NSE 1 - Module 1 - Data Center Firewall

July 9, 2016 | Author: Gabriel Jurado Leon | Category: Types, School Work
Share Embed Donate


Short Description

modulo 1 para certificación de FORTINET...

Description

Study Guide for NSE 1: Datacenter Firewall 2016

Study Guide for NSE 1: Datacenter Firewall

February 1

2016

This Study Guide is designed to provide information for the Fortinet Network Security Expert Program – Level 1 curriculum. The study guide presents discussions on concepts and equipment necessary as a foundational understanding for modern network security prior to taking more advanced and focused NSE program levels.

Fortinet Network Security Solutions

Study Guide for NSE 1: Datacenter Firewall 2016 Contents Figures ..................................................................................................................................................... iii Data Center Firewall ..................................................................................................................................... 1 Data Center Evolution ............................................................................................................................... 1 Market Trends Affecting Data Centers ..................................................................................................... 1 Infrastructure Integration ..................................................................................................................... 2 Edge vs. Core Data Center Firewalls ..................................................................................................... 2 Data Center Firewall Characteristics ......................................................................................................... 4 Virtual Firewalls .................................................................................................................................... 8 Data Center Network Services ................................................................................................................ 10 Application Systems ............................................................................................................................ 11 Application Services ............................................................................................................................ 12 Summary ................................................................................................................................................. 14 Key Acronyms.............................................................................................................................................. 15 Glossary ....................................................................................................................................................... 17 References .................................................................................................................................................. 20

ii |

Study Guide for NSE 1: Datacenter Firewall 2016 Figures Figure 1. Notional edge firewall configuration. ............................................................................................ 3 Figure 2. Notional data center firewall deployment..................................................................................... 4 Figure 3. Data center firewall adaptability to evolving capabilities.............................................................. 5 Figure 4. Data center in a distributed enterprise network. .......................................................................... 6 Figure 5. Data center firewall requirements................................................................................................. 8 Figure 6. North-South (Physical) vs. East-West (Virtual) traffic. ................................................................... 9 Figure 7. Notional network. ........................................................................................................................ 11 Figure 8. Differences between IaaS, PaaS, and SaaS. ................................................................................. 12 Figure 9. Examples of businesses using IaaS, PaaS, and SaaS cloud models. ............................................. 13

iii |

Study Guide for NSE 1: Datacenter Firewall 2016 Data Center Firewall Data centers have become abundant in the increasingly technology-based business environment of the 21st Century. Because of this growth, data centers provide a new field for trends in computing and networking driving revisions to IT infrastructure strategies and, along with new strategies, new methods to bolster network security. Presented in this module are characteristics and functions of data center firewalls as they apply to networks and applications.

Data Center Evolution A common notion in today’s business environment is that “No matter what business you are in; you are a technology business.” In the 21st Century, this is not only true of large businesses, but also applies to successful small and medium businesses (SMB). Modern data centers typically contain servers with a variety of purposes, including web, application, and database servers. Along with growing use of technology came a need to not only develop more specialized applications but also develop innovative ways to store ever-increasing volumes of digital data. This growing storage requirement spurred a new sector in the technology operations—the Data Center. As new technologies for end users of computing platforms evolve, so must security measures for the data centers they will access for operations such as email, social media, banking, shopping, education, and myriad other purposes. Developing strategies to keep pace with the accelerating integrated and distributed nature of technology has become a critical industry in protecting personal, business, and organizational data and communications from legacy, advanced, and emerging threats.

Market Trends Affecting Data Centers As mentioned previously, consumer trends influenced data center development; however, the business sector was also instrumental in spurring on this development. As technology evolved, businesses learned to step to the leading edge of innovation in order to get ahead—or stay ahead—of competing enterprises. To this end, changes in business practices that influenced data center development included: Virtualization. Creating a virtual version of a device or resource, such as a server, storage device, network or even an operating system where the framework divides the resource into one or more execution environments. Cloud Computing. Computing in which large groups of remote servers are networked to allow the centralized data storage, and online access to computer services or resources. Clouds can be classified as public, private or hybrid. Software-Defined Networks (SDN). An approach to networking in which control is decoupled from hardware and given to a software application called a controller. Dynamic, manageable, costeffective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications.

1|

Study Guide for NSE 1: Datacenter Firewall 2016 BYOD. Refers to employees taking their own personal device to work, whether laptop, smartphone or tablet, in order to interface to the corporate network. According to a Unisys study conducted by IDC in 2011, nearly 41% of the devices used to obtain corporate data were owned by the employee. Big Data. A massive volume of both structured and unstructured data that is so large it is difficult to process using traditional databases and software techniques. In many enterprise scenarios, the data is too big, moves too fast, or exceeds current processing capacity. The Internet of Things (IoT). The [once future] concept that everyday objects have the ability to connect to the Internet & identify themselves to other devices. IoT is significant because an object that can represent itself digitally becomes something greater that the object by itself. When many objects act in unison, they are known as having “ambient intelligence.”

Infrastructure Integration Meeting the challenge of data center growth while maintaining throughput capability requires the use of technology integration to reduce potential for signal loss and speed reduction because of bridging and security barriers between ad hoc arrangements of independent appliances. There are definitely two camps on what should be at the heart of a modern firewall, with two types of hybrid design being prevalent: CPU + OTS ASIC. A design whereby a general purpose central processing unit (CPU) is augmented by an off the shelf (OTS) processor. CPU + Custom ASIC. Most difficult but best design, bringing together a general CPU linked closely to a number of custom built application-specific integrated circuits (ASICs). By matching ASICs that are designed to handle the specific tasks for which the processor and device is intended, the ability to process data is enhanced and system performance is optimized. On one side, there are vendors who want to use off-the-shelf (OTS) central processing unit (CPU) design. This is the simplest design but suffers from performance degradation. On the other side are those advocating the use of hybrid designs, merging CPUs with application-specific integrated circuits (ASIC), which are more efficient and may provide the necessary infrastructure to meet the demand for throughput, growth, and security.

Edge vs. Core Data Center Firewalls Edge Firewall. Implemented at the edge of a network in order to protect the network against potential attacks from external traffic, the edge firewall is the best understood, or traditional, role of a firewall— the gatekeeper. In addition to gatekeeper duties, the edge firewall may have capabilities added as other security appliances are linked to the firewall. This method, however, leads to a complex architecture that results in complex network—and security—controls. A typical edge firewall is depicted in Figure 1.

2|

Study Guide for NSE 1: Datacenter Firewall 2016

Figure 1. Notional edge firewall configuration.

Data Center Firewall. In addition to being a gatekeeper, data center firewalls serve a number of functions. Depending on network size and configuration, the data center firewall may also provide additional security functions, such as segregating internal resources from access by malicious insiders, and ensuring compliance with regulations protecting consumer, patient, and other sensitive user data. These functions are referred to as Multi-Layered Security, and may include:       

IP Security (IPSec) Firewall Intrusion Detection System/Intrusion Prevention System (IDS/IPS) Antivirus/Antispyware Web Filtering Antispam Traffic Shaping [1]

These functions work together, providing integrated security for the data center, concurrently providing consolidated, clear control for administrators while presenting complex barriers to potential threats. Figure 2 shows a notional data center firewall deployment, providing gatekeeper duty, integrated security solutions (as depicted in Figure 1, above), with simplified control and complex protection.

3|

Study Guide for NSE 1: Datacenter Firewall 2016

Figure 2. Notional data center firewall deployment.

Data Center Firewall Characteristics As end user devices and activities evolve, data centers must evolve to ensure both service and security keep pace. Some market trends affecting data centers include increasing use of mobile devices, employee device portability—or BYOD, data center consolidation through server virtualization, cloud computing, and software-defined networking. The key benefit of a data center network core firewall configuration with high-speed, high-throughput, low-latency is the ability to evolve as technology develops.  Throughput speeds have potential to double every 18 months  High-speed 40/100 GbE ports are already going into existing systems  External users moving from Internet Protocol version 4 (IPv4) to IPv6 Figure 3 (next page) illustrates how the data center firewall is adaptable to evolving technology and user trends.

