11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Chapter 5: Firewall Planning and Design
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 5 Firewall Planning and Design By Whitman, Mattord, & Austin© 2008 Course Technology.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
Security fundamentals Topic 10 Securing the network perimeter.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Computer Security Firewalls and Intrusion Prevention Systems.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Defining Network Infrastructure and Network Security Lesson 8.
S ECURITY APPLIANCES Module 2 Unit 2. S ECURE NETWORK TOPOLOGIES A topology is a description of how a computer network is physically or logically organized.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
Why do we need Firewalls?
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
CompTIA Security+ Study Guide (SY0-401)
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
Chapter 8 Network Perimeter Security
Firewalls Jiang Long Spring 2002.
Introduction to Network Security
Presentation transcript:

11 SECURING YOUR NETWORK PERIMETER Chapter 10

Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure network perimeters.  Implement firewalls.  Establish secure topologies.  Secure network perimeters.  Implement firewalls.

Chapter 10: SECURING YOUR NETWORK PERIMETER3 SECURING YOUR NETWORK PERIMETER  Secure the network perimeter, not just individual components.  Secure connections between components.  Use security zones.  Manage network traffic between security zones.  The most important zone or boundary is the Internet.  Firewalls are boundary control devices.  Secure the network perimeter, not just individual components.  Secure connections between components.  Use security zones.  Manage network traffic between security zones.  The most important zone or boundary is the Internet.  Firewalls are boundary control devices.

Chapter 10: SECURING YOUR NETWORK PERIMETER4 ESTABLISHING SECURE TOPOLOGIES  Secure topology is a network design.  Group devices in security zones.  Segregate network traffic.  Control the information flow.  Secure topology is a network design.  Group devices in security zones.  Segregate network traffic.  Control the information flow.

Chapter 10: SECURING YOUR NETWORK PERIMETER5 SECURITY ZONES  Security zones group assets with similar security requirements.  They segregate mission critical systems.  Access control mechanisms define what access is allowed between zones.  Security zones reduce the attack surface of network resources.  Security zones focus your attention on possible threats and vulnerabilities.  Security zones group assets with similar security requirements.  They segregate mission critical systems.  Access control mechanisms define what access is allowed between zones.  Security zones reduce the attack surface of network resources.  Security zones focus your attention on possible threats and vulnerabilities.

Chapter 10: SECURING YOUR NETWORK PERIMETER6 VIRTUAL LOCAL AREA NETWORKS (VLANS)  Used to segment a network into smaller subnetworks  Used to create security zones  Are virtual subnets  Are created by using switches  Are supported by routers  Used to segment a network into smaller subnetworks  Used to create security zones  Are virtual subnets  Are created by using switches  Are supported by routers

Chapter 10: SECURING YOUR NETWORK PERIMETER7 VIRTUAL LOCAL AREA NETWORKS (VLANS) (CONT.)  Restrict broadcast traffic  Are flexible and scalable  Hide the physical configuration of network  Need secure and physically protected switches  Restrict broadcast traffic  Are flexible and scalable  Hide the physical configuration of network  Need secure and physically protected switches

Chapter 10: SECURING YOUR NETWORK PERIMETER8 SECURING NETWORK PERIMETERS  Establish boundaries between security zones.  Separate the private network from the Internet.  Define allowed traffic that can cross the perimeter.  Use routers and firewalls to control perimeter traffic.  Filter for malicious code.  Monitor for intrusion activities.  Establish boundaries between security zones.  Separate the private network from the Internet.  Define allowed traffic that can cross the perimeter.  Use routers and firewalls to control perimeter traffic.  Filter for malicious code.  Monitor for intrusion activities.

