SECURITY

LEARNING OUTCOME 02

R.LOGESHWARY AASHA
HND 48 | 2020.09.15
Table of Contents
Trusted Networks........................................................................................................................................................................2
Dematerialized Zone................................................................................................................................................................... 2
Secure Sockets Layer................................................................................................................................................................... 3
NAT (Network Address Translation)............................................................................................................................................3
Advantages & Dis-advantages of NAT.........................................................................................................................................3
Types of NAT...............................................................................................................................................................................4
1. Static NAT............................................................................................................................................................................4
2. Dynamic NAT....................................................................................................................................................................... 4
3. Port address Translation / NAT overload.............................................................................................................................4
4. Application Level Gateway..................................................................................................................................................4
Implementing a network monitoring system..............................................................................................................................4
Trusted Networks
A Trusted Network of a company is a network that the company uses to conduct its internal business. The Trusted Network
typically supports the backend systems, internal-only intranet web pages, data processing, messaging, and in some cases,
internal instant messaging. The problem with the definition above is that many assumptions are being made at these
companies. A Trusted Network is not always a secure network. In fact, in many cases the Trusted Network cannot be trusted.
The reason is that an internal network comprises many different networks.

 A common practice is to define the Trusted Network as the network that internal employees use when at the office or
via a secure controlled dial-in mechanism. A single access point is established to the outside world via a mechanism
called the Demilitarized Zone (DMZ).

Dematerialized Zone
 To protect your external servers. apart from a company computer

(Example: amazon.com) employee of the maintainanance.it does not have only a web server (multiple users at a time).

 Public internet is connecting (the first network card, IP address, type of users).
 External internet is connected to the Second network card.
 When network card 1 is giving permission to the second network card.
Following are some examples for dematerialized zone;

 Block port scans of your Trusted Network

 Block access to the Trusted Network via a single TCP port

 Block Denial of Service Attacks (DoS) from your trusted network

 Scan email messages for virus, content, and size

 Block passive eavesdropping/packet sniffing

Secure Sockets Layer
What does secure socket layer mean?

 Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over
internet.

SSL VPN—Hub

 One of the key security elements of a DMZ is the ability to terminate the IP connection at various points in the DMZ
and the trusted network. The example below shows a client connection on the Internet (untrusted) to an SSL VPN hub
on a trusted network.

 The traffic is routed into the DMZ, and then is terminated at the router.

 The IP address is now translated to a DMZ IP address, for 10.10.10.10.

 The DMZ can then provide some authentication and allow the traffic to route to the trusted side of the DMZ. At this
point, the IP address can be translated to another IP address, like 192.168.10.12.

 The packets are then routed to the SSL VPN device (hub).

NAT (Network Address Translation)

 Change the private IP address to public IP address.
 Gate way is the entrance of the network.(Remember when you buy a router; router does not have an IP address)
Advantages & Dis-advantages of NAT
Advantages

 The main advantage of Network address translation is it can prevent the depletion of IPv4 addresses.
 It can provide an additional layer of the security by making the original source and the destination addresses is hidden.

 NAT (Network Address Translation) provides increased flexibility when connecting to the public Internet.

 NAT (Network Address Translation) allows to use your own private IPv4 addressing system and prevent the internal
address changes if you change the service provider.
Dis-advantages
  NAT (Network Address Translation) is a processor and memory resource consuming technology, since NAT (Network
Address Translation) need to translate IPv4 addresses for all incoming and outgoing IPv4 datagrams and to keep the
translation details in memory.

 NAT (Network Address Translation) may cause delay in IPv4 communication.

 NAT (Network Address Translation) cause loss of end-device-to-end-device IP traceability.

 Some technologies and network applications will not function as expected in configured network.

Types of NAT
1. Static NAT
Example: (one public address & one private address)
 buying a fixed IP address (random IP address doesn't soot for )
 assume that if you have 100 computers & buying 100 IP address
2. Dynamic NAT
Example: (03 public address)
 they will be in a group(once the people connected to the internet it will gives an IP address)
 If another person means the 04 the person, he should stay until the public network gives a IP address.
3. Port address Translation / NAT overload
 Multiple private address used in a private network.
4. Application Level Gateway
 This kind of device -- technically a proxy and sometimes referred to as a proxy firewall.
 Combines some of the attributes of packet filtering firewalls with those of circuit-level gateways.
 They filter packets not only according to the service for which they are intended -- as specified by the destination
port. Also by certain other characteristics, such as the HTTP request string.

Implementing a network monitoring system

In this case, Routers and switches, virtual servers, wireless devices, and applications of all kinds need a 24/7 network
monitoring solution. Monitoring all your critical network technology means you can spot and fix issues fast, before they get
worse. 

Benefits of network monitoring

1. Stay ahead of outages

2. Fixing issues faster
3. Identify Security treats