Scribd
Upload
73 views

Section 3 - Security Architecture Principle

The document outlines key functions of a network security perimeter including routing traffic between the enterprise and internet, preventing executable files from being transferred, and monitoring internal and external network ports for rogue activity. It also discusses controlling user traffic, identifying and blocking anomalous traffic and malware, enforcing filtering policies, and terminating encrypted VPN traffic from remote users and sites.

Uploaded by

fadhil
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
73 views

Section 3 - Security Architecture Principle

The document outlines key functions of a network security perimeter including routing traffic between the enterprise and internet, preventing executable files from being transferred, and monitoring internal and external network ports for rogue activity. It also discusses controlling user traffic, identifying and blocking anomalous traffic and malware, enforcing filtering policies, and terminating encrypted VPN traffic from remote users and sites.

Uploaded by

fadhil
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Route traffic between the enterprise and the Internet

Prevent executable files from being transferred through email


attachment or web browsing

Monitor internal and external network port for rogue activity

Detect and bloc traffic from infected internal end point


Internet Perimeter Should
Control user traffic bound toward the Internet

Identify and block anomalous traffic and malicious packets


recognize as potentials attacks

Eliminate threats such as email spam, viruses and wormss


THE SECURITY PERIMETER
Enforce filtering policies ro block access to websites containing
malware or questionable content

WANs

WLANs
Protection for
Terminate encroyted VPN Traffic initiated by remote users

Provide a hub for teminating encrypted VPN traffic from remote


Isolation Network VPNs protection should be threefold
SECURITY ZONE AND DEMILITARIZED ZONES Isolation and segmentation Overview of Security Architecture sites, organizations

Provide a hub for terminating traditional dial-in users

INTERDEPENDENCIES
Time of Event
SECURITY ARCHITECTURE AND FRAMEWORKS
Changes to permissions
SABSA AND THE ZACHMAN FRAMEWORK
System startup or shutdown THE OPEN GROUP ARCHITECTURE FRAMEWORK (TOGAF)
Login or logout

Changes to data Application


Logging
Errors or violations Presentation

Job failures Seesions

security event Mangement (SEM) Transport Layer


SECURITY INFORMATION AND EVENT MANAGEMENT
Network

INGRESS EGRESS AMD DATA LOSS PREVENTION Data Link


The OSI Model Physical
Restriction pf outbound traffic...

Policies and awareness that train users to avoid opening suspect


controlled antimalware
emails.. ANTIVIRUS AND ANTI-MALWARE

Multiple layers of anti-malware


TCP/IP Internet Version Protocol Remember figure 3.3
IDS Feature ingress, egress
Logging, monitoring and detection
ENCAPSULATION PDU (Protocol Data Unit)
IDS Limitaions

Network-based IDS
Categories of IDS
Host-based IDS

Signature-Based
Horizontal defense in Depth
Statistical-bsaed Type of IDS Remember Type of Defense in Depth Implementations ( Figure 3.6)
Section 3 : Security
INTRUSION DETECTION SYSTEM Defense in depth Vertical defense in Depth
Neural networls

Terminate the access


IDS POLICY Architecture Principle
Trace the access Block access to particular sites on the Internet

Limit traffic on an organization’s public services segment to


relevant addresses and ports.
dropped at the network perimeter Prevent certain users from accessing certain servers or services.

Monitor and record communications between an internal and an


INTRUSION PREVENTION SYSTEM FIREWALL GENERAL FEATURE external network in order to investigate network penetrations or
detect internal subversion.

Encrypt packets that are sent between different physical locations


Encryption algorithm within an organization by creating a VPN over the Internet (e.g., IP
security [IPSec], secure VPN tunnels). The capabilities of some
Encryption Key firewalls can be extended so they can also provide for protection
KEY ELEMENTS OF CRYPTOGRAPHIC SYSTEM
against viruses and attacks directed to exploit known operating
Key length
system vulnerabilities
Symetric key system
Packet Filtering
Asymetric key system KEY SYSTEM
Encryption? used for? Application firewall system
NETWORK FIREWALL TYPES
ECC ( Elliptical curve cryptography)
Stateful inspections
Quantum Cryptography
Nect Generation firewall (NGFW)
Data Integrity

Authentication ensure
Digital Signature
Non Repudiation

Generation Firewall ( figure 3.8)


Transport Layer Security (TLS)
IP Spoofing
Secure Hyper Text Transfer Protocol (HTTPS)
PACKET FILTERING FIREWALL ( FIGURE 3.9) & (FIGURE 3.10) Attack agains packet filtering Source routing specification

Miniature fragment attack


Virtual Private Network (VPN)
Application-level gateways
Application of Cryptographic systems Encryption fundamentals, techniques and FIREWALL APPLICATION FIREWALL SUSTEMS ( Figure 3.11)
IPsec Indormation flow control Circuit-level gateways
applications
Advantages
SSH Figure 3.12
Disadventages
STATEFUL INSPECTION FIREWALL
Secure Multipurpose Internet Mail Extensions ( S/MIME) Stateless vs Statefull

Screened-host firewall
Secure Electronic Transactions (SET)
Dual-homed firewall Example Firewall Implementation
Digital Certificates
Demilitarized zone (DMZ) or screened-subned firewall
Certificate Authority Public Key Infrastructure

Registration authority

Stored Data Configuration errors

Encryption Risk and Key Protection Monitoring demands


FIREWALL ISSUE
Policy Maintanance

Vulnerability to application-and input-based attacks

Software

hardware
Firewall Platform
virtual platform

Web Application Firewall

Next Generation Firwall ( NG FW)

You might also like