Firewalls and network security measures

In this video, you'll

learn about different types of firewalls.

These include hardware,

software, and cloud-based firewalls.

You'll also learn the difference between

a stateless and stateful firewall and

cover some of the basic operations

that a firewall performs.

Finally, you will explore how

proxy servers are used to

add a layer of security to the network.

A firewall is a network security device that

monitors traffic to and from your network.

It either allows traffic or it blocks

it based on a defined set of security rules.

A firewall can use port filtering,

which blocks or allows

certain port numbers to limit unwanted communication.

For example, it could have a rule

that only allows communications on port

443 for HTTPS or port

25 for email and blocks everything else.

These firewall settings will be determined by

the organization's security policy.

Let's talk about a few different kinds of firewalls.

A hardware firewall is considered the most

basic way to defend against threats to a network.

A hardware firewall inspects

each data packet before it's

allowed to enter the network.

A software firewall performs

the same functions as a hardware firewall,

but it's not a physical device.

Instead, it's a software program

installed on a computer or on a server.

If the software firewall is installed on a computer,

it will analyze all the traffic

received by that computer.

If the software firewall is installed on a server,

it will protect all the devices connected to the server.

A software firewall typically costs

less than purchasing a separate physical device,

and it doesn't take up any extra space.

But because it is a software program,

it will add some processing burden

to the individual devices.

Organizations may choose to use a cloud-based firewall.

Cloud service providers offer firewalls as

a service, or FaaS, for organizations.

Cloud-based firewalls are software firewalls

hosted by a cloud service provider.

Organizations can configure the firewall rules

on the cloud service provider's interface,

and the firewall will perform security operations on

all incoming traffic before

it reaches the organization’s onsite network.

Cloud-based firewalls also protect any assets or

processes that an organization

might be using in the cloud.

All the firewalls we have discussed can be

either stateful or stateless.

The terms "stateful" and "stateless"

refer to how the firewall operates.

Stateful refers to a class

of firewall that keeps track of

information passing through it

and proactively filters out threats.

A stateful firewall analyzes

network traffic for characteristics and

behavior that appear suspicious

and stops them from entering the network.

Stateless refers to a class

of firewall that operates based on

predefined rules and does not

keep track of information from data packets.

A stateless firewall only acts according to

preconfigured rules set by the firewall administrator.

The rules programmed by the firewall administrator tell

the device what to accept and what to reject.

A stateless firewall doesn't store analyzed information.

It also doesn't discover

suspicious trends like a stateful firewall does.

For this reason, stateless firewalls are considered

less secure than stateful firewalls.

A next generation firewall, or NGFW,

provides even more security than a stateful firewall.

Not only does an NGFW provide

stateful inspection of incoming and outgoing traffic,

but it also performs more

in-depth security functions like

deep packet inspection and intrusion protection.

Some NGFWs connect to

cloud-based threat intelligence services

so they can quickly update to

protect against emerging cyber threats.

Now you have a basic understanding

of firewalls and how they work.

We learned that firewalls can be hardware or software.

We also discussed the difference between

a stateless and stateful firewall

and the security benefits of a stateful firewall.

Finally, we discussed next generation firewalls

and the security benefits they provide.

Coming up, we'll learn more about virtual networks.

Virtual private networks (VPNs)

In this video, we're going to

discuss how virtual private networks,

or VPNs, add security to your network.

When you connect to the internet,

your internet service provider receives

your network's requests and

forwards it to the correct destination server.

But your internet requests

include your private information.

That means if the traffic gets intercepted,

someone could potentially connect your internet activity

with your physical location

and your personal information.

This includes some information

that you want to keep private,

like bank accounts and credit card numbers.

A virtual private network,

also known as a VPN,

is a network security service that changes

your public IP address and hides

your virtual location so that you can keep your data

private when you're using a public

network like the internet.

VPNs also encrypt your data as it

travels across the internet to preserve confidentiality.

A VPN service performs

encapsulation on your data in transit.

Encapsulation is a process performed

by a VPN service that protects

your data by wrapping

sensitive data in other data packets.