Chapter 10: SECURING YOUR NETWORK PERIMETER9 ESTABLISHING NETWORK SECURITY ZONES  Place firewalls between internal and external networks.  Use multiple firewalls if you need to create multiple layers of protection.  Put Internet-accessible resources in separate network segments.  The segment between firewalls is called a perimeter network, demilitarized zone (DMZ), or screened subnet  Place firewalls between internal and external networks.  Use multiple firewalls if you need to create multiple layers of protection.  Put Internet-accessible resources in separate network segments.  The segment between firewalls is called a perimeter network, demilitarized zone (DMZ), or screened subnet

Chapter 10: SECURING YOUR NETWORK PERIMETER10 COMMON SECURITY ZONES  Intranet  Perimeter network  Extranet  Internet  Intranet  Perimeter network  Extranet  Internet

Chapter 10: SECURING YOUR NETWORK PERIMETER11 CONFIGURATION OF SECURITY ZONES

Chapter 10: SECURING YOUR NETWORK PERIMETER12 INTRANET  Is the primary and most sensitive security zone of an organization  Is also known as an internal network, private network, or LAN  Contains all private internal resources  Is considered a trusted network  Is vulnerable to internal attackers  Is the primary and most sensitive security zone of an organization  Is also known as an internal network, private network, or LAN  Contains all private internal resources  Is considered a trusted network  Is vulnerable to internal attackers

Chapter 10: SECURING YOUR NETWORK PERIMETER13 SECURING AN INTRANET  Deploy firewalls against all other networks.  Install and update antivirus solutions.  Audit and monitor online activity.  Secure systems hosting confidential data.  Manage the security of the physical infrastructure.  Deploy firewalls against all other networks.  Install and update antivirus solutions.  Audit and monitor online activity.  Secure systems hosting confidential data.  Manage the security of the physical infrastructure.

Chapter 10: SECURING YOUR NETWORK PERIMETER14 SECURING AN INTRANET (CONT.)  Check for unauthorized devices.  Restrict access to critical systems.  Control physical access.  Remove all unnecessary services from server systems.  Check for unauthorized devices.  Restrict access to critical systems.  Control physical access.  Remove all unnecessary services from server systems.

Chapter 10: SECURING YOUR NETWORK PERIMETER15 PERIMETER NETWORK  Grant controlled access to public resources  Prevent external traffic from entering intranet  Are also called DMZs or screened subnets  Are used to provide a buffer between the private trusted network and the Internet or untrusted network segments  Grant controlled access to public resources  Prevent external traffic from entering intranet  Are also called DMZs or screened subnets  Are used to provide a buffer between the private trusted network and the Internet or untrusted network segments

Chapter 10: SECURING YOUR NETWORK PERIMETER16 SECURING A PERIMETER NETWORK  Use firewalls to provide protection from external untrusted networks.  Remove all unnecessary services.  Audit all online activity.  Separate name resolution services.  Remove or restrict remote management services.  Carefully document and audit all physical and logical configurations.  Frequently back up data and configurations.  Use firewalls to provide protection from external untrusted networks.  Remove all unnecessary services.  Audit all online activity.  Separate name resolution services.  Remove or restrict remote management services.  Carefully document and audit all physical and logical configurations.  Frequently back up data and configurations.

Chapter 10: SECURING YOUR NETWORK PERIMETER17 EXTRANET  Is used for partner access to controlled resources  Is used to share information between members of multiple organizations  Requires authenticated external connections  Is often directly accessible from the Internet  Might use virtual private networks (VPNs)  Is used for partner access to controlled resources  Is used to share information between members of multiple organizations  Requires authenticated external connections  Is often directly accessible from the Internet  Might use virtual private networks (VPNs)

Chapter 10: SECURING YOUR NETWORK PERIMETER18 METHODS OF EXTRANET ACCESS

Chapter 10: SECURING YOUR NETWORK PERIMETER19 SECURING AN EXTRANET  Use firewalls to provide protection from the external network.  Authenticate all access.  Remove all unnecessary services.  Audit all network and service access.  Use firewalls to provide protection from the external network.  Authenticate all access.  Remove all unnecessary services.  Audit all network and service access.

