-
Network Border Firewall:
- Firewalls usually control access between security zones, and are usually placed at the edge or boundary of a network.
-
There are three common Security Zones:
-
Inside:
- From an organization's point of view, the area within or behind the firewall can be trusted. This is referred to as the "inside" security zone. The "inside" security zone is trusted, and must be protected from the "outside" security zone.
-
Outside:
- From the firewall's point of view, this refers to all systems that do not belong to the trusted organization.
-
DMZ:
- A network area containing a small number of systems (typically servers) who serve clients both in the trusted security zone as well as outside it. These machines are owned and controlled by the trusted organization, but are frequently accessed by systems outside of the organization's control.
-
Traffic between these Security Zones follows these flows:
-
Inside Zone
-
>>> DMZ
- Usually Permit
-
>>> Outside
- Usually Permit
-
Outside
-
>>> Inside
- Implicit Deny
-
>>> DMZ
- Selective Permit
-
DMZ
-
>>> Inside
- Implicit Deny
-
>>> Outside
- Selective Permit
-
Special Purpose Networks:
-
Extranets:
- Special intranet segments that are accessible by outside parties.
-
Example:
- Guest Login over VPN
-
Honey Nets:
- Decoy networks designed to attract attackers, that appear to be lucrative targets but in reality contain no sensitive information and are isolated from other network systems.
- Security teams use honey nets to identify potential attackers, study their behavior, and block them from affecting legitimate systems.
-
Ad Hoc Networks:
- Temporary networks created over a short range between a small number of devices.
- Ad hoc networks may present a security risk if they are interconnected with other networks that lack strong security controls.
-
Example:
- An unencrypted Ad Hoc WAP connected to a secure network can act as a backdoor or allow eavesdropping.