Video Description

We cover quite a bit of ground in this section. The topics discussed span several layers of the OSI model from layer 3 up to layer 5. And as with many of the sections in this module, we look at the various security threats associated with the devices, protocols, and layers at which they reside. We begin by discussing NAT (Network Address Translation) and its associated protocol, PAT (Port Address Translation). These protocols serve to map private internal IP addresses to public IP addresses, .i.e the internet. This discussion then leads into the security issues associated with the upper OSI layers. Firewalls and how they implement security rules are covered next. At their core, firewalls allow or block traffic using rule-based access control. These rules are implemented either in hardware and software and we'll examine the different types of firewalls in a moment. The key function of firewalls is to separate traffic into trusted (internal network) and untrusted (external network, e.g. the internet) zones. The discussion of the various types of firewalls begins with examining the OSI layers where they operate. Layer 3 firewalls utilize packet filtering, which are effectively routers with ACLs (Access Control Lists). ACLs contain the rules which govern how a firewall directs network traffic. It looks at network and transport layer packets, IP addresses, ports and flags when deciding how and where to direct traffic. It's noted that layer 3 firewalls are not stateful and utilize an "all of nothing" approach to packet filtering. This approach keeps malformed packets off the network, though while quite important, is not able to block viruses and performs no content inspection. Layer 5 firewalls are stateful firewalls. They use context-dependent decisions to implement access control. Stateful firewalls keep track of a multitude of conditions such as the state of connections and determining whether a reply is expected. Many threats exploit such vulnerabilities at the transport layer. Other upper layer firewalls that we examine in this section are proxy firewalls and application proxies. Proxy firewalls act as a layer 5 shim between layers 4 and 7. These type of firewalls mitigate exploits targeting the TCP handshake such as SYN flood attacks. Application proxies are true content inspection firewalls and implement non-repudiation. They actively look out for malware and other malicious content coming across the connection. These types of firewalls possess far greater intelligence than layer 3 firewalls. We conclude this section with a discussion of security zones such as the DMZ, bastion hosts, and multi-homed firewalls. We then circle back to discussing how NAT/PAT are used by firewalls to hide internal IP addresses from the external network. Finally, we cite common best practices for firewall configuration such as blocking unnecessary traffic like ICMP, keeping ACLs simple, using implicit deny, the principle of least privilege, and ingress and egress filtering. As promised, this section is info-packed!

Course Modules

ISC2 CISSP