Chapter 10: SECURING YOUR NETWORK PERIMETER20 PERIMETER NETWORK TYPES  Perimeter networks are established by means of firewalls.  Firewalls manage traffic across the boundaries of different security zones.  There are two common perimeter networks designs:  Three-pronged design  Back-to-back design  Perimeter networks are established by means of firewalls.  Firewalls manage traffic across the boundaries of different security zones.  There are two common perimeter networks designs:  Three-pronged design  Back-to-back design

Chapter 10: SECURING YOUR NETWORK PERIMETER21 THREE-PRONGED PERIMETER NETWORK DESIGN  Uses a single firewall  Connects the Internet, an intranet, and a perimeter network  Can be a single point of failure  Uses a single firewall  Connects the Internet, an intranet, and a perimeter network  Can be a single point of failure

Chapter 10: SECURING YOUR NETWORK PERIMETER22 THREE-PRONGED PERIMETER NETWORK

Chapter 10: SECURING YOUR NETWORK PERIMETER23 BACK-TO-BACK PERIMETER NETWORK DESIGN  Uses two firewalls  Is also called buffer network or screened subnet  Has no single point of failure  Supports more restrictive security rules  Increases the security of the intranet  Provides defense-in-depth protection  Uses two firewalls  Is also called buffer network or screened subnet  Has no single point of failure  Supports more restrictive security rules  Increases the security of the intranet  Provides defense-in-depth protection

Chapter 10: SECURING YOUR NETWORK PERIMETER24 BACK-TO-BACK PERIMETER NETWORK

Chapter 10: SECURING YOUR NETWORK PERIMETER25 USING AN N-TIER ARCHITECTURE  An n-tier architecture provides multiple tiers of security zones.  Each tier supports a portion of a business operation.  Traffic is controlled between each tier.  Compromise of one tier does not imply complete failure.  An n-tier architecture provides multiple tiers of security zones.  Each tier supports a portion of a business operation.  Traffic is controlled between each tier.  Compromise of one tier does not imply complete failure.

Chapter 10: SECURING YOUR NETWORK PERIMETER26 A 3-TIER NETWORK DESIGN

Chapter 10: SECURING YOUR NETWORK PERIMETER27 BASTION HOSTS  A bastion host is a single host that provides all externally accessible services.  A single firewall routes external traffic to the bastion host.  All access is tightly controlled and monitored.  This is the least secure network design.  A bastion host is a single host that provides all externally accessible services.  A single firewall routes external traffic to the bastion host.  All access is tightly controlled and monitored.  This is the least secure network design.

Chapter 10: SECURING YOUR NETWORK PERIMETER28 A BASTION HOST DESIGN

Chapter 10: SECURING YOUR NETWORK PERIMETER29 NETWORK PERIMETER SECURITY AND TRAFFIC CONTROL  Block all traffic by default.  Define exceptions for authorized traffic.  Allow only required network traffic.  Don't trust all outgoing traffic by default.  Inspect blocked traffic and track down the source.  Block all traffic by default.  Define exceptions for authorized traffic.  Allow only required network traffic.  Don't trust all outgoing traffic by default.  Inspect blocked traffic and track down the source.

Chapter 10: SECURING YOUR NETWORK PERIMETER30 FIREWALL FUNCTIONS  Protect a network from malicious hackers and software  Block external threats  Filter inbound and outbound traffic  Separate private networks from the Internet  Separate subnets or individual systems  Protect a network from malicious hackers and software  Block external threats  Filter inbound and outbound traffic  Separate private networks from the Internet  Separate subnets or individual systems

Chapter 10: SECURING YOUR NETWORK PERIMETER31 FIREWALL TYPES  Packet filtering  Application filtering  Circuit-level inspection  Stateful inspection  Content inspection  Proxy server functionality  Packet filtering  Application filtering  Circuit-level inspection  Stateful inspection  Content inspection  Proxy server functionality

Chapter 10: SECURING YOUR NETWORK PERIMETER32 USING PACKET FILTERING  A packet filtering firewall inspects the header of each packet.  The firewall forwards or drops each packet based on rules.  Packet filter rules focus on inbound or outbound packets.  Packet filter rules judge source or destination address, other header field content, or packet size.  Most firewalls and routers can perform packet filtering.  A packet filtering firewall inspects the header of each packet.  The firewall forwards or drops each packet based on rules.  Packet filter rules focus on inbound or outbound packets.  Packet filter rules judge source or destination address, other header field content, or packet size.  Most firewalls and routers can perform packet filtering.

