Module 12: Network Security Infrastructure: Cyberops Associate V1.0

Module 12: Network Security
Infrastructure
CyberOps Associate v1.0
12.1 Network Topologies
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Network Security Infrastructure
Network Representations
• Network diagrams, often called topology
diagrams, use symbols to represent
different devices and connections within
the network.
• The important terminologies to be
known include:
• Network Interface Card (NIC)
• Physical Port
• Interface
Note: The terms port and interface are

often used interchangeably.
Topology Diagrams
Physical topology diagrams illustrate the Logical topology diagrams illustrate devices,
physical location of intermediary devices ports, and the addressing scheme of the
and cable installation. network.
Networks of Many Sizes
• Small Home Networks – connect a few
computers to each other and the Internet.
• Small Office and Home Office (SOHO) –
enables computer within a home, office or
remote office to connect to a corporate
network, or access centralized, shared
resources. Small Home SOHO
• Medium to Large Networks – can have

many locations with hundreds or
thousands of interconnected computers.
• World Wide Networks – connects
hundreds of millions of computers world-
wide – such as the internet.
Medium/Large World Wide
Network Topologies
LANs and WANs
• Network infrastructures vary greatly
in terms of:
• Size of the area covered
• Number of users connected
• Number and types of services
available
• Area of responsibility
• The two most common types of
network infrastructures are
• Local Area Networks (LANs)
• Wide Area Networks (WANs)
LANs connected to a WAN

Network Topologies
LANs and WANs (Contd.)
A LAN is a network infrastructure that A WAN is a network infrastructure that spans
spans a small geographical area. a wide geographical area.
LAN WAN
Interconnect end devices in a limited area. Interconnect LANs over wide geographical areas.
Administered by a single organization or Typically administered by multiple service providers.
individual.
Provide high-speed bandwidth to internal end Typically provide slower speed links between LANs.
devices and intermediary devices.
The Three-Layer Network Design Model
• The campus wired LAN uses a
hierarchical design model to separate the
network topology into modular groups or
layers.
• The hierarchical LAN design includes
three layers:
• Access - Provides endpoints and
users direct access to the network.
• Distribution - Aggregates access
layers and provides connectivity to
services.
• Core - Provides connectivity between
distribution layers for large LAN
environments. Hierarchical Design Model
The Three-Layer Network Design Model (Contd.)
• Although the hierarchical model has
three layers, some smaller enterprise
networks may implement a two-tier
hierarchical design.
• In this two-tier hierarchical design, the
core and distribution layers are
collapsed into one layer, thus reducing
cost and complexity.
Collapsed Core
Common Security Architectures
Firewall design is primarily about device interfaces permitting or denying traffic based on the
source, the destination, and the type of traffic.
The three firewall designs are:
• Public and Private
• The public network (or outside network) is untrusted, and the private network (or
inside network) is trusted.
Common Security Architectures (Contd.)
• Demilitarized Zone (DMZ)
• A firewall design where there
is typically one:
• Inside interface connected
to the private network
• Outside interface
connected to the public
network
• DMZ interface
Common Security Architectures (Contd.)
• Zone-based Policy Firewalls (ZPFs)
• ZPFs use the concept of zones to
provide additional flexibility.
• A zone is a group of one or more
interfaces that have similar functions
or features.
• Zones help to specify where a Cisco
IOS firewall rule or policy should be
applied.
Packet Tracer - Identify Packet Flow
In this Packet Tracer activity, you will observe the following:
• Packet flow in a LAN and WAN topology.
• Change in the packet flow path when there is a change in the network topology.
12.2 Security Devices
Security Devices
Firewalls
A firewall is a system, or group of Play the animation in the figure to view a firewall in
systems, that enforces an access control operation.
policy between networks.
Common Firewall Properties:
• Resistant to network attacks
• The only transit point between internal

corporate networks and external
networks because all traffic flows
through the firewall
• Enforce the access control policy
Security Devices
Firewalls (Contd.)
Following are the benefits and limitations of firewalls:
Firewall Benefits Firewall Limitations

Prevent the exposure of sensitive hosts,
A misconfigured firewall can have serious consequences for
resources, and applications to untrusted
the network, such as becoming a single point of failure.
users.
Sanitize protocol flow, which prevents the The data from many applications cannot be passed over
exploitation of protocol flaws. firewalls securely.
Users might proactively search for ways around the firewall to
Block malicious data from servers and
receive blocked material, which exposes the network to
clients.
potential attack.
Reduce security management complexity. Network performance can slow down.
Unauthorized traffic can be tunnelled or hidden as legitimate
traffic through the firewall.
Security Devices
Firewall Type Descriptions
The different types of firewalls are:
• Packet Filtering (Stateless) Firewall
• Packet Filtering firewalls are part of

a router firewall, which permits or
denies traffic based on Layer 3 and
Layer 4 information.
• They are stateless firewalls that use
a simple policy table look-up that
filters traffic based on specific
criteria.
Security Devices
Firewall Type Descriptions (Contd.)
• Stateful Firewalls
• Stateful firewalls are the most versatile
and the most common firewall
technologies in use.
• These firewalls provide stateful packet
filtering by using connection information
maintained in a state table.
Security Devices
• Application gateway firewall (proxy
firewall)
• Application gateway firewall filters
information at Layers 3, 4, 5, and 7 of
the OSI reference model.
• Most of the firewall control and
filtering is done in the software.
Security Devices
• Next-generation firewalls (NGFW)
• NGFW go beyond stateful firewalls by

