Chapter 2: Network Security Devices Flashcards Preview

CCNA Cyber Ops 210-250 > Chapter 2: Network Security Devices > Flashcards

Flashcards in Chapter 2: Network Security Devices Deck (8)
Loading flashcards...
1

Network-based Firewalls

- primary task is to deny or permit traffic that attempts to enter or leave the network
- decisions based on explicit preconfigured policies and rules

2

What are processes used by Network-based Firewalls to allow or block traffic

- simple packet-filtering techniques
- Application Proxies
- Network Address Translation
- Stateful Inspection Firewalls
- Next-generation context-aware firewalls

3

Packet-filtering

- control access to specific network segments by defining which traffic can pass through them
- usually inspects traffic at the transport layer of the OSI model
- Example: packet filters can analyze TCP/UDP packets and compare them against a set of predetermined rules (ACLs)
----Inspect the following elements-----
- source address
- destination address
- source port
- destination port
- protocol

4

ACE

- Access Control Entry
- classify packets by inspecting Layer 2 through Layer 4 headers
-- Layer 2 protocol information: EtherTypes
-- Layer 3 Header Information: source/dest IP addresses
-- Layer 4 protocol information: ICMP, TCP, UDP
-- Layer 4 Header Information: source/dest ports

5

Standard ACLs

- used to identify packets based on their destination IP address
- used for route redistribution for dynamic routing deployments
- can only be used if the router is in "routed" mode
- CANNOT be applied to an interface for filtering traffic

6

Extended ACLs

- most common type of ACL
- can be used if the router is in "routed" OR "transparent" mode
- can classify packets based on:
---- source and destination IP address
---- Layer 3 protocols
---- source/destination ports
---- destination ICMP type for ICMP packets

7

Application Proxies

- aka proxy servers
- devices that operate as intermediary agents on behalf of clients that are on a private or protected network
- clients on the protected network send connection requests to the application proxy to transfer data to the unprotected network or Internet.
- works at the Application Layer
- Great tool for networks with numerous servers that experience high usage
- can protect against some web-server-specific attacks

8

Stateful Inspection Firewalls

- track every packet passing through their interfaces by ensuring that they are valid, established connections
- examine packet header contents AND application layer information within the payload