True or False: Static IP addressing is the most secure form of addressing.
True or False: RAS should be placed in the DMZ. A _____________ is used to provide a secure
communication channel through the public Internet ______________ based IDS uses statistical profiles.