4|

Study Guide for NSE 1: Datacenter Firewall 2016

Figure 3. Data center firewall adaptability to evolving capabilities. Size Matters. Historically, a determining factor in network firewall selection included consideration based on the size of users—both internal and external—accessing the network or its components. Using data center firewalls in small and medium businesses (SMB) makes sense, because modern data center firewall systems provide higher throughput speeds, higher connectivity (port capacity), and a higher capacity for concurrent sessions. As a business or organization grows and network access begins to grow into multiple locations and thousands of users, the option to consider using an enterprise campus firewall may become a necessary investment. While the capacity to handle thousands of users and multiple locations may be accomplished with enterprise firewalls, the trade-off is in the need for redundancy to ensure reliability— resulting in significantly higher costs and equipment complexity—and the need for extensive training if an organization intends to self-manage the enterprise firewall. Because of these complexities, enterprise data centers may reside on-premises at a company site, in a dedicated co-location space in a provider’s data center facility, or as an outsource service in a multi-tenant provider cloud environment.

5|

Study Guide for NSE 1: Datacenter Firewall 2016

Figure 4. Data center in a distributed enterprise network.

Because of the increasing size and complexity of data center operations and needs of external users—as well as the increased costs associated with enterprise firewall equipment and training needs— companies may decide to outsource data center security operations to a third party, or Managed Security Service Provider (MSSP). A growing market along with evolving technologies, MSSPs provide a wide range of network security services, from one-time services—such as configuring routers—to ongoing services such as network monitoring, upgrade, and configuration. This provides small and medium businesses (SMB) enhanced capabilities without having to increase technical staff, while providing large and high-visibility businesses with supplemental protection beyond their technical staff. When deciding on whether to engage an MSSP for network security operations, a number of considerations must be taken into account. From the most basic perspective, the MSSP should align with your business and security philosophy. Will they sign a non-disclosure agreement, so details about your company’s security will be secure? The MSSP needs to be highly available to you, especially if you run 24/7 operations and reach a global audience (and who on the Internet doesn’t these days?). It is worth a visit to their facility to check out their operations and talk with staff. The MSSP’s service must be sustainable—what are their redundancy capabilities in case of primary system failures or disaster; what is the likelihood they may go out of business (the market is still maturing and the current failure rate is high). Identify clearly the level of serviceability you can expect from the MSSP—demand a strong service level agreement (SLA) spelling out all roles and responsibilities for both parties. These requirements are foundational to success with using an MSSP to manage data center security.

6|

Study Guide for NSE 1: Datacenter Firewall 2016 As cloud services and software-defined networks (SDNs) became prevalent, network functions virtualization (NFV) such as VMware NSX and Cisco ACI also began to take the place of physical devices, encapsulating appliances such as firewalls, load balancers, and switches as scalable virtual appliances within the same physical devices. The emergence of OpenFlow from behind the research lab walls and into mainstream management in cellular, TELCO, and data center operations has brought major network operators and manufacturers onboard in making OpenFlow the standard protocol for communications between controllers and network switches in the SDN—or virtual—environment. The OpenFlow protocol abstracts the network control plane from the data control plane in order to program network traffic flows to be more dynamic and automated. As virtualization and SDN deployment expanded, the practice became available for implementation by private individuals and organizations outside traditional boundaries of those with large amounts of available capital and resources. With broad availability of open-source software enabling low-cost network development, cloud computing has reached into the realm of private and personal clouds. One popular open-source platform for cloud computing is OpenStack, which provides capability to develop and manage private and public clouds, even providing compatibility with popular enterprise and opensource technologies for controlling large pools of data center computing, storage, and networking resources. By designing and implementing network infrastructures combining high throughput with a dynamic software-defined network (SDN), the data center firewall provides the capability to evolve with consumer and industry trends. To accomplish this, data center firewalls must focus on three primary areas as foundations for security: performance, segmentation, and simplification. Performance. As the need for network speeds to accelerate continues, the data center will be at the forefront of network design enabling higher performance through high-speed, high-capacity, and low latency firewalls. Currently, the minimum required throughput of a data center firewall is 10 Gbps, with an expectation by large company data center users that throughput may be increased up to an aggregate 100+ Gbps. Similarly, enabling high throughput requires a minimum port size connectivity of 10 Gigabits for Ethernet ports on the data center firewall, with some capabilities already expanding in the 40-100 Gigabit range. Segmentation. With the evolution of IT devices and evolving network threats, organizations using data centers have adopted network segmentation as a best practice to isolate critical data against potential threats. Common data isolation criteria include applications, user groups, regulatory requirements, business functions, trust levels, and locations. To support the use of network segmentation in network security schema, data center firewalls must provide high density and logical abstraction supporting both physical and virtual segmentation clouds. Benefits include keeping sensitive data partitioned from unauthorized access for security and compliance purposes, limiting lateral movement of advanced threats that gain initial footholds in the network, and ensure employees and users have access to only the services and applications for which they are authorized.

