Cisco Firewall

TCP SYN Flood Attacks TCP SYN flood attacks are designed to take advantage of the methodology used in establishing a new TCP connection, referred as a TCP three-way handshake. Figure 1-4 illustrates how the TCP connections are established. Figure 1-4. TCP Connection ... [full story]

DoS Attacks DoS attacks are exercised to disrupt service to a single system or an entire network. An attacker uses this type of attack to overburden and overutilize system or network resources. DoS attacks can cause network devices to drop packets. ... [full story]

Network-Based Attacks During recent years, the number of different types of network attacks has been on the rise. This section covers some of the major types of network attacks and their purpose, in relation to their perpetrators and victims. Several common ... [full story]

Host-Based Intrusion Detection Systems Host-based intrusion detection systems are employed to safeguard critical computer systems containing crucial data. Whereas network-based intrusion detection systems examine activity within a network, a host-based IDS resides on a server or client machine while sharing CPU ... [full story]

Anomaly-Based Analysis A different practice keeps track of network traffic that diverges from "normal" behavioral patterns. This practice is called anomaly-based analysis. The limitation is that what is considered to be normal must be defined. Systems and applications whose behavior can ... [full story]

Heuristic-Based Analysis A different approach to network intrusion detection is to perform heuristic-based analysis. Heuristic scanning uses algorithmic logic from statistical analysis of the traffic passing through the network. Its tasks are CPU and resource intensive. This is an important consideration ... [full story]

Protocol Analysis Protocol analysis (or protocol decode-base signatures) is often referred to as the extension to stateful pattern recognition. A NIDS accomplishes protocol analysis by decoding all protocol or client-server conversations. The NIDS identifies the elements of the protocol and analyzes ... [full story]

Pattern Matching and Stateful Pattern-Matching Recognition Pattern matching is a methodology in which the intrusion detection device searches for a fixed sequence of bytes within the packets traversing the network. Generally, the pattern is aligned with a packet that is related ... [full story]

Network-Based Intrusion Detection and Prevention Systems Network-based intrusion detection and prevention systems are designed to precisely identify, categorize, and protect against known and unknown threats targeting a network. These threats include worms, DoS attacks, and any other detected vulnerabilities. Several detection ... [full story]

Intrusion Detection and Prevention Technologies In the security world, intrusion detection systems (IDSs) are devices that detect attempts from an attacker to gain unauthorized access to a network or a host to create performance degradation or to steal information. They also ... [full story]

Personal Firewalls Personal firewalls use similar methods as network-based firewalls. They provide filtering techniques and stateful inspection of connections directed to the specific host. Conversely, they abridge the operation of the application to meet the needs of a less technically inclined ... [full story]

Stateful Inspection Firewalls Stateful inspection firewalls provide enhanced benefits when compared to the simple packet-filtering firewalls. They track every connection passing through their interfaces by assuring that they are valid connections. They examine not only the packet header contents, but also ... [full story]

Static Translation A different methodology is used when hosts in the unprotected network need to contact specific hosts behind the NAT device. This is done by creating a static mapping of the public IP address and the address of the internal ... [full story]

Port Address Translation Normally, application proxies perform a technique called Port Address Translation (PAT). This feature allows many devices on the internal protected network to share one IP address by inspecting the Layer 4 information on the packet. This address is ... [full story]

Network Address Translation Several Layer 3 devices can provide Network Address Translation (NAT) services. The application proxy translates the internal host's IP addresses to a publicly routable address. NAT is often used by firewalls; however, other devices such as wireless access ... [full story]

Application Proxies Application proxies, or proxy servers, are devices that operate as intermediary agents on behalf of clients that are on a private or protected network. Clients on the protected network send connection requests to the application proxy in order to ... [full story]

Packet-Filtering Techniques The purpose of packet filters is simply to control access to specific network segments by defining which traffic can pass through them. They usually inspect incoming traffic at the transport layer of the Open System Interconnection (OSI) model. For ... [full story]

Firewall Technologies A detailed understanding of how firewalls and their related technologies work is extremely important for all network security professionals. This knowledge will help them to configure and manage the security of their networks accurately and effectively. The word firewall ... [full story]

Network Firewalls It is important to recognize the value of perimeter security in today's networking world. Network-based firewalls provide key features used for perimeter security. The primary task of a network firewall is to deny or permit traffic that attempts to ... [full story]