CyberPathCompTIA Security+ Study Guide4.5 Enterprise Capabilities

Domain 4

4.5 Enterprise Capabilities

Modify enterprise capabilities to enhance security.

0% Complete

1

4.5.1 Firewall

Rules, ACLs, screened subnets.

A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security rules.

Firewall Rules and ACLs Firewalls function as the primary gatekeeper of the network by using Access Control Lists (ACLs) to determine which traffic is permitted or denied. - Tuples: Rules are defined using specific identifiers, typically including source/destination IP addresses, source/destination port numbers, and the protocol (TCP/UDP/ICMP). - Implicit Deny: The final rule in any ACL that automatically drops all traffic not explicitly allowed by a previous rule. This follows the principle of least privilege. - Top-Down Logic: Firewalls process rules in sequential order. Once a match is found, the action (Allow/Deny) is taken, and no further rules are checked. - Permit vs. Deny: Administrators create specific "Permit" rules for known business needs (e.g., allow port 443 for web traffic) and "Deny" rules to block known threats.

Firewall Architectures The placement and type of firewall dictate how it protects different segments of the enterprise. - Stateless vs. Stateful: Stateless firewalls filter packets individually based on ACLs, while stateful firewalls track the "state" of active connections to ensure incoming packets are part of a valid, requested session. - Screened Subnet: Formerly known as a DeMilitarized Zone (DMZ), this is a physical or logical subnetwork that contains and exposes an organization's external-facing services (like web or mail servers) to an untrusted network, usually the internet. - Dual-Homed Firewall: A firewall with at least two network interfaces—one for the untrusted side and one for the internal, trusted side—ensuring all traffic must pass through the device. - Standard Compliance: Regulations like PCI DSS mandate the use of firewalls to protect cardholder data environments, requiring strict rule review processes.

Network Segmentation Firewalls enable defense-in-depth by separating the network into different zones of trust. - Internal Segmentation: Placing firewalls between departments (e.g., HR vs. Finance) to prevent lateral movement by attackers. - North-South Traffic: Traffic moving into and out of the data center/network. - East-West Traffic: Traffic moving laterally within a data center or network segment.

Quick recall - Implicit Deny: If it's not on the list, it's not getting in. - Screened Subnet: The buffer zone between the internet and the private LAN. - Protocol/Port: Common triggers include blocking Port 21 (FTP) or Port 23 (Telnet) for security. - Stateful Inspection: Remembers the "conversation" to prevent unsolicited outside traffic. - Sequential Processing: Always put your most specific/frequent rules at the top of the ACL.

2

4.5.2 IDS/IPS & Web Filter

3

4.5.3 OS Security

Group Policy, SELinux.

4

4.5.4 Secure Protocols & DNS Filtering

5

4.5.5 Email Security

DMARC, DKIM, SPF, gateway.

6

4.5.6 FIM, DLP, NAC & EDR/XDR