Question

1- It is advisable to have more than of form of defence, justify the advantages and disadvantages of that approach?

2- In what case you would recommend a screening router firewall architecture over screened host architecture?

3- You need to implement defence in depth for your entire organization. Your management is interested in deploying intrusion prevention systems. Your goal is to protect.

1) All the traffic flowing through a network

2) Endpoints from intrusions. Analyse the technologies you will be using to accomplish the tasks stated above.

4- A firewall can be configured to perform many security-related functions in a network. Briefly discuss any FOUR such functions that firewalls perform to secure network infrastructures.

5- In your job as a security expert you have to address the following situation. a) Internal clients should be able to browse the internet securely. b) Your web server currently hosted in the DMZ got hacked many times, you want to utilize a proxy to add extra protection against intrusions. Recommend a proxy solution for both the cases

6- Explain what is Screened Subnet Architecture and how is it better than Screen Hosts Architecture?

Answer 1

Ans 1) Defence in depth approach is advisable to implement in more than one form as every technology comes off with both pros and cons so that is basically this is an approach in the field of cybersecurity in which a series of defensive approaches are layered together in order to protect confidential data and information.

This multilayer structure increases the security purpose as a whole from any outsider attack.

Few of the advantages of this approach are security offerings such as

• WAF,
• Antivirus
• Antispam
• Software
• Database monitoring
• Data masking
• DDoS protection
• Data protection
• Protect from any counter attack .

The disadvantages of this approach are:

All the defence and depth approach Pros comes with a variety of advantages for security protection but moreover somehow it also has some disadvantages.

• The cost associated with this approach is much more predictable.
• The firewall set up in this approach has to protect a variety of threats which could be breakable because it is a single line that provides security to the inner layers.
• Its inherited layers somehow become the disadvantage of this approach as if there are any flaws occurring in any layer, it affects the whole approach and it is so difficult to manage and implement.

Ans 2) First of all, screened router Firewall architecture consists of only one screening router in between the local Network and server. A direct connection has been built up for the communication between the host and Local Network.

• The only restriction that occurs between the communication at this screening router as the overall security depends upon the correct functioning of this router and the various services that provided by this approach so we can use a screening router.
• Firewall architecture can be implemented in a small security area that doesn't have such difficult threats.
• Although The screened host architecture is placed where there is a need to block the traffic that comes between the Local Network host and the internet host. In this architecture the traffic on the Internet side goes to the screen host and vice versa.
• The screening router doesn't affect the communication between these two networks and the host playing the important role between two. Screen hosts presented on the Local Network that can be accessed from internet and allowed to run proxy programs And the host present on the Local Network supposed to communicate through that proxy host setup by internet host in this scenario and extra attention has to be paid because the overall Independence is on the host attacked by any external side.

Ans 3) If defense-in-depth approach is required for an entire organisation and the goal is measured to protect the traffic flowing through the internet and protected from Intruder then the technology needed to to implement defence and death approach are:

It is divided into three main areas:

• Physical
• Technical
• Administrative

Physical control prevents access to the IT resources and Systems Live CCTV, guards etc. Technical controls are basically considered as the hardware and software required in order to protect the system.

For example fingerprint reader, biometric sensor, authentications, encryption etc. All the hardware consists of prevention of access from a system. It is quite different from physical controls are the security policies and Standards set up by the Organisation in which they regulate basic authentication and credibility to the user that will be going to use a particular requirement.

Technologies needed are antivirus software, authentication and Password encryption, firewall, virtual private network, physical security, logging and auditing etc.

Ans 4) In order to protect a system or any confidential information available on a server to the host. A Firewall is needed to set up a filter in any cyber security network which acts as a wall that passes only data that are allowed to transfer between two hosts.

Four functions that firewall can perform in order to secure networks are:

• Packet filtering: This approach is also known as packet filtering in which firewalls consider the data in a specific data packet whether that particular packet needs to be transferred between the hosts or not. This is just like a gatekeeper that determined whether the particular data packet has allowed or disallowed to transfer.
• Application proxy: This approach relies on application level rather than a packet level. Sometimes Firewall acts like an application proxy that stops information to transfer between the two hosts as in packet filtration, it can't be broken and recognise the actual Malware or any external attack.
• Circuit-level filtering: This is also known as transferred level filtering in which Firewall only allows or disallows a particular packet based on a destination port number and in this approach it only allows outgoing traffic to get return back. Basically Cisco router are used in order to implement the filtering

• Stateful inspection: One of the best functions of Firewall is stateful inspection in which filtering has been done from the previously saved information. Firewall saved every information of each packet and used that particular information in order to filter other packets. This function is mainly and highly recommended with Daniel of services attacks where a genuine host applies a genuine service for so many times in a short span. To overcome these attacks stateful inspection is used it log the number and track all TCP connections requested per second from each client IP address. Hence if it noticed that it is requested so many times then it blocks the client for a while.

Ans 5) In order to provide security where internet clients should be able to browse Internet Security, Firewall application proxy can be used. This technique filters the packet that is highly based on application layer protocol like FTP and HTTP. In this approach Firewall acts like an application proxy in which it stops information from being transferred between the host without having the entire knowledge of application. Using this application, the system will become able to recognise any Malware attacks because it examines the overall application and highly recommends it in such scenarios.

In another scenario in which web server currently hosted in DMZ that got hacked many times then it was recommended to have an application proxy setup between the protected Network and the network from which a particular system has been protected from every time that inspected request arrives the application proxy initiate that request and post it directly before reaching to the destination server. In this way a secure type of firewall is needed to protect confidential information and related systems.

Ans 6) Screened subnet architecture adds an extra layer that provides security to the screened host which protects the internal network from the internet and any outsider attack.

In the simplest way there are 2 screening routers that are connected to a network called perimeter network. One external router is located between the internet and perimeter Network and another interior router is connected between the perimeter Network and internal network. If any attacker wants to break this architecture then the perimeter network security layer adds security and deals with the request before reaching the destination server.

On the other Hand, screened host architecture only provides a host service in which the screen host acts as a virtual Host on the Local Network and the Local Network host acts like the actual Host on screen host. The proxy of the both hosts allowed the service to be done but somehow it causes secure services lacking as there is no additional layer and only proxy host is the central idea of this approach which can be attacked by the outsider.