CISSP Introduction Module

CISSP Module 01

CISSP Module 02

CISSP Module 03

CISSP Module 04

CISSP Module 05

CISSP Module 06

CISSP Module 07

CISSP Module 08

CISSP Module 09

Part 13 – Firewalls, Proxies and NAT

Invite Friends
Facebook Twitter Google+ LinkedIn Email
Description
Virtual Practice Lab
Practice Test
Resources
Part 13 – Firewalls, Proxies and NAT

We cover quite a bit of ground in this section. The topics discussed span several layers of the OSI model from layer 3 up to layer 5. And as with many of the sections in this module, we look at the various security threats associated with the devices, protocols, and layers at which they reside.

We begin by discussing NAT (Network Address Translation) and its associated protocol, PAT (Port Address Translation). These protocols serve to map private internal IP addresses to public IP addresses, .i.e the internet. This discussion then leads into the security issues associated with the upper OSI layers.

Firewalls and how they implement security rules are covered next. At their core, firewalls allow or block traffic using rule-based access control. These rules are implemented either in hardware and software and we’ll examine the different types of firewalls in a moment. The key function of firewalls is to separate traffic into trusted (internal network) and untrusted (external network, e.g. the internet) zones.

The discussion of the various types of firewalls begins with examining the OSI layers where they operate. Layer 3 firewalls utilize packet filtering, which are effectively routers with ACLs (Access Control Lists). ACLs contain the rules which govern how a firewall directs network traffic. It looks at network and transport layer packets, IP addresses, ports and flags when deciding how and where to direct traffic.

It’s noted that layer 3 firewalls are not stateful and utilize an “all of nothing” approach to packet filtering. This approach keeps malformed packets off the network, though while quite important, is not able to block viruses and performs no content inspection.

Layer 5 firewalls are stateful firewalls. They use context-dependent decisions to implement access control. Stateful firewalls keep track of a multitude of conditions such as the state of connections and determining whether a reply is expected. Many threats exploit such vulnerabilities at the transport layer.

Other upper layer firewalls that we examine in this section are proxy firewalls and application proxies. Proxy firewalls act as a layer 5 shim between layers 4 and 7. These type of firewalls mitigate exploits targeting the TCP handshake such as SYN flood attacks. Application proxies are true content inspection firewalls and implement non-repudiation. They actively look out for malware and other malicious content coming across the connection. These types of firewalls possess far greater intelligence than layer 3 firewalls.

We conclude this section with a discussion of security zones such as the DMZ, bastion hosts, and multi-homed firewalls. We then circle back to discussing how NAT/PAT are used by firewalls to hide internal IP addresses from the external network.

Finally, we cite common best practices for firewall configuration such as blocking unnecessary traffic like ICMP, keeping ACLs simple, using implicit deny, the principle of least privilege, and ingress and egress filtering. As promised, this section is info-packed!

Watch the Course Intro Video
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Upcoming Industry Events

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Are You Scared of Fileless Ransomware?
Views: 1280 / July 22, 2017
Analiz: Petya Ransomware!
Views: 1612 / July 21, 2017
Cookies and Sessions
Views: 1432 / July 21, 2017
UNM4SK3D: Ethereum, CIA, and IoT
Views: 1188 / July 21, 2017
Skip to toolbar
Cybrary works best if you switch to our Android-friendly app
Continue

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel