Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    4) HND - SEC - W4 - Network Security Infrastructure

    Uploaded by

    Dulanja Omesh

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    4) HND - SEC - W4 - Network Security Infrastructure

    Uploaded by

    Dulanja Omesh
    2 views19 pages

    Original Title

    4) HND_SEC_W4_Network Security Infrastructure

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views19 pages

    4) HND - SEC - W4 - Network Security Infrastructure

    Uploaded by

    Dulanja Omesh

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 19

    Unit 5 –Security

    LO2. Describe IT security solutions.


    4. Network Security Infrastructure.

    1
    Network Security Infrastructure.

    ▪Network Address Translation (NAT)


    ▪Demilitarized Zone (DMZ)
    ▪Firewalls

    2
    Network Address Translation (NAT)

    ▪The main use of NAT is to limit the number of public IP


    addresses an organization or company must use, for
    both economy and security purposes.
    ▪With NAT, an enterprise does not need to register large,
    expensive IP address blocks.

    3
    Network Address Translation (NAT)
    ▪ NAT allows a single network device, such as a router or
    firewall, to act as an agent between the public network
    space and a private network space.
    ▪The NAT-enabled agent makes it possible to use a single
    IP address to represent an entire group of networked
    computers.
    ▪A technology that is useful to many network
    administrators because it saves time and money when
    dealing with network IP addresses.
    4
    Network Address Translation (NAT)
    ▪NAT helps network administrators manage the private
    and public portions of their network because with NAT,
    administrators can separate the private and public
    address spaces.
    ▪The address separation means that NAT makes the
    physical device in the private network independent of
    the IP address hosts in the public network.

    5
    Network Address Translation (NAT)

    6
    Network address translation is
    categorised into the following general
    types:
    ▪Static NAT maps a private address to a public address
    in a one-to-one relationship. Static NAT is most often
    used to assign a public address to a device behind a
    NAT-enabled firewall/router.
    ▪Dynamic NAT maps a private address to a public
    address on an as-needed basis. Utilises a pool of
    global addresses to dynamically translate the outbound
    traffic of clients behind a NAT-enabled device.

    7
    Network address translation is
    categorised into the following general
    types:

    ▪NAT Overload or Port Address Translation (PAT) –


    translates the outbound traffic of clients to unique port
    numbers off of a single global address. PAT is
    necessary when the number of internal clients exceeds
    the available global addresses.

    8
    DMZ

    ▪A DMZ (demilitarized zone), is a physical or


    logical subnet that separates an internal local area
    network (LAN) from other untrusted networks .(public
    internet)
    ▪A host or network that acts as a secure and
    intermediate network or path between an organization's
    internal network and the external, or non-propriety,
    network.

    9
    DMZ

    ▪A typical DMZ is a designated area just outside of the


    trusted network that houses public accessible
    resources.
    ▪The ultimate goal of a DMZ is to allow access to
    resources from untrusted networks while keeping the
    private network secured.

    10
    DMZ

    11
    Firewalls
    ▪ A firewall is a system designed to prevent unauthorized
    access to or from a private network.
    ▪ Firewalls prevent unauthorized internet users from
    accessing private networks connected to the internet,
    especially intranets.
    ▪ Firewalls can either be hardware and/or software based.
    ▪ Firewalls can also be Host-based or Network-based.
    ▪ Basic task is to control traffic between computer networks
    with different zones of trust.

    12
    Firewalls

    ▪The ultimate goal is to provide controlled interfaces


    between zones of differing trust levels through the
    enforcement of a security policy and connectivity model
    based on the least privilege principle and separation of
    duties.

    13
    Firewalls

    ▪Proper configuration of firewalls demands skill from the


    firewall administrator.
    ▪It requires considerable understanding of network
    protocols and of computer security. Small mistakes can
    render a firewall worthless as a security tool.

    14
    Host based firewall

    ▪A host-based firewall is a firewall installed on each


    individual server that controls incoming and outgoing
    network traffic and determines whether to allow it into a
    particular device.
    ▪Example: The Microsoft firewall that comes with a
    Windows-based computer. Server

    Firewall

    15
    Host based firewall

    16
    Network based firewall

    ▪A network-based firewall is a firewall that is built into the


    infrastructure of the cloud or network (i.e. Amazon’s
    firewall in AWS environments) or a virtual firewall
    service such as those offered by Cisco, VMware and
    Check Point.

    17
    Network based firewall

    18
    Lesson Summary

    ▪Network Address Translation (NAT)


    ▪DMZ
    ▪Firewalls
    Host based firewall
    Network based firewall

    19

    You might also like