Firewall And Filtering

at
Categories
Tags

 

 

Our data infrastructure is constantly being attacked by hackers. Network administrators are being challenged on a daily basis to defend their intranet and other systems on the Internet. As a network administrator for Andrew’s Biometrics Corp (ABC), you face the following problem.

ABC has a series of load balanced Web servers that provide information about the organization, advertise products, process online orders, and allow customers to make payments. These systems need to be protected from denial-of-service attacks. There are many types of firewalls on the market today. Legacy firewalls tend to filter packets based on protocol types or IP addresses. Most recent firewalls can function on top of the application layer of the TCP/IP model and filter packets-based content.

Research a minimum of two industry resources (e.g., National Institute for Standards & Technology [NIST], Institute of Electrical and Electronic Engineers [IEEE], Internet Engineering Task Force [IETF], etc.) on this topic. (Access the MISM Credible Resource GuideLinks to an external site. for assistance with finding appropriate credible professional resources.) Using the concept of a Demilitarized Zone (DMZ) and relevant diagrams, explain the design of your network and how you would segment it. Examine various firewall types and select the appropriate firewall to best protect the computing infrastructure of ABC. It is critical to manage the traffic in and out from the Internet and protect the internal digital resources, including customer data. Access your virtual lab environment and create a diagram using Visio to visually represent the proposed firewall layout. Include the diagram as an image within your document.

 

Sample Solution

Introduction

Andrew’s Biometrics Corp (ABC) is a company that specializes in biometric security solutions. The company has a series of load balanced Web servers that provide information about the organization, advertise products, process online orders, and allow customers to make payments. The company’s data infrastructure is constantly being attacked by hackers, and network administrators are being challenged on a daily basis to defend their intranet and other systems on the Internet.

Problem Statement

ABC needs to protect its load balanced Web servers from denial-of-service attacks. Traditional firewalls are not effective at mitigating these types of attacks, as they typically filter packets based on protocol types or IP addresses. ABC needs a firewall that can filter packets based on content, as well as one that can understand the state of active network connections.

Industry Resources

  • National Institute for Standards & Technology (NIST): NIST Cybersecurity Framework (CSF)
  • Institute of Electrical and Electronic Engineers (IEEE): IEEE Standard for Information Technology – Telecommunications and Information Exchange between Systems – Local and Metropolitan Area Networks – Specific Requirements – Part 3: CSMA/CD Access Method and Physical Layer Specifications
  • Internet Engineering Task Force (IETF): RFC 5735 – Network Security with IPsec

Demilitarized Zone (DMZ)

A DMZ is a network segment that is located between an organization’s internal network and the Internet. The DMZ is typically used to host publicly accessible servers, such as Web servers and email servers. The DMZ helps to protect the organization’s internal network from unauthorized access, even if the DMZ servers are compromised.

Network Segmentation

Network segmentation is the process of dividing a network into smaller subnetworks. This helps to improve security and performance by isolating different types of traffic and preventing unauthorized access to critical systems.

Firewall Types

  • Packet-filtering firewall: Packet-filtering firewalls filter packets based on source and destination IP addresses, port numbers, and protocols.
  • Stateful inspection firewall: Stateful inspection firewalls keep track of active network connections and use this information to make decisions about whether or not to allow traffic.
  • Application-layer firewall: Application-layer firewalls inspect the content of packets to determine whether or not to allow traffic.

Design Considerations

When designing a network security solution for ABC, the following considerations must be taken into account:

  • Security: The solution must be effective at protecting the company’s Web servers from denial-of-service attacks and other threats.
  • Performance: The solution must not have a significant impact on the performance of the company’s network.
  • Scalability: The solution must be able to scale to meet the needs of the company as it grows.
  • Cost: The solution must be cost-effective.

Recommended Firewall

The recommended firewall for ABC is a next-generation firewall (NGFW). NGFWs are a type of application-layer firewall that can inspect the content of packets to determine whether or not to allow traffic. NGFWs are also able to keep track of active network connections and use this information to make decisions about whether or not to allow traffic.

Visio Diagram

Opens in a new windowlessonsintech.wordpress.com

Visio diagram showing the proposed firewall layout

Implementation

The following steps can be taken to implement the proposed firewall layout:

  1. Deploy a NGFW in the DMZ.
  2. Configure the NGFW to allow traffic to the Web servers.
  3. Configure the NGFW to block all other traffic to the DMZ.
  4. Configure the NGFW to inspect the content of packets and block those that contain malicious content.
  5. Configure the NGFW to keep track of active network connections and use this information to make decisions about whether or not to allow traffic.

Conclusion

The proposed firewall layout will help to protect ABC’s Web servers from denial-of-service attacks and other threats. The NGFW will be able to inspect the content of packets and block those that contain malicious content. The NGFW will also be able to keep track of active network connections and use this information to make decisions about whether or not to allow traffic.

 

This question has been answered.

Get Answer
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, Welcome to Compliant Papers.
Hi, how can I help?