Wednesday, July 2, 2008

SEC703 1st Lecture

Core Distribution and Access Layers



Router , Firewall, DMZ then another firewall,



The first router does basic access control lists,



Standard things to block, telnet traffic, secure shell traffic except for specific devices, at the router level



then the Firewall gets specific,



Then DMZ, any devices that needs to be accessed from the internet, web servers, databases (sales), the web server access the database server,



you put ur e-mail transfer agent, then the transfer goes inside,



A DNS here at DMZ, broadcasting the name resolution on the dmz, receiving info from the inter organization,



Look by name instead of ip, nothing transferred out, another firewall in DMZ



realistically another firewalls to the entrance to the data center



Separate them through blades, firewall blade, diff ports for different functions,



VPN blade terminates inside the firewall, VPN access secure encrypted tunnel between point A and B

-adds a second address header, it will have ENCRYPTED[Application Presentation Session Transport network ]Network Data link and physical



IDS -specific blade, specific traffic at all times, shows you whats going on, you must write the list and implement it



IPS - write information to block new traffic , does it auto magically.



Honeypots, put in DMZ to attract hackers,



-------------------------

Traffic shaping aka QoS guardsmen throughput, throttle back specific types of traffic, organizations you this all the time,



Mission critical and non mission critical data, if info is going slow theirs something wrong,



Info that music flow, Voice and Video, priority



Internet Proxy - (Specific HTTP and HTTPS traffic) Single device buffering and monitoring device, everyone goes through the proxy, all HTTP HTTPD traffic, through the firewall is the proxy device, it will collect the info and send into you, 1 line in the ACL, you can put web monitoring tools into the proxy, block stuff



Networking Devices - talking about controlling traffic