Previously, you learned how the MAC and IP address of

the destination device is contained

in the header and footer of a data packet.

This is a security threat because it shows

the IP and virtual location of your private network.

You could secure a data packet by encrypting

it to make sure your information can't be deciphered,

but then network routers won't be able to read

the IP and MAC address to know where to send it to.

This means you won't be able to connect to

the internet site or the service that you want.

Encapsulation solves this problem

while still maintaining your privacy.

VPN services encrypt your data packets and

encapsulate them in other data packets

that the routers can read.

This allows your network requests

to reach their destination,

but still encrypts your personal data

so it's unreadable while in transit.

A VPN also uses an encrypted tunnel

between your device and the VPN server.

The encryption is unhackable without a cryptographic key,

so no one can access your data.

VPN services are simple and offer

significant protection while you're on the internet.

With a VPN,

you have the added assurance that your data is encrypted, and

your IP address and

virtual location are unreadable to malicious actors.

Security zones

In this section, we'll discuss a type of

network security feature called a security zone.

Security zones are a segment of a network

that protects the internal network from the internet.

They are a part of a security technique

called network segmentation

that divides the network into segments.

Each network segment has

its own access permissions and security rules.

Security zones control who can

access different segments of a network.

Security zones act as a barrier to internal networks,

maintain privacy within corporate groups,

and prevent issues from spreading to the whole network.

One example of network segmentation is

a hotel that offers free public Wi-Fi.

The unsecured guest network is kept separate from

another encrypted network used by the hotel staff.

Additionally, an organization's

network can be divided into

subnetworks, or subnets, to

maintain privacy for each department in a organization.

For instance, at a university,

there may be a faculty subnet

and a separate students subnet.

If there is contamination on the student's subnet,

network administrators can isolate it and

keep the rest of the network free from contamination.

An organization's network is classified into

two types of security zones. First,

there's the uncontrolled zone,

which is any network outside of

the organization's control, like the internet.

Then, there's the controlled zone,

which is a subnet that protects

the internal network from the uncontrolled zone.

There are several types of

networks within the controlled zone.

On the outer layer is the demilitarized zone,

or DMZ, which contains

public-facing services that can access the internet.

This includes web servers,

proxy servers that host websites for the public,

and DNS servers that provide

IP addresses for internet users.

It also includes email and file

servers that handle external communications.

The DMZ acts as

a network perimeter to the internal network.

The internal network contains private servers and

data that the organization needs to protect.

Inside the internal network is

another zone called the restricted zone.

The restricted zone protects

highly confidential information that is only

accessible to employees with certain privileges.

Now, let's try to picture these security zones.

Ideally, the DMZ is situated between

two firewalls. One of them

filters traffic outside the DMZ,

and one of them filters traffic

entering the internal network.

This protects the internal network

with several lines of defense.

If there's a restricted zone,

that too would be protected with

another firewall. This way,

attacks that penetrate into

the DMZ network cannot spread to the internal network,

and attacks that penetrate

the internal network cannot access the restricted zone.

As a security analyst,

you may be responsible for regulating

access control policies on these firewalls.

Security teams can control traffic reaching

the DMZ and the internal network

by restricting IPs and ports.

For example, an analyst may ensure that

only HTTPS traffic is

allowed to access web servers in the DMZ.

Security zones are

an important part of securing networks,

especially in large organizations.

Understanding how they are used is

essential for all security analysts.

Coming up, we'll learn about securing internal networks.

Subnetting and CIDR

Earlier in this course, you learned about network segmentation, a security technique that divides networks into sections. A private network can be segmented to protect portions of the network from the internet, which is an unsecured global network.

For example, you learned about the uncontrolled zone, the controlled zone, the demilitarized zone, and the restricted zone. Feel free to review the video about security zones

for a refresher on how network segmentation can be used to add a layer of security to your organization’s network operations. Creating security zones is one example of a networking strategy called subnetting.

