You're reading from Network Protocols for Security Professionals Probe and identify network-based vulnerabilities and safeguard against network protocol breaches

Product type Paperback

Published in Oct 2022

Publisher Packt

ISBN-13 9781789953480

Length 580 pages

Edition 1st Edition

Languages

Python

Tools

Metasploit

Concepts

Network Security

Authors (2):

Deepanshu Khanna

Yoram Orzach

View More author details

Table of Contents (23) Chapters

Preface

1. Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools

2. Chapter 1: Data Centers and the Enterprise Network Architecture and its Components FREE CHAPTER

3. Chapter 2: Network Protocol Structures and Operations

4. Chapter 3: Security Protocols and Their Implementation

5. Chapter 4: Using Network Security Tools, Scripts, and Code

6. Chapter 5: Finding Protocol Vulnerabilities

7. Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks

8. Chapter 6: Finding Network-Based Attacks

9. Chapter 7: Detecting Device-Based Attacks

10. Chapter 8: Network Traffic Analysis and Eavesdropping

11. Chapter 9: Using Behavior Analysis and Anomaly Detection

12. Part 3: Network Protocols – How to Attack and How to Protect

13. Chapter 10: Discovering LAN, IP, and TCP/UDP-Based Attacks

14. Chapter 11: Implementing Wireless Network Security

15. Chapter 12: Attacking Routing Protocols

16. Chapter 13: DNS Security

17. Chapter 14: Securing Web and Email Services

18. Chapter 15: Enterprise Applications Security – Databases and Filesystems

19. Chapter 16: IP Telephony and Collaboration Services Security

20. Assessments

21. Index

Why subscribe?

22. Other Books You May Enjoy

The network perimeter

The network perimeter is the boundary between the private locally managed enterprise network and public networks such as the internet.

A network perimeter, as shown in the following diagram, includes firewalls, Intrusion Detection and Prevention Systems (IDPSes), application-aware software, and sandboxes to prevent malware from being forwarded to the internal network:

Figure 1.11 – The perimeter architecture

There are three zones on the perimeter that act as boundaries between the organization's private network and the internet:

Internal zone: This is the area that is used for organizing users and servers. It is also referred to as the trusted zone. This is the zone with the highest level of security. No access is allowed from the external zones to the internal zone and all access, if any, should be through the DMZ.
Demilitarized Zone (DMZ): This is the area that users from the internet can access, under restrictions. Here will be, for example, mail relays, which receive emails from external servers and forward them to the internal server on the Secured Zone (SZ), as well as websites and proxies, which act as mediation devices for controlling access to important servers, and others.
External zone: This is the connection to external networks, such as Internet Service Providers (ISPs) and other external connections.

Usually, the architecture is more complex; there can be several DMZs for several purposes, several SZs for different departments in the organization, and so on. The firewall's cluster may also be distributed when each firewall is in a different location, and there can be more than two firewalls.

In the Zero-Trust architecture, created by John Kindervag from Forrester Research, we talk about deeper segmentation of the network, which is when we identify a protected surface made from the network's critical Data, Assets, Applications, and Services (DAAS), and designing the firewall topology and defenses according to it. In this architecture, we talk about the trusted area, which is for users and servers, the untrusted area, which is for external connections such as the internet, and the public areas, which is for frontend devices and services that are being accessed from the external world.

Additional software can be implemented in the perimeter: intrusion detection and prevention systems, sandboxes that run suspicious software that's been downloaded from the internet, web and mail filters, and others. These can be implemented as software on the firewall or as external devices.

Attacks from the perimeter are common. There will be malicious websites, emails with malicious attachments, intrusion attempts, and many others.

Data networks attacks can focus on the network itself or network components. Now that we've talked about the network topology, let's learn how the network components are built.

You're reading from Network Protocols for Security Professionals Probe and identify network-based vulnerabilities and safeguard against network protocol breaches

Table of Contents (23) Chapters

The network perimeter

Authors (2)

Personalised recommendations for you