Network Security Operations

Firewalls - Answer- hardware, software, or both designed to prevent unauthorized persons from accessing electronic information. Packet Filter Firewalls - Answer- operates at Layers 3 and 4 of the OSI network model: network and transport. These firewalls inspect incoming (ingress) and outgoing (egress) traffic and compare the following attributes to a database of packet filter rules that determine if the firewall will forward (allow) or drop (deny) the traffic: Stateful Inspection - Answer- Automatically creates rules to permit traffic based on communication type. Operates at OSI layer 3-5 Application Level - Answer- Operates at OSI Layer 7 and below, Analyzes packet content and blocks program-level traffic. IDS (Intrusion Detection System) - Answer- Monitors the network to detect threats. Listens passively on the network. Alerts network admin of any detected suspicious behavior. IPS (Intrusion Prevention System) - Answer- Intercepts and blocks threats. Has many network ports to operate as input/output pairs. Has cables routed physically through devices to create choke points. IDS and IPS - Answer- Both Identifies malicious traffic. Available as virtual and host-based applications. Can be configured to operate in tap mode. IDS Deployment