7|

Study Guide for NSE 1: Datacenter Firewall 2016 Simplification. Because data centers extend to external users of varying trust levels, the need to extend a “Zero-Trust” model for data access beyond the traditional data center edge and into the segmentation throughout the network’s core. This requires a consolidated—simplified—security platform that can manage multiple functions while supporting high speed network operations. In order to further simply data center firewall operations, integration of network routing and switching functions into firewall controls provides added centralized visibility and control to network functions and security monitoring. Consolidation may also be accomplished by putting multiple physical server workloads onto a shared physical host by using virtual machines on a hypervisor. A good example of a data center core firewall that incorporates all the requirements of low-latency, high throughput, and high performance is the FortiGate platform line. These firewalls include models that deliver over 100 Gbps performance with less than 5 µs latency (Figure 5).

Figure 5. Data center firewall requirements. One of the benefits to a data center network core firewall configuration as illustrated in Figure 10 is the ability to evolve as trends in technology develop. With an estimated potential for throughput speeds to double every 18 months, and adoption of high-speed network interfaces such as 40/100Gb Ethernet ports into existing architectures, data center firewalls will need to be ready for the challenge. With these developments, and as external users move from transmitting traffic using Internet Protocol version 4 (IPv4)—which currently carries over 95% of the world’s Internet traffic—to IPv6, firewalls such as the FortiGate line provide ability to keep pace and maintain data center service and security. Virtual Firewalls Traditional firewalls protect physical computer networks—those running on physical hardware and cabling. As such, the most effective means of security was and still is a physical, locked, fire door. This is also referred to as “North-South” traffic. Unlike physical machines and networks, virtual machines operate in a virtual environment, isolated on a host but acting as though it were an independent system

8|

Study Guide for NSE 1: Datacenter Firewall 2016 or network. Even as a virtual reality, however, the network may be subject to threats and intrusion from external sources. Virtual traffic—that traffic moving laterally between servers without leaving the data center—is referred to as “East-West” traffic (Figure 6). Today, 60-70% of traffic is E-W because of the trend in virtualization and consolidation – which is why virtual networks are of vital importance in the emergence of data centers and need for reliable and adaptable data center security in modern networks. Virtual networks (VLANs) may be used to segment multiple subnets logically on the same physical switch—to secure data being transmitted between virtual machines in a virtual network, the virtual firewall was developed. A virtual firewall is simply a firewall service running entirely within the virtual environment, providing the typical packet filtering and monitoring that would be expected when using a physical device in a physical network. The virtual firewall may take a number of forms: it may be loaded as a traditional software firewall on the virtual host machine, it can be built into the virtual environment, it can be a virtual switch with additional capabilities, or it can be a managed kernel process within the host hypervisor for all virtual machine activity.

