IT security is a multi-discipline subject requiring a number of different skills sets and knowledge areas. A key area of knowledge which is vital for any security specialist is a clear understanding of IT infrastructure and how it relates to the creation of a comprehensive security strategy.
IT security is a multi-discipline subject requiring a number of different skills sets and knowledge areas. A key area of knowledge which is vital for any security specialist is a clear understanding of IT infrastructure and how it relates to the creation of a comprehensive security strategy.
−
In this chapter of [[Security+ Essentials]] we will look at the various components that comprise the IT infrastructure of an organization. Some of these components are specifically designed to provide security (such as firewalls), whilst others a simply necessary to meet the needs of an IT operation (such as routers and switches).
+
In this chapter of [[Security+ Essentials]] we will look at the various components that comprise the IT infrastructure of an organization. Some of these components are specifically designed to provide security (such as firewalls), whilst others are simply necessary to fulfill the needs of an IT operation (such as routers and switches).
== Understanding Firewalls ==
== Understanding Firewalls ==
−
Much like a firewall in real life protects parts of a buildings from a spreading fire, an IT firewall protects computer systems from the dangers posed by an internet connection. A firewall is essentially a component located between a computer or a network of computers and the internet. The specific purpose of a firewall is to prevent unauthorized access to the computer systems it is configured to protect. Firewalls take the form of software, hardware or a combination of both and are not limited to use by large companies. Any one who owns a computer (including home users) that is connected to the internet for even short periods of time should have a firewall configured.
+
Much like a firewall in real life protects parts of a building from a spreading fire, an IT firewall protects computer systems from the dangers posed by an internet connection. A firewall is essentially a component located between a computer or a network of computers and the internet. The specific purpose of a firewall is to prevent unauthorized access to the computer systems it is configured to protect. Firewalls take the form of software, hardware or a combination of both and are not limited to use by large companies. Anyone who owns a computer (including home users) that is connected to the internet for even short periods of time should have a firewall configured.
−
A good security strategy should consist of multiple layers of protection and in such a scenario, the firewall is typically the first line of defense.
+
A good security strategy should consist of multiple layers of protection and in such a scenario the firewall is typically the first line of defense.
Firewalls fall into three main categories - ''Packet-filtering'', ''Proxy-service'' and ''Stateful-inspection'' firewalls, each of which will be covered in detail here.
Firewalls fall into three main categories - ''Packet-filtering'', ''Proxy-service'' and ''Stateful-inspection'' firewalls, each of which will be covered in detail here.
== Packet-Filtering Firewalls ==
== Packet-Filtering Firewalls ==
−
Packet-filtering firewalls operate at the Network layer (layer 3) of OSI model are the most basic of firewall types. The concept of packet filtering involves defining which data packets are permitted to pass through the firewall based on a number of criteria. Essentially, filtering can be specified based IP addresses, ports and protocols. It is possible, for example to block any packets originating from a particular IP address (or IP address range), or to block all traffic attempting to enter on port 23 (the Telnet port).
+
Packet-filtering firewalls operate at the Network layer (layer 3) of OSI model and are the most basic of firewall types. The concept of packet filtering involves defining which data packets are permitted to pass through the firewall based on a number of criteria. Essentially, filtering can be specified based IP addresses, ports and protocols. It is possible, for example to block any packets originating from a particular IP address (or IP address range), or to block all traffic attempting to enter on port 23 (the Telnet port).
−
Packet-filtering firewalls are typically built into routers and provide either a command-line to graphical interface for specifying the filtering rules. The defenses provided by such firewalls are considered to be weak since they can only block what IP addresses that an administrator knows in advance are likely to be malicious. They are, however, extremely fast and easy to configure, and provide good first line of defense.
+
Packet-filtering firewalls are typically built into routers and provide either a command-line or graphical interface for specifying the filtering rules. The defenses provided by such firewalls are considered to be weak since they can only block IP addresses that an administrator knows in advance are likely to be malicious. They are, however, extremely fast and easy to configure, and provide good first line of defense.
== Proxy Service Firewalls ==
== Proxy Service Firewalls ==
<google>ADSDAQBOX_FLOW</google>
<google>ADSDAQBOX_FLOW</google>
−
A proxy service firewall is placed between the internet and an internal network of computers and acts as a go-between for the two environments. With a proxy service in place, internal client computers do not connect directly to outside resources. Instead they connect to the proxy server which in turn connects with the external resource on behalf of the client, thereby masking the internal IP address of the client. Any response from the external resource is handled by the proxy service and passes them along to the client that originally requested the data.
+
A proxy service firewall is placed between the internet and an internal network of computers and acts as a go-between for the two environments. With a proxy service in place, internal client computers do not connect directly to outside resources. Instead they connect to the proxy server which in turn connects with the external resource on behalf of the client, thereby masking the internal IP address of the client. Any responses from the external resources are handled by the proxy service which passes them along to the client that originally requested the data.
