One of the most essential portions of information security is the design and topology of secure networks. What exactly do we mean by “topology?” Usually, a geographic diagram of a network comes to mind. However, in networking, topologies are not related to the physical arrangement of equipment, but rather, to the logical connections that act between the different gateways, routers, and servers. We will take a closer look at some common security topologies.
In a screening router setup, the router acts as the sole gateway and gatekeeper between the un-trusted, outside network (i.e. the Internet) and the trusted network (i.e. LAN). The router maintains sole discretion on which traffic to allow in by implementing an ACL, or access control list. The router in this setup, which blocks traffic based on source, destination, and other header information, is analogous to Saint Peter, who acts as the gatekeeper into Heaven. Some of the advantages of screening routers include their transparency and simplicity. However, in the screening router setup, the router is the sole point of failure and depends heavily on the administrator to maintain a favorable ACL. Also, a screening router has difficulty in masking internal network structure.
The dual-home gateway is a screening router setup that implements a bastion host between the screening (external) router and the trusted network. A bastion host is a host that is configured to withstand most attacks and can additionally function as a proxy server. By adding the bastion host, no direct communication exists between the external network and the trusted network, masking the internal network structure and allowing for traffic to be screened twice. It is considered fail-safe in that if one of the components (bastion host, router) fails, the security system remains available. However, it is cumbersome and rather slow in comparison to other topologies.
Screened Host Gateway
A screen host gateway is essentially a dual-homed gateway in which outbound traffic (from trusted to un-trusted) can move unrestricted. Incoming traffic must first be screened and then sent to the bastion host, like in a dual-homed gateway. This is a less secure but more transparent system than dual-homed gateway.
A screened-subnet setup works to employ a bastion host between two screening routers. What this provides is a special zone for publicly available services (around the bastion host) and transparent access for users on the trusted network. The zone around the bastion host that operates publicly and whose traffic to the trusted network is screened is known as a DMZ zone; for this reason, bastion hosts are sometimes referred to as DMZ hosts. Remember for the exam that a DMZ host would always be well-secured, just like a bastion host would be.
An intrusion detection system, or IDS, can track or detect a possible malicious attack on a network. For the exam, you will have to know about some division of IDS classifications:
- Active v. Passive IDS: An active IDS will attempt to thwart any kind of detected attacks without user intervention. A passive IDS simply monitors for malicious activity and then alerts the operator to act, or in other words, requires their intervention. Passive IDS is less susceptible to attacks on the IDS system as it does not automatically act.
- Network v. Host IDS: A network-based IDS is one that operates as its own node on a network, while host-based IDS systems require agents to be installed on every protected host.*
- Knowledge v. Behavior IDS: A knowledge-based IDS works by assessing network traffic and comparing it with known malicious signatures, much like antivirus software. A behavior-based IDS analyzes baselines or normal conditions of network traffic; it then compares them to possibly malicious levels of traffic. Note that this type of IDS produces more false alarms.
A honeypot is designed to lure attackers or malicious users into attempting an attack on a fictional or purposefully-weak host and then recording the patterns of their activity or the source of the attack. A honeypot can also act as bait for the rest of the network by luring attackers to an “easy target.”
**Source by wikipedia**
To Become Certified For CompTIA Security+ Please Visit This Link ;