Chapter 10: SECURING YOUR NETWORK PERIMETER33 COMMON FILTER-FOCUSED HEADER FIELDS  Source IP Address  Destination IP Address  IP Protocol ID  Source TCP or UDP Port Number  Destination TCP or UDP Port Number  Source IP Address  Destination IP Address  IP Protocol ID  Source TCP or UDP Port Number  Destination TCP or UDP Port Number

Chapter 10: SECURING YOUR NETWORK PERIMETER34 COMMON FILTER-FOCUSED HEADER FIELDS (CONT.)  Protocol and Port Numbers  ICMP Message Type  Fragmentation Flags  IP Options  Protocol and Port Numbers  ICMP Message Type  Fragmentation Flags  IP Options

Chapter 10: SECURING YOUR NETWORK PERIMETER35 A PACKET FILTERING FIREWALL

Chapter 10: SECURING YOUR NETWORK PERIMETER36 CIRCUIT-LEVEL INSPECTION  This type of inspection does not examine each packet.  Circuit-level inspection monitors connection establishment.  If a connection is allowed, no further restrictions are imposed.  Circuit-level inspection is more efficient than packet-filtering.  Many firewalls can perform circuit-level inspection.  This type of inspection does not examine each packet.  Circuit-level inspection monitors connection establishment.  If a connection is allowed, no further restrictions are imposed.  Circuit-level inspection is more efficient than packet-filtering.  Many firewalls can perform circuit-level inspection.

Chapter 10: SECURING YOUR NETWORK PERIMETER37 STATEFUL INSPECTION  Combines features of packet-filtering and circuit- level firewalls  First, restricts connections only to authorized users  Second, inspects subsequent packets to restrict traffic based on context  Combines features of packet-filtering and circuit- level firewalls  First, restricts connections only to authorized users  Second, inspects subsequent packets to restrict traffic based on context

Chapter 10: SECURING YOUR NETWORK PERIMETER38 APPLICATION LAYER FILTERING  Examines the content or payload of packets  Inspects packets based on the application used  Requires complex rules  Can detect a wide range of attacks and malicious code  Has slower performance than other methods  Examines the content or payload of packets  Inspects packets based on the application used  Requires complex rules  Can detect a wide range of attacks and malicious code  Has slower performance than other methods

Chapter 10: SECURING YOUR NETWORK PERIMETER39 TUNNELING  Tunneling is a technique used to bypass a firewall’s inspection mechanisms.  Tunneling encapsulates network packets in allowed network traffic.  Encryption is a common tunneling option.  If content inspection is not possible, an intrusion detection system (IDS) might be needed.  Tunneling is a technique used to bypass a firewall’s inspection mechanisms.  Tunneling encapsulates network packets in allowed network traffic.  Encryption is a common tunneling option.  If content inspection is not possible, an intrusion detection system (IDS) might be needed.

Chapter 10: SECURING YOUR NETWORK PERIMETER40 PROXY SERVERS  Is a circuit-level or application layer operation  Accepts connections from clients  Establishes a distinct connection to external servers  Has no direct connection between client and server  Supports content checking and resource caching  Is a circuit-level or application layer operation  Accepts connections from clients  Establishes a distinct connection to external servers  Has no direct connection between client and server  Supports content checking and resource caching

