• Firewalls and Host-Based Intrusion Prevention—Firewalls resist network attacks, serve as the only point between internal and external networks, and enforce access control policies. They protect hosts from exposure, sanitize protocol flow, and block malicious data from servers and clients. Firewalls are ineffective if misconfigured or out of date. They can slow networks and some data cannot be passed over them.
There are various types of firewalls. Packet filtering (stateless) firewalls are usually part of a router firewall. They permit or deny traffic based on Layer 3 and Layer 4 information. Stateful firewalls are the most versatile and the most common firewall technologies in use. Stateful filtering is a firewall architecture that is classified at the network layer. It also analyzes traffic at OSI Layer 4 and Layer 5. An application gateway firewall (proxy firewall) filters information at Layers 3, 4, 5, and 7 of the OSI reference model. Next-generation firewalls (NGFWs) go beyond stateful firewalls. Transparent firewalls filter traffic between two bridged interfaces. Hybrid firewalls combine attributes of the other firewall types.
Packet filtering firewalls are usually part of a router firewall. They use simple permit or deny rules, have low impact on network performance, are easy to implement, and provide initial security at the network layer. They are susceptible to IP spoofing, may not be effective against fragmented packets, and can use complex ACLs that are difficult to use and maintain. Stateful firewalls are often the primary means of defense by filtering unwanted, unnecessary, and undesirable traffic. They are generally more effective than stateless firewalls. However, they cannot prevent application layer attacks, are less effective against stateless protocols, have difficulty tracking dynamic port negotiation, and do not use authentication.
Host-based personal firewalls are standalone software programs that control traffic entering or leaving a computer. Host-based firewalls may use a set of predefined policies, or profiles, to control packets entering and leaving a computer. They also may have rules that can be directly modified or created to control access based on addresses, protocols, and ports. Examples include Windows Defender Firewalls, iptables, nftables, and TCP Wrappers.
Antimalware protection consists of antivirus, adware, phishing, and spyware protection. Some antimalware software combines features of the different types.
• Secure Wireless Access—Wireless networks are susceptible to a number of threats, including: interception of data, wireless intruders, DoS attacks, and rogue APs. DoS attacks can result from improperly configured devices, malicious user interference, and accidental interference. Rogue APs can be used by an attacker to capture MAC addresses, capture data packets, gain access to network resources, or launch a man-in-the-middle (MitM) attack. In an MitM attack, the hacker is positioned between two legitimate entities in order to read or modify the data that passes between the two parties.
In SSID cloaking, the SSID beacon frame is disabled. For MAC address filtering, an administrator can manually permit or deny clients wireless access based on their physical MAC hardware address.
Open system authentication should only be used in situations where security is of no concern. Shared key authentication provides mechanisms such as WEP, WPA, WPA2, and WPA3 to authenticate and encrypt data between a wireless client and AP. WEP and WPA authentication are outdated and insecure. WPA2 is recommended at a minimum, with WPA3 preferred when it becomes available.
Personal authentication requires configuration of a username and pre-shared password. Enterprise authentication requires the use of a RADIUS authentication server using 802.1x with Extensible Authentication Protocol (EAP).
Encryption protects data by making it unreadable if intercepted. WPA2 uses Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES).
WPA3, when available, is the recommended 802.11 authentication method. It includes WPA3-Personal, WPA3-Enterprise, Open Networks, and IoT onboarding. WPA3 open or public Wi-Fi networks still do not use any authentication. However, they do use Opportunistic Wireless Encryption (OWE) to encrypt all wireless traffic. For IoT onboarding, WPA3 uses Device Provisioning Protocol (DPP) to securely onboard IoT devices.
My friend, Lara, has been very busy working at the college. She created a troubleshooting guide for new help desk technicians, then worked on a cybersecurity awareness campaign to educate all college users. Finally, she helped review and develop security policies to secure the college and its users.
As you can see, there are a lot of things that a help desk technician must know. But that is exciting because there is always something new to learn. Can you be a practical help desk technician on a team in an IT department?