Overview of subnetting

Subnetting is the subdivision of a network into logical groups called subnets. It works like a network inside a network. Subnetting divides up a network address range into smaller subnets within the network. These smaller subnets form based on the IP addresses and network mask of the devices on the network. Subnetting creates a network of devices to function as their own network. This makes the network more efficient and can also be used to create security zones. If devices on the same subnet communicate with each other, the switch changes the transmissions to stay on the same subnet, improving speed and efficiency of the communications.

Two subnets for two networks connected to one router.

Classless Inter-Domain Routing notation for subnetting

Classless Inter-Domain Routing (CIDR) is a method of assigning subnet masks to IP addresses to create a subnet. Classless addressing replaces classful addressing. Classful addressing was used in the 1980s as a system of grouping IP addresses into classes (Class A to Class E). Each class included a limited number of IP addresses, which were depleted as the number of devices connecting to the internet outgrew the classful range in the 1990s. Classless CIDR addressing expanded the number of available IPv4 addresses.

CIDR allows cybersecurity professionals to segment classful networks into smaller chunks. CIDR IP addresses are formatted like IPv4 addresses, but they include a slash (“/’”) followed by a number at the end of the address, This extra number is called the IP network prefix. For example, a regular IPv4 address uses the 198.51.100.0 format, whereas a CIDR IP address would include the IP network prefix at the end of the address, 198.51.100.0/24. This CIDR address encompasses all IP addresses between 198.51.100.0 and 198.51.100.255. The system of CIDR addressing reduces the number of entries in routing tables and provides more available IP addresses within networks. You can try converting CIDR to IPv4 addresses and vice versa through an online conversion tool, like IPAddressGuide

, for practice and to better understand this concept.

Note: You may learn more about CIDR during your career, but it won't be covered in any additional depth in this certificate program. For now, you only need a basic understanding of this concept.

Security benefits of subnetting

Subnetting allows network professionals and analysts to create a network within their own network without requesting another network IP address from their internet service provider. This process uses network bandwidth more efficiently and improves network performance. Subnetting is one component of creating isolated subnetworks through physical isolation, routing configuration, and firewalls.

Key takeaways

Subnetting is a common security strategy used by organizations. Subnetting allows organizations to create smaller networks within their private network. This improves the efficiency of the network and can be used to create security zones.

Proxy servers

Previously, we discussed how firewalls, VPNs, and

security zones help to secure networks.

Next, we'll cover how to secure internal networks with proxy servers.

Proxy servers are another system that helps secure networks.

The definition of a proxy server is a server that fulfills the request of

a client by forwarding them on to other servers.

The proxy server is a dedicated server that sits between the internet and

the rest of the network.

When a request to connect to the network comes in from the internet,

the proxy server will determine if the connection request is safe.

The proxy server is a public IP address that is different from the rest

of the private network.

This hides the private network's IP address from malicious actors on the internet and

adds a layer of security.

Let's examine how this will work with an example.

When a client receives an HTTPS response, they will notice a distorted IP address or

no IP address rather than the real IP address of the organization's web server.

A proxy server can also be used to block unsafe websites that users aren't allowed

to access on an organization's network.

A proxy server uses temporary memory to store data that's

regularly requested by external servers.

This way, it doesn't have to fetch data from an organization's internal

servers every time.

This enhances security by reducing contact with the internal server.

There are different types of proxy servers that support network security.

This is important for security analysts who monitor

traffic from various proxy servers and may need to know what purpose they serve.

Let's explore some different types of proxy servers.

A forward proxy server regulates and

restricts a person with access to the internet.

The goal is to hide a user's IP address and approve all outgoing requests.

In the context of an organization,

a forward proxy server receives outgoing traffic from an employee, approves it, and

then forwards it on to the destination on the internet.

A reverse proxy server regulates and

restricts the internet access to an internal server.

The goal is to accept traffic from external parties, approve it, and

forward it to the internal servers.

This setup is useful for protecting internal web servers containing

confidential data from exposing their IP address to external parties.

An email proxy server is another valuable security tool.

It filters spam email by verifying whether a sender's address was forged.

This reduces the risk of phishing attacks that impersonate people known to

the organization.

Let's talk about a real world example of an email proxy.