Figure 6. North-South (Physical) vs. East-West (Virtual) traffic. Virtual firewalls may operate in one of two modes, depending how they are deployed, either bridge mode or hypervisor mode. A virtual firewall operating in bridge mode acts like a physical firewall, normally situated at an inter-network switch or bridge to intercept network traffic needing to travel over the bridge. In this way, the virtual firewall may decide to allow passage, drop, reject, forward, or

9|

Study Guide for NSE 1: Datacenter Firewall 2016 mirror the packet. This was the standard for early virtual networks and some current networks still retain this model. In hypervisor mode the virtual firewall is not actually part of the virtual network at all; rather, it resides in the host virtual machine—or hypervisor—in order to capture and analyze packets destined for the virtual network. Since virtual firewalls operating in hypervisor mode are not part of the virtual network in a virtual machine, they are able to run faster within the kernel at native hardware speeds. Examples of popular hypervisors on the market include VMware vSphere, Citrix Xen, and Microsoft HyperV. As these developments in virtual capabilities occurred, they necessarily gave way to a new paradigm by which to consider the definition of the data center itself. Instead of the need for a traditional physical infrastructure that defines the data center—such as a building or a server room within a structure— what if the paradigm shifted to a data center that resided within a software-defined space? Because of continued evolution of virtual technology, this capability is a reality. The software-defined data center (SDDC) presents a paradigm that infrastructure such as servers, network, and storage can be logically and dynamically orchestrated without the need for adding or configuring new physical appliances or expanding into new facilities. Because of the virtual nature of these SDDCs, the emergence of ondemand data centers was enabled that provided benefits to small consumers and SMBs, such as pay-asyou-use infrastructure, delivery on demand without extended provisioning times, and no requirement for long-term obligations or contracts. In other words, the emergence of SDDCs provided new paths for economical flexibility in data center definition and operation. In summary, the flexible deployment capability for data center firewalls provides for targeting of the threats identified as most important to the network or system. Deploying the firewall at the network edge is effective to block external intrusions from accessing the network. Deploying the firewall at the network core provides segmentation in the event that an external threat gains access to the network. At the virtual layer, the firewall is able to monitor traffic between virtual machines (VM).

Data Center Network Services As technology evolved, more and more services moved from running as physically resident to virtual or cloud-based applications to reduce bottlenecks, increase throughput, and optimize data sharing, among other benefits. Data center traffic has increased because of factors such as the increased number of users depending on mobile applications to access data anytime and anyplace, businesses aggregating and storing increasing amounts of data to enable analytics, and increased use of SaaS cloud storage over local physical drive storage appliances. Because of these shifts, networks from distributed enterprises down to SMB and home businesses began to depend on virtual and cloud applications for remote and mobile capability. This led to a parallel focus on development of threats to the application layers of the Open Systems Infrastructure (OSI), which will be discussed later in this book. The remainder of this module will focus on how the data center serves to facilitate the use of applications in the modern mobile, virtual and cloud-based technology environment.

10 |

Study Guide for NSE 1: Datacenter Firewall 2016 Application Systems Application systems typically consist of user interfaces, programming (logic), and databases. A user interface is the control or method by which the user interacts with the computer, system, or network, often consisting of screens, web pages, or input devices. Some application systems have non-visual interfaces that exchange data electronically with other systems in a network. Figure 7 illustrates a notional network. Programming consists of the scripts or computer instructions used to validate data, perform calculations, or navigate users through application systems. Many large computers use more than one computer language to drive the system and connect with networks. This allows linking of systems performing specialized functions into a centrally-manageable network. Databases are simply electronic repositories of data used to store information for the organization in a structured, searchable, and retrievable format. Most databases are configured to facilitate access for downloading, updating, and—when applicable—sharing with other authorized network users.

Figure 7. Notional network.

11 |

Study Guide for NSE 1: Datacenter Firewall 2016 Computer systems are simply sets of components that are assembled into an integrated package. The heart of a computer system is the central processing unit (CPU), around which various other components such as data storage, drives, displays, memory, input devices, and other peripherals are built. Computer system components may vary in size and complexity and can be designed for single or multiple purposes. Control is accomplished through user interfaces. The level of application control found in Next Generation Firewalls (NGFWs) is not generally necessary as a data center core firewall, primarily because of the lack of end-users running in the data center itself. Typically, data center applications are accessed and used as cloud services or database information, rather than platforms for writing and execution of programming by external users.

