08

Preventive Techniques

increasing resilience

tighten the security

removing weaknesses

precaution

-> doesnt adress existing threat

Reactive Techniques

adressing existing threat

addressing current incident

-> reaction to something happening

Rules what is disallowed inside a network

E.g. rules accessing prohibited websites

E.g. rules for private devices (smartphones/ tablets) E.g. rules for private/ company email usage

E.g. do not use Dropbox

Requirements

policy enforcement

user acceptance

Centralized Authentication provides one service inside a network for storing and changing user data. As many as possible servers, clients, switches, and other infrastructure devices connect to this service for verifying user credentials and ask for authorization information.

ypes of Firewalls:

• Software Firewalls: Installed on devices; flexible but may reduce performance.

• Hardware Firewalls: Dedicated devices; offer higher throughput and lower latency.

How Firewalls Work:

• Analyze traffic at the data-link, network, transport, and partially application layers.

• Can drop, reject, accept, or rewrite network packets.

Stateless vs. Stateful Firewalls:

• Stateless: Filters based on IP addresses, protocols, and ports.

• Stateful: Tracks connection states (e.g., established or new sessions) and protocol behavior.

Advantages of Firewalls:

✔ Manage access to services (IP/TCP/UDP...)

✔ Drop incorrect protocol communications

✔ Load-balance network services

✔ Throttle bandwidth usage per connection

✔ Enforce connection limits

DMZ (Demilitarized Zone)

A DMZ is a separate network segment that sits between a secure internal network and an untrusted network (like the internet).

Purpose:

• Hosts public-facing services (e.g., web servers, mail servers)

• Limits exposure of the internal secure network by isolating these services

• If a DMZ server is compromised, attackers don't get direct access to the internal network.

How It's Implemented:

• Originally: Positioned between two firewalls—one facing the internet, one facing the secure network.

• Today: Often created with another LAN port on a single firewall, segmenting traffic internally.

Network Segmentation is the practice of dividing a network into smaller, isolated segments (subnets) to control traffic flow, improve security, and enhance performance. Each segment can enforce its own security policies, limiting access between parts of the network.

Why It's Used:

• Limits the spread of attacks (like malware or ransomware).

• Improves performance by reducing congestion.

• Enhances security by restricting user or device access to only what's necessary.

Intrusion detection system? MFA? Awareness training?