providing:
• Integrated intrusion prevention
• Application awareness and control
to see and block risky apps
• Upgrade paths to include future
information feeds
• Techniques to address evolving
security threats
Security Devices
• Other methods of implementing firewalls include:
• Host-based (server and personal) firewall - A PC or server with firewall software
running on it.
• Transparent firewall - Filters IP traffic between a pair of bridged interfaces.
• Hybrid firewall - A combination of various firewall types.
Security Devices
Intrusion Prevention and Detection Devices
• A networking architecture paradigm
shift is required to defend against
fast-moving and evolving attacks.
This must include cost effective and
prevention systems such as:
• Intrusion Detection Systems
(IDS)
• Intrusion Prevention Systems
(IPS)
• The network architecture integrates
these solutions into the entry and
exit points of the network.
• The figure shows how an IPS
device handles malicious traffic.
Security Devices
Advantages and Disadvantages of IDS and IPS
The table lists the advantages and disadvantages of IDS and IPS:
Solution Advantages Disadvantages
IDS • No Impact on network (latency, jitter) • Response action cannot stop trigger packets
• No Network impact if there is a sensor • Correct tuning required for response actions
failure • More vulnerable to network security evasion
• No network impact if there is sensor techniques
overload
IPS • Sensor issues might affect network traffic
• Stops trigger packets
• Sensor overloading impacts the network
• Can use stream normalization techniques
• Some impact on network (latency, jitter)
Deployment Consideration:
• IPS and IDS technologies can complement each other.
• Deciding which implementation to use is based on the security goals of the organization as
stated in their network security policy.
Security Devices
Types of IPS
There are two primary kinds of IPS :
• Host-based IPS
• Network-based IPS
• Host-based IPS (HIPS)
HIPS is a software installed on a host to monitor and analyze suspicious activity.
Advantages Disadvantages
• Provides protection specific to a host operating system • Operating system dependent

• Provides operating system and application level protection • Must be installed on all hosts
• Protects the host after the message is decrypted
Security Devices
Types of IPS (Contd.)
• Network-based IPS
• Network-based IPS are

Implemented using a dedicated
or non-dedicated IPS device.
• Host-based IDS/IPS solutions
are integrated with a network-
based IPS implementation to
ensure a robust security
architecture.
• Sensors detect malicious and
unauthorized activity in real time
and can take action when
required.
Security Devices
Specialized Security Appliances
Few examples of specialized security appliances.
Cisco Advanced Malware Cisco Web Security Appliance Cisco Email Security Appliance (ESA)
Protection (AMP) (WSA)
An enterprise-class A secure web gateway that ESA/Cisco Cloud Email Security helps to
advanced malware analysis combines leading protections to mitigate email-based threats and the
and protection solution help organizations address the ESA defends mission-critical email
growing challenges of securing systems
and controlling web traffic
It provides comprehensive Protects the network by Constantly updated by real-time feeds
malware protection for automatically blocking risky sites from Cisco Talos, which detects and
organizations before, during, and testing unknown sites before correlates threats using a worldwide
and after an attack allowing users to access them database monitoring system
Features: Global threat intelligence,
Spam blocking, Advanced Malware
Protection, Outbound Message Control
12.3 Security Services
Security Services
Traffic Control with ACLs
• An Access Control List (ACL) is a series of commands that control whether a device forwards
or drops packets based on information found in the packet header.
• When configured, ACLs perform the
following tasks:
• Limit network traffic to increase network
performance.
• Provide traffic flow control.
• Provide basic level of security for
network access.
• Filter traffic based on traffic type.
• Screen hosts to permit or deny access
to network services.
Sample Topology with ACLs applied to
routers R1, R2, and R3.
Security Services
ACLs: Important Features
The two types of Cisco IPv4 ACLs are:
• Standard ACL - Used to permit or deny traffic only from source IPv4 addresses.
• Extended ACL - Filters IPv4 packets based on several attributes that include:
• Protocol type
• Source IPv4 address
• Destination IPv4 address
• Source TCP or UDP ports
• Destination TCP or UDP ports
• Optional protocol type information for finer control
• Standard and extended ACLs can be created using either a number or a name to identify
the ACL and its list of statements.

Module 12: Network Security Infrastructure: Cyberops Associate V1.0

Uploaded by

Copyright:

Available Formats

Module 12: Network Security Infrastructure: Cyberops Associate V1.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 12: Network Security Infrastructure: Cyberops Associate V1.0

Uploaded by

Copyright:

Available Formats

Module 12: Network Security

Note: The terms port and interface are

• Medium to Large Networks – can have

LANs connected to a WAN

• The only transit point between internal

Firewall Benefits Firewall Limitations

• Packet Filtering firewalls are part of

• NGFW go beyond stateful firewalls by

HIPS is a software installed on a host to monitor and analyze suspicious activity.

• Provides protection specific to a host operating system • Operating system dependent

• Network-based IPS are

You might also like