1- It is advisable to have more than of form of defence, justify the advantages and disadvantages of that approach?
2- In what case you would recommend a screening router firewall architecture over screened host architecture?
3- You need to implement defence in depth for your entire organization. Your management is interested in deploying intrusion prevention systems. Your goal is to protect.
1) All the traffic flowing through a network
2) Endpoints from intrusions. Analyse the technologies you will be using to accomplish the tasks stated above.
4- A firewall can be configured to perform many security-related functions in a network. Briefly discuss any FOUR such functions that firewalls perform to secure network infrastructures.
5- In your job as a security expert you have to address the following situation. a) Internal clients should be able to browse the internet securely. b) Your web server currently hosted in the DMZ got hacked many times, you want to utilize a proxy to add extra protection against intrusions. Recommend a proxy solution for both the cases
6- Explain what is Screened Subnet Architecture and how is it better than Screen Hosts Architecture?
Ans 1) Defence in depth approach is advisable to implement in more than one form as every technology comes off with both pros and cons so that is basically this is an approach in the field of cybersecurity in which a series of defensive approaches are layered together in order to protect confidential data and information.
This multilayer structure increases the security purpose as a whole from any outsider attack.
Few of the advantages of this approach are security offerings such as
The disadvantages of this approach are:
All the defence and depth approach Pros comes with a variety of advantages for security protection but moreover somehow it also has some disadvantages.
Ans 2) First of all, screened router Firewall architecture consists of only one screening router in between the local Network and server. A direct connection has been built up for the communication between the host and Local Network.
Ans 3) If defense-in-depth approach is required for an entire organisation and the goal is measured to protect the traffic flowing through the internet and protected from Intruder then the technology needed to to implement defence and death approach are:
It is divided into three main areas:
Physical control prevents access to the IT resources and Systems Live CCTV, guards etc. Technical controls are basically considered as the hardware and software required in order to protect the system.
For example fingerprint reader, biometric sensor, authentications, encryption etc. All the hardware consists of prevention of access from a system. It is quite different from physical controls are the security policies and Standards set up by the Organisation in which they regulate basic authentication and credibility to the user that will be going to use a particular requirement.
Technologies needed are antivirus software, authentication and Password encryption, firewall, virtual private network, physical security, logging and auditing etc.
Ans 4) In order to protect a system or any confidential information available on a server to the host. A Firewall is needed to set up a filter in any cyber security network which acts as a wall that passes only data that are allowed to transfer between two hosts.
Four functions that firewall can perform in order to secure networks are:
Ans 5) In order to provide security where internet clients should be able to browse Internet Security, Firewall application proxy can be used. This technique filters the packet that is highly based on application layer protocol like FTP and HTTP. In this approach Firewall acts like an application proxy in which it stops information from being transferred between the host without having the entire knowledge of application. Using this application, the system will become able to recognise any Malware attacks because it examines the overall application and highly recommends it in such scenarios.
In another scenario in which web server currently hosted in DMZ that got hacked many times then it was recommended to have an application proxy setup between the protected Network and the network from which a particular system has been protected from every time that inspected request arrives the application proxy initiate that request and post it directly before reaching to the destination server. In this way a secure type of firewall is needed to protect confidential information and related systems.
Ans 6) Screened subnet architecture adds an extra layer that provides security to the screened host which protects the internal network from the internet and any outsider attack.
In the simplest way there are 2 screening routers that are connected to a network called perimeter network. One external router is located between the internet and perimeter Network and another interior router is connected between the perimeter Network and internal network. If any attacker wants to break this architecture then the perimeter network security layer adds security and deals with the request before reaching the destination server.
On the other Hand, screened host architecture only provides a host service in which the screen host acts as a virtual Host on the Local Network and the Local Network host acts like the actual Host on screen host. The proxy of the both hosts allowed the service to be done but somehow it causes secure services lacking as there is no additional layer and only proxy host is the central idea of this approach which can be attacked by the outsider.
1- It is advisable to have more than of form of defence, justify the advantages and...