Page 126 - Courses
P. 126
IT Essentials — Assessing Infrastructure and Networks
network layer (Layer 3) and the transport layer (Layer 4). They are sometimes called packet filters as
they remove data coming from forbidden IP addresses (network layer) or destined for forbidden
ports (transport layer). If the packet is not blocked, it passes to its destination within the network
protected by the firewall.
Stateful firewalls inspect packets and can block potentially malicious ones that are not part of an
established connection or fail to fit the rules for initiating a legitimate connection. Application layer
firewalls, or next generation (NG) firewalls, intercept packet traffic and decode data all the way up
the stack to the application layer (Layer 7).
Mobile firewalls provide secure communications when network access is initiated via a mobile
device. Web application firewalls (WAF) analyze traffic moving in and out of an application, and can
be placed between web servers and the internet to detect and protect web applications from known
web application attacks. Additional security can be implemented through configuration to reject
destinations with questionable reputations. Security tools, such as firewalls, can intercept packets,
inspect header information, or even reconstruct the original data from up the stack to inspect it for
security threats.
Intrusion Detection and Prevention Systems
I’ve heard the terms IDS and IPS, are these part of the firewall?
No, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are devices or software
applications that monitor network traffic for indications of compromise or attempted compromise
of a system. IDS and IPS rule sets can be very large and each rule may require calibration and
threshold setting to ensure system integrity and preventing false positives. Well-calibrated and well-
monitored IDS and IPS applications can greatly increase an organization’s ability to detect and stop
attacks.
Alerts generated by an IDS are usually collected in a security information and event management
(SIEM) system. Alerts can be correlated with network traffic flow information (net flows) and
perimeter security tools such as firewalls. IDS alerts are compared against IPS rules; if there is a
match, the IPS and/or the data/information leakage prevention (DLP/ILP), software designed to
detect potential data breaches will execute a rule to stop an activity from taking place.
Alerts generated by an IDS are usually collected in a security information and event management
(SIEM) system. Alerts can be correlated with network traffic flow information (net flows) and
perimeter security tools such as firewalls. IDS alerts are compared against IPS rules; if there is a
match, the IPS and/or the data/information leakage prevention (DLP/ILP), software designed to
detect potential data breaches will execute a rule to stop an activity from taking place.
It looks like the router is connected to the wireless access point. What is its purpose?
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
