Next Generation Firewall and IPS explained | CCNA 200-301|
Traditional Firewalls
A firewall is a network security device that monitors incoming(from public to private) and outgoing (private to public)network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Security Zones
Firewalls use the concept of security zones when defining which hosts can initiate new connections.
The firewall rules define which host can initiate connections from one zone to another zone.
Also, by using zones, a firewall can place multiple interfaces into the same zone, in cases for which multiple interfaces should have the same security rules applied.
You can have 3 types of zones in firewall
The inside or trusted zone
The outside or untrusted zone
The DMZ zone
Intrusion Prevention Systems (IPS)
An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats.
A traditional intrusion prevention system (IPS) can sit in the path that packets take through the network, and it can filter packets same like a firewall and but it makes its decisions with different logic.
It uses a signature-based technology to detect network intrusions.
Cisco Next-Generation Firewalls
Cisco and some of their competitors started using the term next generation when discussing their security products to emphasize some of the newer features.
In short, a next-generation firewall (NGFW) and a next-generation IPS (NGIPS) are the now current firewall and IPS products from Cisco.
The following list mentions a few of the features of an NGFW.
* Traditional firewall: An NGFW platform also includes traditional firewall features, like stateful fire- wall filtering, NAT/PAT, and VPN termination. Along with traditional firewall feature we have AVC
* Application Visibility and Control (AVC): This feature looks deep into the application layer data to identify the application. For instance, it can identify the application based on the data, rather than port number, to defend against attacks that use random port numbers.
* Advanced Malware Protection: NGFW platforms run multiple security services such as A network-based anti-malware function can run on the firewall itself, blocking file transfers that would install malware, and saving copies of files for later analysis.
* URL Filtering: This feature examines the URLs in each web request, categorizes the URLs, and either filters or rate limits the traffic based on rules. The Cisco Talos security group monitors and creates reputation scores for each domain known in the Internet, with URL filtering being able to use those scores in its decision to categorize, filter, or rate limit.
* NGIPS: The Cisco NGFW products can also run their NGIPS feature along with the firewall.
* Note that for any of the services that benefit from being in the same path that packets traverse, like a firewall, it makes sense that over time those functions could migrate to run on the same product. So, when the design needs both a firewall and IPS at the same location in the network, these NGFW products can run the NGIPS feature as shown in the combined device in Figure 5-10.
* Lets see what are the new model of NGFW provided by cisco
* ASA 5500-X with FirePOWER Services For small to medium business, branch office
* Firepower 2100 Series For Internet edge to data center environmentsFirepower 4100 Series For Internet edge, high-performance environments
Firepower 9000 Series For service provider, data center
Cisco Next-Generation IPS
Similarly As with the NGFW, the NGIPS also adds new features to a traditional IPS.
* Traditional IPS: An NGIPS performs traditional IPS features, like using exploit signatures to compare packet flows, creating a log of events, and possibly discarding and/or redirecting packets.
* Application Visibility and Control (AVC): As with NGFWs, an NGIPS has the ability to look deep into the application layer data to identify the application.
* Contextual Awareness: NGFW platforms gather data from hosts such OS details software version, applications running, open Ports and so on. This data is fed to NGIPS which helps in NGIPS to focus on actual vulneribilites .
* Reputation-Based Filtering: A Cisco NGIPS can perform reputation-based filtering, taking the scores into account. (Which is updated by cisco TALOS security intelligence group)
* Event Impact Level: Security personnel need to assess the logged events, so an NGIPS provides an assessment based on impact levels, with characterizations as to the impact if an event is indeed some kind of attack.
#CCNA #NGFW #NGIPS #FREETRAINING
ccna