Several years ago when I was working at a large U.S. broadband ISP,

we used a proxy server to implement multiple layers of anti-spam filtering

before a message was allowed in for delivery.

It ended up tagging around 95% of messages as spam.

The proxy servers would've allowed us to filter and

then scale those filters without impacting the underlying email platform.

Proxy servers play an important part in network security by filtering incoming and

outgoing traffic and staying alert to network attacks.

These devices add a layer of protection from the unsecured public network that we call

the internet.

Virtual networks and privacy

This section of the course covered a lot of information about network operations. You reviewed the fundamentals of network architecture and communication and can now use this knowledge as you learn how to secure networks. Securing a private network requires maintaining the confidentiality of your data and restricting access to authorized users.

In this reading, you will review several network security topics previously covered in the course, including virtual private networks (VPNs), virtual local area networks (VLANs), proxy servers, firewalls, tunneling, and security zones. You'll continue to learn more about these concepts and how they relate to each other as you continue through the course.

Common network protocols

Network protocols are used to direct traffic to the correct device and service depending on the kind of communication being performed by the devices on the network. Protocols are the rules used by all network devices that provide a mutually agreed upon foundation for how to transfer data across a network.

There are three main categories of network protocols: communication protocols, management protocols, and security protocols.

Communication protocols are used to establish connections between servers. Examples include TCP, UDP, and Simple Mail Transfer Protocol (SMTP), which provides a framework for email communication.
Management protocols are used to troubleshoot network issues. One example is the Internet Control Message Protocol (ICMP).
Security protocols provide encryption for data in transit. Examples include IPSec and SSL/TLS.

Some other commonly used protocols are:

HyperText Transfer Protocol (HTTP). HTTP is an application layer communication protocol. This allows the browser and the web server to communicate with one another.
Domain Name System (DNS). DNS is an application layer protocol that translates, or maps, host names to IP addresses.
Address Resolution Protocol (ARP). ARP is a network layer communication protocol that maps IP addresses to physical machines or a MAC address recognized on the local area network.

Wi-Fi

This section of the course also introduced various wireless security protocols, including WEP, WPA, WPA2, and WPA3. WPA3 encrypts traffic with the Advanced Encryption Standard (AES) cipher as it travels from your device to the wireless access point. WPA2 and WPA3 offer two modes: personal and enterprise. Personal mode is best suited for home networks while enterprise mode is generally utilized for business networks and applications.

Network security tools and practices

Firewalls

Previously, you learned that firewalls are network virtual appliances (NVAs) or hardware devices that inspect and can filter network traffic before it’s permitted to enter the private network. Traditional firewalls are configured with rules that tell it what types of data packets are allowed based on the port number and IP address of the data packet.

There are two main categories of firewalls.

Stateless: A class of firewall that operates based on predefined rules and does not keep track of information from data packets
Stateful: A class of firewall that keeps track of information passing through it and proactively filters out threats. Unlike stateless firewalls, which require rules to be configured in two directions, a stateful firewall only requires a rule in one direction. This is because it uses a "state table" to track connections, so it can match return traffic to an existing session

Next generation firewalls (NGFWs) are the most technologically advanced firewall protection. They exceed the security offered by stateful firewalls because they include deep packet inspection (a kind of packet sniffing that examines data packets and takes actions if threats exist) and intrusion prevention features that detect security threats and notify firewall administrators. NGFWs can inspect traffic at the application layer of the TCP/IP model and are typically application aware. Unlike traditional firewalls that block traffic based on IP address and ports, NGFWs rules can be configured to block or allow traffic based on the application. Some NGFWs have additional features like Malware Sandboxing, Network Anti-Virus, and URL and DNS Filtering.

Proxy servers

A proxy server is another way to add security to your private network. Proxy servers utilize network address translation (NAT) to serve as a barrier between clients on the network and external threats. Forward proxies handle queries from internal clients when they access resources external to the network. Reverse proxies function opposite of forward proxies; they handle requests from external systems to services on the internal network. Some proxy servers can also be configured with rules, like a firewall. For example, you can create filters to block websites identified as containing malware.