Application Services With increasing use of “the cloud” to enable mobile—even global—use of applications and access to organization databases, technology services designed to fulfill the needs of various industries from SMB to large international corporations developed. In today’s market—and the foreseeable future—cloud services continue to grow quickly. Integral to this broad range of services are three primary components: infrastructure (IaaS), platforms (PaaS), and software (SaaS) as services. The primary difference between models rests in responsibility tradeoffs between developer (user) and vendor (provider), as illustrated in Figure 8 [2].

Figure 8. Differences between IaaS, PaaS, and SaaS.

12 |

Study Guide for NSE 1: Datacenter Firewall 2016 Infrastructure as a Service (IaaS). This is the most basic of the three cloud service models. The service provider creates the infrastructure, which becomes a self-service platform for the user for accessing, monitoring, and managing remote data center services. The benefit to IaaS is that the user does not have to invest large amounts into infrastructure and ongoing upgrades and service, while retaining operational flexibility. The down side is that this model requires the user to have a higher degree of technical knowledge—or at least know or employ someone who does. Examples of businesses using the IaaS model appear in Figure 9. Platform as a Service (PaaS). The PaaS model provides an additional level of service to the user beyond the IaaS model. In this model, the provider not only builds the infrastructure, but also provides monitoring and maintenance services for the user. Users of PaaS cloud services have access to “middleware” to assist with application development, as well as inherent characteristics including scalability, high availability, multi-tenancy, SaaS enabling, and other features. This allows the user to focus on what is most important to their business—their application(s). In particular, businesses large or complex enough to employ an enterprise data center model benefit greatly from PaaS because it reduces the amount of coding necessary and automate business policy. Examples of businesses using the PaaS model appear in Figure 14. Software as a Service (SaaS). The SaaS model represents the largest cloud market and continues to grow. This model takes the final step of bringing the actual software application into the set of functions managed by the provider, with the user having a client interface. Because the application resides in the cloud itself, most SaaS applications may be operated through a web browser without the need to download or install resident software on individual physical systems. This allows businesses to develop software and operational requirements, but to have those requirements written and fulfilled by a third party vendor—although such designs typically involve customization of pre-existing software applications, because SaaS does not provide the broad flexibility of software development options available in the PaaS model. Examples of businesses using the SaaS model appear in Figure 14 [3].

Figure 9. Examples of businesses using IaaS, PaaS, and SaaS cloud models.

13 |

Study Guide for NSE 1: Datacenter Firewall 2016 The Shared Security Responsibility (SSR) Model. When using application services—“the cloud”—for applications and access to databases, these services come with a shared responsibility for security and operations split between the cloud provider and the cloud tenant. Depending upon which model is chosen for operations—IaaS, PaaS, or SaaS—your level of security responsibility changes in magnitude. Referring back to Figure 8, as you relinquish more control of operations and decisionmaking/configuration to the vendor/provider, such as with the SaaS model, your degree of security responsibility also declines. Conversely, if you decide to retain more management, such as in the IaaS model, your security responsibility increases in magnitude.

Summary From an introduction to the current status of computer network options and configurations, to the challenges posed by evolving technologies and advanced threats, this module has prepared a foundation for more focused discussion on emerging threats and the development of network security technologies and processes designed to provide organizations with the tools necessary to defend best against those threats and continue uninterrupted, secure operations. An additional module in this program will focus on the Next Generation Firewall (NGFW), an evolving technology in network security.

