Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Hardware and Software Security Devices 123<br />
■<br />
state information regarding a connection. In effect, when a connection is<br />
established between two hosts, the firewall will initially determine if the<br />
connection is allowable based on a set of rules about source and destination<br />
ports and IP addresses. Once the connection is deemed to be acceptable,<br />
the firewall remembers this. Therefore, subsequent traffic can be examined<br />
as either permissible or not within the context of the entire session. It then<br />
functions by checking each packet to verify that it is an expected response<br />
to a current communications session.<br />
Application-layer gateways They are also called as application-layer gateway<br />
devices or application filtering. Application-layer gateways are more<br />
advanced than packet filtering, operate at the application layer of the OSI<br />
model, and examine the entire packet to determine what should be done<br />
with the packet based on specific defined rules. They use complex rules to<br />
determine the validity of any given packet, and part of analyzing each packet<br />
includes verifying that it contains the correct type of data for the specific<br />
application it is attempting to communicate with.<br />
■ The drawbacks to application-layer gateway technology are as follows:<br />
• Application-layer gateways are much slower than packet filters.<br />
• A limited set of application rules are predefined and any application<br />
not included in the predefined list must have custom rules defined and<br />
loaded into the firewall.<br />
• Application-layer gateways must then rebuild packets from the top<br />
down and send them back out. This breaks the concept behind the<br />
client/server architecture and slows the firewall down even further.<br />
Proxy Servers<br />
A proxy server is a server that sits between an intranet and its Internet connection<br />
and provides features such as document caching for faster browser retrieval and<br />
access control.<br />
■<br />
■<br />
Proxy servers can provide security for a network by filtering and discarding<br />
requests that are deemed inappropriate by an administrator.<br />
Proxy servers protect the internal network by masking all internal IP<br />
addresses – all connections to the Internet servers appear to be coming<br />
from the IP address of the proxy servers.<br />
Honeypot<br />
A honeypot is a computer system that is deliberately exposed to public access for<br />
express purpose of attracting and distracting attackers. The following characteristics<br />
are typical of honeypots:<br />
■<br />
■<br />
Systems or devices used as lures are set up with only “out of the box”<br />
default installations so that they are deliberately made subject to all known<br />
vulnerabilities, exploits, and attacks.<br />
The systems or devices used as lures do not include sensitive information,<br />
so these lures can be compromised, or even destroyed, without causing<br />
damage, loss, or harm to the organization that presents them to be attacked.