Next Generation Firewall and IPS explained | CCNA 200-301|
Vložit
- čas přidán 7. 08. 2024
- Traditional Firewalls
A firewall is a network security device that monitors incoming(from public to private) and outgoing (private to public)network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Security Zones
Firewalls use the concept of security zones when defining which hosts can initiate new connections.
The firewall rules define which host can initiate connections from one zone to another zone.
Also, by using zones, a firewall can place multiple interfaces into the same zone, in cases for which multiple interfaces should have the same security rules applied.
You can have 3 types of zones in firewall
The inside or trusted zone
The outside or untrusted zone
The DMZ zone
Intrusion Prevention Systems (IPS)
An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats.
A traditional intrusion prevention system (IPS) can sit in the path that packets take through the network, and it can filter packets same like a firewall and but it makes its decisions with different logic.
It uses a signature-based technology to detect network intrusions.
Cisco Next-Generation Firewalls
Cisco and some of their competitors started using the term next generation when discussing their security products to emphasize some of the newer features.
In short, a next-generation firewall (NGFW) and a next-generation IPS (NGIPS) are the now current firewall and IPS products from Cisco.
The following list mentions a few of the features of an NGFW.
* Traditional firewall: An NGFW platform also includes traditional firewall features, like stateful fire- wall filtering, NAT/PAT, and VPN termination. Along with traditional firewall feature we have AVC
* Application Visibility and Control (AVC): This feature looks deep into the application layer data to identify the application. For instance, it can identify the application based on the data, rather than port number, to defend against attacks that use random port numbers.
* Advanced Malware Protection: NGFW platforms run multiple security services such as A network-based anti-malware function can run on the firewall itself, blocking file transfers that would install malware, and saving copies of files for later analysis.
* URL Filtering: This feature examines the URLs in each web request, categorizes the URLs, and either filters or rate limits the traffic based on rules. The Cisco Talos security group monitors and creates reputation scores for each domain known in the Internet, with URL filtering being able to use those scores in its decision to categorize, filter, or rate limit.
* NGIPS: The Cisco NGFW products can also run their NGIPS feature along with the firewall.
* Note that for any of the services that benefit from being in the same path that packets traverse, like a firewall, it makes sense that over time those functions could migrate to run on the same product. So, when the design needs both a firewall and IPS at the same location in the network, these NGFW products can run the NGIPS feature as shown in the combined device in Figure 5-10.
* Lets see what are the new model of NGFW provided by cisco
* ASA 5500-X with FirePOWER Services For small to medium business, branch office
* Firepower 2100 Series For Internet edge to data center environmentsFirepower 4100 Series For Internet edge, high-performance environments
Firepower 9000 Series For service provider, data center
Cisco Next-Generation IPS
Similarly As with the NGFW, the NGIPS also adds new features to a traditional IPS.
* Traditional IPS: An NGIPS performs traditional IPS features, like using exploit signatures to compare packet flows, creating a log of events, and possibly discarding and/or redirecting packets.
* Application Visibility and Control (AVC): As with NGFWs, an NGIPS has the ability to look deep into the application layer data to identify the application.
* Contextual Awareness: NGFW platforms gather data from hosts such OS details software version, applications running, open Ports and so on. This data is fed to NGIPS which helps in NGIPS to focus on actual vulneribilites .
* Reputation-Based Filtering: A Cisco NGIPS can perform reputation-based filtering, taking the scores into account. (Which is updated by cisco TALOS security intelligence group)
* Event Impact Level: Security personnel need to assess the logged events, so an NGIPS provides an assessment based on impact levels, with characterizations as to the impact if an event is indeed some kind of attack.
#CCNA #NGFW #NGIPS #FREETRAINING - Věda a technologie
Thanks! This video helps a lot when involving network security and applying for the career.
Thanks for the quick and crisp explanation!
Volume 2...good one ❤️
Excellent sir
Great video have joined as a sub. I’m in tech risk in a financial institution
Well done
Very well giving understanding.
Thanks Parth :)
Great explanation 🔥
Thanks
Does ips have a common function with waf? Can ips fumction in leau of a waf
Nice very useful
Thanks a lot
Thanks bro 🙏🏽
Any time
Thanks. Nice video.
Can you please share information on how to access/observe the event log for IPS?.
Is it possible to generate an email based on event log related to suspecious activity.
Sure please share me your email address
I realize it's pretty randomly asking but do anyone know a good place to stream newly released series online ?
@Maddux Hayden Lately I have been using Flixzone. You can find it on google :)
insanely quite. I had to install an extension to turn your video audio up.
can you please let me know what is the software name for the handwriting or presentation you used?
Video scribe
please share these videos notes.
check the video description i have pasted the notes there :)
y r sound is very low
todays "exciting" session, lol
Video quality not good,please check
Noted
GOOD CONTENT! BUT A LOT OF FUMBLE
Great notes but speak to fast. Thats why we have full stop. Take it slow, its not the end of the world
NOTED.
good job man , but speak slowly next time please
Thanks for the advice.
+