The document discusses various methods of achieving network security, including firewalls, web application firewalls, proxies, endpoint detection and response, active directory domain services, antivirus, and network access control. It provides details on the purpose and implementation of each method.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
19 views12 pages
Network Security
The document discusses various methods of achieving network security, including firewalls, web application firewalls, proxies, endpoint detection and response, active directory domain services, antivirus, and network access control. It provides details on the purpose and implementation of each method.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12
NETWORK SECURITY
Network Security achieved with the following implementations:
• FIREWALL • WAF – Web Application Firewall • Proxy • EDR – Endpoint Detection and response • AD – Active Directory Domain Service • AV – AntiVirus • NAC- Network Access Control • PIMS etc. FIREWALL A Firewall is a network security device /sw, that monitors and filters incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules of an organization's security policies. Firewalls have been a first line of defense in network security. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. A firewall can be hardware, software, software-as-a service (SaaS), public cloud, or private cloud (virtual). FIREWALL CONT.. There are many types of firewalls, often categorized as follows: Network firewall. Host-based firewall. Hardware firewall. Software firewall. Internal firewall. Distributed firewall. Perimeter firewall. Next-generation firewall (NGFW) – We use this type of Firewalls. FIREWALL CONT.. Network firewalls prevent unauthorized access by creating and separating a secure zone from a less secure zone. They use configuration and access control policies to control communications between the two zones. Network firewalls usually operate at OSI Layer 3 and 4 and focus on network protocols such Domain Name System (DNS), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Secure Shell (SSH) and Telnet. WAF – Web Application Firewall A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defence (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is against a range of attack vectors. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. Types of WAF
A network-based WAF is generally hardware-based. Since they are
installed locally, they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment. A host-based WAF may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. Cloud-based WAFs offer an affordable option that is very easy to implement, they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats with minimal costs. WAF vs Firewall Layer 7 vs Layer 3 & 4 Protection: Layer 7 protection and Layer 3 and 4 protections are both critical components of network security protection mechanisms. Layer 7 protection refers to an application-level protection mechanism that focuses on observing the application's traffic, recognizing patterns, and rejecting malicious traffic that doesn't conform to the traffic's typical application. In contrast, Layer 3 and 4 protections refer to network-level protection that is based on standard TCP/IP and UDP protocol suites, focusing on controlling the flow of traffic based on the source and destination IP addresses and ports. The key difference between the two methods is that Layer 7 protection focuses on rejecting anything that is not explicitly allowed by application protocols. Layers 3 and 4, on the other hand, focus on restricting traffic that does not match pre-defined rules based on IP addresses, ports or protocols. PROXY What is Proxy: A proxy server is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online. Types of Proxies Based on Traffic Flow:
Depending on whether they are set up on the client's side as
outgoing or the server's side as incoming, there are two categories of proxies forward and reverse. PROXY cont.. Proxies provide a valuable layer of security for your computer. They can be set up as web filters or firewalls, protecting your computer from internet threats like malware. This extra security is also valuable when coupled with a secure web gateway or can filter traffic according to its level of safety or how much traffic your network or individual computers can handle. Use proxies for personal purposes, such as hiding their location while watching movies online, for example. For a company, however, they can be used to accomplish several key tasks such as: 1. Improve security. 2. Secure employees’ internet activity. 3. Control the websites to employees to access in the office. 4. Save bandwidth by caching files or compressing incoming traffic . EDR , Endpoint Detection and Response (EDR), also referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware. Our Bank used EDR solution from CrowdStrike
Key EDR functions
Automatically uncovers stealthy attackers- EDR technology pairs comprehensive visibility across all endpoints with IOAs and applies behavioral analytics that analyze billions of events in real time to automatically detect traces of suspicious behavior. Integrates with threat intelligence - provides faster detection of the activities and tactics, techniques and procedures (TTPs) identified as malicious. This delivers contextualized information that includes attribution where relevant, providing details on the adversary and any other information known about the attack. Managed threat hunting for proactive defense - Using EDR, the threat hunters work proactively to hunt, investigate and advise on threat activity in your environment. When they find a threat, they work alongside your team to triage, investigate and remediate the incident, before it has the chance to become a full-blown breach. Provides real-time and historical visibility - EDR acts like a DVR on the endpoint, recording relevant activity to catch incidents that evaded prevention. NAC – Network Access Control Compliance requirements for Network NAC – Network Access control : Which ensures the compliance requirements to get connected to the SBI Network to any client/user of the Bank. ClearPass OnGuard performs advanced endpoint posture assessments to ensure security and compliance requirements are met, prior to devices connecting to the corporate network, in our Bank. ClearPass OnGuard controls compromised devices by detecting and blocking access to unsecure or unhealthy devices. The client is denied access to network resources across wired, wireless, and remote networks when it is determined to be unsecure, which is accomplished by running an extensive posture assessment. With ClearPass OnGuard, your IT team can define the “level of health” a device must have to gain network access. This solution automatically conducts critical endpoint health checks and posture assessments to ensure that all devices are compliant with your requirements (and industry best practices) ClearPass leverages a user's role, device, location, application use, and time of day to execute custom security policies, accelerate device deployments, and streamline network operations across wired networks, wireless networks, and VPNs. Aruba is the Service provider for ClearpassOnguard – for our Network Compliance requirements for Network Access ADDS – Active Directory Domain Services : Architecture used in the Bank ( going to explain) AV – Trend Micro solution provides antivirus for our Bank. PIMS etc