Virtual Private Networks (VPN)

A VPN is a service that encrypts data in transit and disguises your IP address. VPNs use a process called encapsulation. Encapsulation wraps your encrypted data in an unencrypted data packet, which allows your data to be sent across the public network while remaining anonymous. Enterprises and other organizations use VPNs to help protect communications from users’ devices to corporate resources. Some of these resources include connecting to servers or virtual machines that host business applications. VPNs can also be used for personal use to increase personal privacy. They allow the user to access the internet without anyone being able to read their personal information or access their private IP address. Organizations are increasingly using a combination of VPN and SD-WAN capabilities to secure their networks. A software-defined wide area network (SD-WAN) is a virtual WAN service that allows organizations to securely connect users to applications across multiple locations and over large geographical distances.

Key takeaways

There are three main categories of network protocols: communication, management, and security protocols. In this reading, you learned the fundamentals of firewalls, proxy servers, and VPNs. More organizations are implementing a cloud-based approach to network security by incorporating a combination of VPN and SD-WAN capabilities as a service.

Glossary terms from week 2

Terms and definitions from Course 3, Week 2

Address Resolution Protocol (ARP): A network protocol used to determine the MAC address of the next router or device on the path

Cloud-based firewalls: Software firewalls that are hosted by the cloud service provider

Controlled zone: A subnet that protects the internal network from the uncontrolled zone

Domain Name System (DNS): A networking protocol that translates internet domain names into IP addresses

Encapsulation: A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets

Firewall: A network security device that monitors traffic to or from your network

Forward proxy server: A server that regulates and restricts a person’s access to the internet

Hypertext Transfer Protocol (HTTP): An application layer protocol that provides a method of communication between clients and website servers

Hypertext Transfer Protocol Secure (HTTPS): A network protocol that provides a secure method of communication between clients and servers

IEEE 802.11 (Wi-Fi): A set of standards that define communication for wireless LANs

Network protocols: A set of rules used by two or more devices on a network to describe the order of delivery of data and the structure of data

Network segmentation: A security technique that divides the network into segments

Port filtering: A firewall function that blocks or allows certain port numbers to limit unwanted communication

Proxy server: A server that fulfills the requests of its clients by forwarding them to other servers

Reverse proxy server: A server that regulates and restricts the internet's access to an internal server

Secure File Transfer Protocol (SFTP): A secure protocol used to transfer files from one device to another over a network

Secure shell (SSH): A security protocol used to create a shell with a remote system

Security zone: A segment of a company’s network that protects the internal network from the internet

Simple Network Management Protocol (SNMP): A network protocol used for monitoring and managing devices on a network

Stateful: A class of firewall that keeps track of information passing through it and proactively filters out threats

Stateless: A class of firewall that operates based on predefined rules and does not keep track of information from data packets

Transmission Control Protocol (TCP): An internet communication protocol that allows two devices to form a connection and stream data

Uncontrolled zone: The portion of the network outside the organization

Virtual private network (VPN): A network security service that changes your public IP address and masks your virtual location so that you can keep your data private when you are using a public network like the internet

Wi-Fi Protected Access (WPA): A wireless security protocol for devices to connect to the internet

Course 3 resources and citations

Week 1: Network architecture

Resources

Helpful resources to get started

Citations

Network components, devices, and diagrams

Meyers, Mike, and Scott Jernigan. (2019) CompTIA A+ Certification All-in-One Exam Guide, (Exams 220-1001 & 220-1002).
Oluwatosin, H.S. (2014). Client-server model. IOSR Journal of Computer Engineering, 16(1), 67-71.
Sulyman, Shakirat. (2014). Client-Server Model. IOSR Journal of Computer Engineering. 16. 57-71. 10.9790/0661-16195771.
GeeksforGeeks. (2022, March 21). Devices used in each layer of TCP/IP model

Cloud computing and software-defined networks

Rackspace Technology Colo Data Centers. (n.d.). What is colocation?
Fortinet. (n.d.). What is hybrid cloud?

