|
Firewall architecture
Bastion Host:
It is the machine that will be accessed by any and all entities trying to access or leave the network.
Can support packet filtering, proxy and hybrid firewall applications.
Screened Host:
Is a bastion host firewall that communicates directly with a border router and the internal network.
Screened Subnet:
The bastion host, housing the firewall, is sandwiched between
two routers. The external applies packet filtering and the internal also filters the traffic.
Shoulds of Firewalls:
The default action of any firewall should be to implicitly deny any packets not explicitly allowed.
Masquerading / spoofing:
The attacker modifies a packet header to have the source address of a host inside the network that she wants to attack.
Honeypot:
Is a computer that sits in the DMZ in hopes to lure attackers to it instead of actual production computers.
Networking Services
NOS - Networking operations system:
Is designed to control network resource access and provide the necessary services to enable a computer to interact with the surrounding network.
DNS - Domain Name service:
Is a method of resolving hostnames.
Networks are split up into zones
The DNS server that holds the files for one of these zones is said to be the authoritative name server for that particular zone.
It is recommended that there be a primary and secondary DNS server for each zone.
Directory Services:
Has a hierarchical database of users, computers, printers, resources and attributes of each.
Intranets and Extranets
Intranets:
When a company uses Internet- or Web-based technologies inside their networks.
Extranets:
Enable two or more companies to share common information and resources.
NAT Network Address Translation:
Is a gateway between a network and the Internet, or another network, that performs transparent routing and address translation.
MAN - Metropolitan Area Network
Usually a backbone that connects businesses to WANs, the Internet and other businesses.
A majority are SONET / Synchronous Optical Network or FDDI rings.
|
|
