Network Security Policies, Attacks and Firewalls

Classified in Other subjects

Written on in English with a size of 3.77 KB

Network Security

Network Security - Part of information security which deals with maintaining the reliability, availability and integrity of information in a computer network.

Threat Actors (Forwards)

Forwards -

  • Script-kiddies
  • Hacker
  • Insider

Motivation

Motivation - Exhibitionism, theft of information.

Attacks, Liabilities and Assets

Attacks - Liabilities - Assets

Social Engineering

Social Engineering - Methods used to gain access to sensitive or important information systems in organizations through deception or exploitation of people's trust.

Fairs - Insurer

Attack Lifecycle

Attack -

  1. Recognize
  2. Explore
  3. Gain access
  4. Maintain access
  5. Erase traces

Obtaining Information

Obtaining information -

  • Trashing
  • Social engineering
  • Physical attack

Buffer Overflow

Buffer overflow - Stack overflow attack.

Security Policy

Security Policy - Set guidelines, standards and procedures to be followed in order to guide employees, customers, partners and suppliers to use a secure electronic environment.

Objective - Describe what is being protected and why. Set priorities about what must be protected first and at what cost. Establish an explicit agreement with various parts of the company over the value of security.

  • Provide the security department a valid reason to say no when necessary.
  • Provide the security department with the authority to sustain the no.
  • Prevent the security department from performing futile tasks.
  • Express the importance the company gives to information.

Policy Basics

Basics - Use simple language with few technical terms. Be clear, concise and easily applicable. Monitor practical reality. Ensure wide dissemination. Compile policies in conjunction with representatives from various areas of the organization. Plan for periodic reviews and set penalties for violations.

Guidelines, Standards and Procedures

Guidelines - Standards - Procedures

Implementation

Implementation -

  • Approval
  • Publication
  • Disclosure
  • Training
  • Implementation
  • Assessment and identification of needed changes
  • Review

Model

Model - Plan – Implement – Monitor – Audit

Operating System

Operating System - Manages processor, memory, device I/O, file system and security.

Firewall

Firewall - A firewall is a point between two or more networks, which may be a component or a set of components, through which all traffic passes. It allows control, authentication and records all traffic.

  • Bastion hosts are installed where equipment services are to be offered to the Internet.

Filter, NAT and Mangle

Filter, nat mangle -

FILTER - INPUT - FORWARD - OUTPUT

NAT = PREROUTING - OUTPUT - POSTROUTING

Mangle - PREROUTING - OUTPUT

Proxy

Proxy - A proxy is used to maintain, in an area of fast access, information already accessed by another user, thus preventing repeated transmission of this information and making it available to the user in a much shorter time.

Karma: -23%
Visits: 0

Related entries:

Tags:
NAT network security social engineering information security buffer overflow attack lifecycle proxy security implementation stack overflow operating system security mangle insider threat bastion hosts firewall security policy threat actors