14 |

Study Guide for NSE 1: Datacenter Firewall 2016 Key Acronyms AAA

Authentication, Authorization, and Accounting

AD

Active Directory

ADC

Application Delivery Controller

ADN

Application Delivery Network

ADOM Administrative Domain

HTML Hypertext Markup Language HTTP

Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure IaaS

Infrastructure as a Service

ICMP

Internet Control Message Protocol

ICSA

International Computer Security Association

AM

Antimalware

API

Application Programming Interface

ID

Identification

APT

Advanced Persistent Threat

IDC

International Data Corporation

ASIC

Application-Specific Integrated Circuit

IDS

Intrusion Detection System

ASP

Analog Signal Processing

IM

Instant Messaging

ATP

Advanced Threat Protection

IMAP

Internet Message Access Protocol

AV

Antivirus

IMAPS Internet Message Access Protocol Secure

AV/AM Antivirus/Antimalware BYOD Bring Your Own Device CPU

Central Processing Unit

DDoS

Distributed Denial of Service

DLP

Data Leak Prevention

DNS

Domain Name System

DoS

Denial of Service

DPI

Deep Packet Inspection

DSL

Digital Subscriber Line

FTP

File Transfer Protocol

FW

Firewall

Gb

Gigabyte

GbE

Gigabit Ethernet

Gbps

Gigabits per second

GSLB

Global Server Load Balancing

GUI

Graphical User Interface

15 |

IoT

Internet of Things

IP

Internet Protocol

IPS

Intrusion Prevention System

IPSec

Internet Protocol Security

IPTV

Internet Protocol Television

IT

Information Technology

J2EE

Java Platform Enterprise Edition

LAN

Local Area Network

LDAP

Lightweight Directory Access Protocol

LLB

Link Load Balancing

LOIC

Low Orbit Ion Cannon

MSP

Managed Service Provider

MSSP Managed Security Service Provider NGFW Next Generation Firewall NSS

NSS Labs

OSI

Open Systems Infrastructure

Study Guide for NSE 1: Datacenter Firewall 2016 OTS

Off the Shelf

SPoF

Single Point of Failure

PaaS

Platform as a Service

SQL

Structured Query Language

PC

Personal Computer

SSL

Secure Socket Layer

SWG

Secure Web Gateway

SYN

Synchronization packet in TCP

PCI DSS Payment Card Industry Data Security Standard PHP

PHP Hypertext Protocol

POE

Power over Ethernet

Syslog Standard acronym for Computer Message Logging

POP3

Post Office Protocol (v3)

TCP

POP3S Post Office Protocol (v3) Secure QoS

Quality of Service

Radius Protocol server for UNIX systems

Transmission Control Protocol

TCP/IP Transmission Control Protocol/Internet Protocol (Basic Internet Protocol) TLS

Transport Layer Security

RDP

Remote Desktop Protocol

TLS/SSL Transport Layer Security/Secure Socket Layer Authentication

SaaS

Software as a Service

UDP

User Datagram Protocol

SDN

Software-Defined Network

URL

Uniform Resource Locator

SEG

Secure Email Gateway

USB

Universal Serial Bus

SFP

Small Form-Factor Pluggable

UTM

Unified Threat Management

SFTP

Secure File Transfer Protocol

VDOM Virtual Domain

SIEM

Security Information and Event Management

VM

Virtual Machine

SLA

Service Level Agreement

VoIP

Voice over Internet Protocol

SM

Security Management

VPN

Virtual Private Network

SMB

Small & Medium Business

WAF

Web Application Firewall

SMS

Simple Messaging System

SMTP Simple Mail Transfer Protocol SMTPS Simple Mail Transfer Protocol Secure SNMP Simple Network Management Protocol

16 |

WANOpt Wide Area Network Optimization WLAN Wireless Local Area Network WAN

Wide Area Network

XSS

Cross-site Scripting

Study Guide for NSE 1: Datacenter Firewall 2016 Glossary ASIC. Application Specific Integrated Circuits (ASICs) are integrated circuits developed for a particular use, as opposed to a general-purpose device. Big Data. A massive volume of both structured and unstructured data that is so large it is difficult to process using traditional databases and software techniques. In many enterprise scenarios, the data is too big, moves too fast, or exceeds current processing capacity. Bridge Mode. A virtual firewall operating in bridge mode acts like a physical firewall, normally situated at an inter-network switch or bridge to intercept network traffic needing to travel over the bridge. BYOD. Bring Your Own Device (BYOD) refers to employees taking their own personal device to work, whether laptop, smartphone or tablet, in order to interface to the corporate network. According to a Unisys study conducted by IDC in 2011, nearly 41% of the devices used to obtain corporate data were owned by the employee. Cloud Computing. Computing in which large groups of remote servers are networked to allow the centralized data storage, and online access to computer services or resources. Clouds can be classified as public, private or hybrid. Computer systems are simply sets of components that are assembled into an integrated package. CPU. The heart of a computer system is the central processing unit (CPU), around which various other components are built. A CPU is the electronic circuitry within a computer that carries out the instructions of a computer program by performing the basic arithmetic, logical, control, and input/output (I/O) operations specified by the instructions. Data Center Firewall. In addition to being a gatekeeper, data center firewalls serve a number of functions, including:   