Chapter 10: SECURING YOUR NETWORK PERIMETER41 A PROXY SERVER

Chapter 10: SECURING YOUR NETWORK PERIMETER42 NETWORK ADDRESS TRANSLATION (NAT)  Allows multiple internal clients to access the Internet over a few public leased addresses  Converts and manages traffic through translation of IP addresses and port numbers  Allows use of the private IP addresses (10.x.x.x, x.x– x.x, and x.x)  Hides the internal network structure and address scheme  Prevents external entities from directly accessing internal clients  Allows multiple internal clients to access the Internet over a few public leased addresses  Converts and manages traffic through translation of IP addresses and port numbers  Allows use of the private IP addresses (10.x.x.x, x.x– x.x, and x.x)  Hides the internal network structure and address scheme  Prevents external entities from directly accessing internal clients

Chapter 10: SECURING YOUR NETWORK PERIMETER43 NAT VARIATIONS  Static NAT  Dynamic NAT  Port address translation (PAT)  Static NAT  Dynamic NAT  Port address translation (PAT)

Chapter 10: SECURING YOUR NETWORK PERIMETER44 FIREWALL ISSUES  Misconfiguration is a common cause of firewall failure.  Avoid default-allow and a default-deny rules.  Manage the rule execution order.  Keep firewalls patched and updated.  Misconfiguration is a common cause of firewall failure.  Avoid default-allow and a default-deny rules.  Manage the rule execution order.  Keep firewalls patched and updated.

Chapter 10: SECURING YOUR NETWORK PERIMETER45 FIREWALL VULNERABILITIES  Compromising the firewall management console or password  Circumventing the firewall  Physically tampering with the firewall  Creating outbound connections  Compromising the firewall management console or password  Circumventing the firewall  Physically tampering with the firewall  Creating outbound connections

Chapter 10: SECURING YOUR NETWORK PERIMETER46 SECURING FIREWALLS  Keep current on vendor-released information on your firewall.  Keep the firewall patched and updated.  Keep virus scanners updated.  Maintain physical access control.  Document the firewall configuration.  Keep current on vendor-released information on your firewall.  Keep the firewall patched and updated.  Keep virus scanners updated.  Maintain physical access control.  Document the firewall configuration.

Chapter 10: SECURING YOUR NETWORK PERIMETER47 SECURING FIREWALLS (CONT.)  Restrict management access.  Use complex passwords.  Test the firewall's filters and rules.  Look for bypasses or circumventions of the firewall's security.  Restrict management access.  Use complex passwords.  Test the firewall's filters and rules.  Look for bypasses or circumventions of the firewall's security.

Chapter 10: SECURING YOUR NETWORK PERIMETER48 SUMMARY  Security zones divide parts of the network that have different security requirements.  VLANs are a method for dividing a single physical network into separate broadcast domains.  Typical security zones are intranets, extranets, perimeter networks, and the Internet. Firewalls are often used to control traffic between these security zones.  Security zones divide parts of the network that have different security requirements.  VLANs are a method for dividing a single physical network into separate broadcast domains.  Typical security zones are intranets, extranets, perimeter networks, and the Internet. Firewalls are often used to control traffic between these security zones.

Chapter 10: SECURING YOUR NETWORK PERIMETER49 SUMMARY (CONT.)  The two most commonly used firewall topologies are the back-to-back design and the three-pronged design. A back- to-back design provides multiple layers of protection. The bastion host design provides the lowest level of security.  Firewalls differ in the features that they provide. Common features are packet filtering, circuit-level inspection, stateful inspection, application layer filtering, and proxy server functionality.  NAT allows multiple computers to communicate with the Internet by using a single routable IP address or a range of IP addresses. The main security benefit of NAT is that it hides hosts from the Internet.  The two most commonly used firewall topologies are the back-to-back design and the three-pronged design. A back- to-back design provides multiple layers of protection. The bastion host design provides the lowest level of security.  Firewalls differ in the features that they provide. Common features are packet filtering, circuit-level inspection, stateful inspection, application layer filtering, and proxy server functionality.  NAT allows multiple computers to communicate with the Internet by using a single routable IP address or a range of IP addresses. The main security benefit of NAT is that it hides hosts from the Internet.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.