Learn more about the TCP/IP model

Clarke, Glen E. (2018). CompTIA Network+ Certification Study Guide: Exam N10-007.
International Business Machines. (2022, Nov 15). User datagram protocol
.
International Business Machines. (2022, Nov 15). Transmission control protocol
.
Oracle. (n.d.). TCP/IP protocol architecture model
. System administration guide, volume 3.
Study CCNA. (n.d.). OSI & TCP/IP models

The OSI model

Cloudflare. (n.d.). What is the OSI model?
FreeCodeCamp. (2020, December 21). The OSI Model – The 7 Layers of Networking Explained in Plain English
.
Imperva. (n.d.). OSI Model

. Application security.

Components of network layer communication

Agnė Srėbaliūtė. (2022, Aug 2). IPv4 packet header: Format and structure
. IPXO.
Rajinder Kaur (2009) IPv4 Header
. Advanced Internet Technologies.
Gsephrioth. (2017). The IP diagram

.
Wright, Robert. (October 1998). IP Routing Primer. O’Reilly.

Week 2: Network operations

Citations

Network protocols

National Institute of Standards and Technology. (n.d.). Glossary

. Accessed December 2022.

Common network protocols

Cloudflare. (n.d.). What is a protocol? | Network protocol definition
.
CompTIA. (n.d.). What is a network protocol and how does it work?
Oracle. (n.d.). TCP/IP protocol architecture model

. System administration guide, volume 3.

Additional network protocols

IBM. (2022, Oct 17). TCP/IP address and parameter assignment - Dynamic host configuration protocol
. IBM AIX documentation.
Microsoft. (n.d.O). What are IMAP and POP?
Microsoft Support.
Microsoft. (2013, October 21). SMTP

The evolution of wireless security protocols

Asus. (2022, January 14). [Wireless] What is WPA3? What are the advantages of using WPA3?
FAQ.
Britannica, T. Editors of Encyclopaedia (2022, February 3). Wi-Fi
. Encyclopedia Britannica.
Cisco Press. (2010, April 9). Moving to WPA/WPA2-Enterprise wi-fi encryption

Firewalls and network security measures

Cisco. (n.d.). What is a firewall?

Subnetting and CIDR

Cloudflare. (n.d.). What is a subnet?
Techopedia. (2017, July 18). Subnetting
. Dictionary.
IP Address Guide. (n.d.). CIDR to IPv4 Conversion

. IPV4 Tools.

Proxy servers

National Institute of Standards and Technology. (n.d.). Glossary

. Accessed December 2022.

Week 3: Secure against network intrusions

Resources

Analyze network attacks

CompTIA

Citations

The case for securing networks

Vinton, Kate. (2014, September 18). With 56 million cards compromised, Home Depot’s breach is bigger than Target’s

. Forbes.

Analyze network layer communication

Lager, Nathan. (2020, April 3). Network Troubleshooting with Packet Captures
. Enable Sysadmin.
Oracle. (n.d.) How the TCP/IP Protocols Handle Data Communications (System Administration Guide: IP Services

Real-life DDoS attack

Olenick, D. (2020, December 10) Guilty plea in 2016 Dyn DDos attack
. Bank info security.
Young, K (2022, January 10) Cyber case study: The Mirai DDoS attack on Dyn

. Coverlink.

Overview of interception attacks

Engebretson, P. (2013). The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier.

Week 4: Security hardening

Resources

Course 3 glossary

Apply OS hardening techniques

Citations

OS hardening practices

National Institute of Security Technology. (2018, October). Guide to securing macOS 10.12 systems for IT professionals

. Special publication 800-179, revision 1. Accessed December 2022.

Apply OS hardening techniques

Doropoulos, N. (n.d.). DNS Query Flood Attack.

Linkedin.

Use the NIST Cybersecurity Framework to respond to a security

Bhardwaj, P. (2023, January 2). How to detect an ICMP flood attack and protect your network.

Firch, J. (2023, February 28). How to prevent a ICMP flood attack.

Google, Android, Chronicle, Google Drive, Google Sites, and YARA are trademarks owned by Google LLC. All other trademarks belong to their respective owners and are not affiliated with Google LLC.