IP Security (IPSec) Firewall Intrusion Detection System/Intrusion Prevention System (IDS/IPS)

   

Antivirus/Antispyware Web Filtering Antispam Traffic Shaping [1]

Databases are simply electronic repositories of data used to store information for the organization in a structured, searchable, and retrievable format. Edge Firewall. Implemented at the edge of a network in order to protect the network against potential attacks from external traffic, the edge firewall is the best understood, or traditional, role of a firewall— the gatekeeper. Hypervisor Mode. In hypervisor mode the virtual firewall is not actually part of the virtual network at all; rather, it resides in the host virtual machine—or hypervisor—in order to capture and analyze packets destined for the virtual network.

17 |

Study Guide for NSE 1: Datacenter Firewall 2016 Infrastructure as a Service (IaaS). This is the most basic of the three cloud service models. The service provider creates the infrastructure, which becomes a self-service platform for the user for accessing, monitoring, and managing remote data center services. Internet of Things (IoT). The [once future] concept that everyday objects have the ability to connect to the Internet & identify themselves to other devices. IoT is significant because an object that can represent itself digitally becomes something greater that the object by itself. OpenFlow. OpenFlow enables network controllers to determine the path of network packets across a network of switches. The controllers are distinct from the switches. This separation of the control from the forwarding allows for more sophisticated traffic management than is feasible using access control lists (ACLs) and routing protocols. OpenFlow allows switches from different vendors — often each with their own proprietary interfaces and scripting languages — to be managed remotely using a single, open protocol. NGFW. Next Generation Firewall (NGFW) provides multi-layered capabilities in a single firewall appliance instead of a basic firewall and numerous add-on appliances. NGFW integrates the capabilities of a traditional firewall with advanced features including:  

Intrusion Prevention (IPS) Access Enforcement

 



Third Party Management Compatibility



Deep Packet Inspection (DPI) Distributed Enterprise Capability VPN

 

Network App ID & Control “Extra Firewall” Intelligence



Application Awareness

Platform as a Service (PaaS). The PaaS model provides an additional level of service to the user beyond the IaaS model. In this model, the provider not only builds the infrastructure, but also provides monitoring and maintenance services for the user. Programming consists of the scripts or computer instructions used to validate data, perform calculations, or navigate users through application systems. SDDC. The software-defined data center (SDDC) presents a paradigm that infrastructure such as servers, network, and storage can be logically and dynamically orchestrated without the need for adding or configuring new physical appliances or expanding into new facilities. Shared Security Responsibility (SSR) Model. When using application services—“the cloud”—for applications and access to databases, these services come with a shared responsibility for security and operations split between the cloud provider and the cloud tenant. Software as a Service (SaaS). The SaaS model takes the final step of bringing the actual software application into the set of functions managed by the provider, with the user having a client interface.

18 |

Study Guide for NSE 1: Datacenter Firewall 2016 Software-Defined Networks (SDN). An approach to networking in which control is decoupled from hardware and given to a software application called a controller. Dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. Virtual Firewall. A virtual firewall is simply a firewall service running entirely within the virtual environment, providing the typical packet filtering and monitoring that would be expected when using a physical device in a physical network. Virtualization. Creating a virtual version of a device or resource, such as a server, storage device, network or even an operating system where the framework divides the resource into one or more execution environments. VLAN. Virtual networks (VLANs) may be used to segment multiple subnets logically on the same physical switch.

19 |

Study Guide for NSE 1: Datacenter Firewall 2016 References 1.

UAB, M., Fortinet Secure Gateways, Firewalls. 2013.

2.

Frampton, K., The Differences Between IaaS, Saas, and PaaS. 2013, SmartFile.

3.

Bray, G., SaaS vs PaaS vs IaaS. 2010, Stack Exchange.

20 |

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF