CST 311 - Week 8
This week, the final week, the topic of study was security. This includes firewalls as well as intrusion detection systems (IDS)/intrusion protection systems (IPS).
Firewalls accomplish two major things. Those are separating the inside net traffic from the outside net traffic and filter traffic. It filters the traffic by comparing the packet against a security protocol, set up locally by the network admin, and deciding whether to block or allow the packet through. The purpose of using a firewall is to prevent DoS attacks, prevent illegal modifying or accessing of internal data, allow authorized access to the outside net, etc.
There are three types of firewalls, stateless packet filters, stateful packet filters, and application gateways. Stateless packet filtering filters packet-by-packet deciding whether to forward it on to the destination or drop the packet based on many criteria. These include the source/destination IP address, TCP/UDP source/destination port numbers, ICMP message type, TCP SYN/ACK bits, etc. Stateful packet filtering works differently than stateless because it can operate on a group of packets and know what state those packets are in. For example, tracking the connection setup (SYN) and the connection teardown (FIN) to determine if the incoming and outgoing packets seem logical. Application gateways act like a firewall by filtering packets but it does so on a deeper level. Unlike firewalls that filter packets on IP/TCP/UDP fields, application gateways also filter the packet on the application data contained in the datagram. For example, it can use the credentials of an employee on an application to determine if that employee has access to access the outside net.
Intrusion detection/protection systems take packet filtering a step further. It can do deep packet inspections that look inside the packets' contents to compare character strings against a database of known viruses and character attacks. The intrusion detection system only alerts the network admin if there is a match in the database while intrusion protection systems will also take action on that alert.
Comments
Post a Comment