Discuss one of the following topics:
- In this unit, we looked at the categories of network security software and devices. However, in the market, many of these have converged… the line between a firewall and a router is much less defined, especially in low to mid-range devices. Is this a good thing or a bad thing? What are the consequences of this convergence?
- In the presentation, there is some discussion on open source and commercial network security devices. Which would you prefer, and why? Does it depend on the environment? What do we sacrifice when we go with one over the other? Is there any intersection between open source and commercial network security devices?
- In the presentation, we see that there are two actions when not passing traffic… We can reject or deny. What is the difference between these? When might you use one or the other?
Donald Hoxhaj says
In the presentation, we see that there are two actions when not passing traffic… We can reject or deny. What is the difference between these? When might you use one or the other?
Traffic on a system can be dealt by either Rejecting or Denying. Both these options are used widely in filtering traffic from users to a system or server. Reject is used when the target host wants to reject packets received from source by sending and ICMP Unreachable message. The purpose of Reject is to tell the source that the system is active and that a firewall is being used to reject the packets received. Similarly, Deny is used when one wants to completely discard a user traffic to a target system. Such packets are dropped or discarded and there is no reply that is sent to a source host. One might use it when one wants to abstract spam traffic from genuine traffic. An organization might not want to block a traffic, but because the system wants to prevent any security threat, it is programmed in a way that it is asked to reject certain traffic.
Jason A Lindsley says
This is a good explanation Donald. I liked your example of denying spam traffic from genuine traffic. Another example of where you may want to deny traffic without a response is when traffic is suspected to be generated from a botnet attack (e.g. denial of service or brute force credential attack). In those instances, I would want to discard the traffic and give no indication of whether the packet was received. Sending a response to these connections could result in additional network traffic and could give the attacker useful information about the environment.
Ahmed A. Alkaysi says
In this unit, we looked at the categories of network security software and devices. However, in the market, many of these have converged… the line between a firewall and a router is much less defined, especially in low to mid-range devices. Is this a good thing or a bad thing? What are the consequences of this convergence?
I think it is ultimately a good thing. The majority of consumer do not even know what a router vs a firewall is. If the two were completely separate, there might not have been a firewall installed repeatedly if an unknowing person ended up purchasing either a low or mid-range device.
The biggest issue with this, however, might be the inability to configure the firewall to ones liking. The firewall that exists in one of the devices might be a pre-configured one that has existing vulnerabilities. A bad-actor might figure this out and exploit a number of devices owned by people or company’s they personally know.
Fred Zajac says
I believe the converged technology is a good thing for overall cost, maintenance, and functionality. We are seeing just about every software application provider creating API’s to integrate with another application, and your example of hardware with firewall and routers.
The greatest benefit is from a cost stand point. Purchasing two separate pieces of hardware and performing maintenance on the device, and probably an annual support fee can be a burden on the bottom line. To ease the cost, hardware providers combined their technologies to form a single point of service. The other benefit is the ease of use. The easy configurations and user interface makes managing multiple devices remotely possible. Not to mention the new “home” market demand for firewall and routers. Home users are connecting more and more devices and need to provide a level of protection and functionality. These multi-functional devices allow ISP’s to market to the non-technical home user.
The consequences are when one service goes down, the other service will go down. This is because it is all on one device. If the power cord for the device is damaged, no router or firewall for the network. If they were separate, you would be able to get functionality out of the non-broken device. You will also be held to the terms of the company for both devices. If you don’t like the way the router works, but love the way the firewall works… What do you do then? You can’t just have the firewall, you have to have both.
In the presentation, there is some discussion on open source and commercial network security devices. Which would you prefer, and why? Does it depend on the environment? What do we sacrifice when we go with one over the other? Is there any intersection between open source and commercial network security devices?
Oby Okereke says
Some of the consequences of converging network software and devices is saving overall power consumption, smarter devices and systems as convergence leads to smarter system that can do more eliminating duplicity of efforts in the network environment. Depending on how one looks at it, it could be good and bad. Good in the sense that the one device can do more, bad in the sense that coupling different requirements might not necessarily offer a high level of expertise in one area.
With regard to open source network security devices and commercialized network security devices, the environment plays a major role as to which of them will be implemented. Open source is mostly freely available but lacks vendor support thus users of open source may not get support should an issue arise unlike commercialized network security devices which come with vendor support depending on the level of service that the user buys into. For an environment that calls for more flexibility, open source is usually the preference due to lack of restrictions as to how it can be configured whereas with commercialized products, specific configuration methods has to be followed as instructed by the vendor.
The difference between reject or deny is that deny will drop the traffic without any response, while the reject option will block the traffic and report back to the client that the destination is unreachable.
Fraser G says
In the presentation, there is some discussion on open source and commercial network security devices. Which would you prefer, and why? Does it depend on the environment? What do we sacrifice when we go with one over the other? Is there any intersection between open source and commercial network security devices?
I would prefer open source. I like the idea of having crowd sourced knowledge, and an open architecture that can be scrutinized by anyone. I understand the need for commercial network security devices, however I have read too many articles, about too many 3 letter agencies having backdoors into all of these systems. That actually isn’t what bothers or worries me, its just knowing that if someone built a door, chances are either that exploit is known or will be known about – see the NSA leaks over the past recent years.
It certainly depends on the environment. There are lots of niche markets that aren’t large enough to attract open source development, Brian you probably have experience with this. Also, lots of hardware in these kinds of markets can only run a commercial product, for obvious reasons ($). I don’t blame them, I would just use opensource if its an option.
Opensource: The emperor has no clothes
Commercial/Closed: The emperor has no clothes and only the emperor can see (everyone else is blind – except for the bad guys).
I like the Redhat model, free products with paid services – I think that would be the model you mention at the intersection of open source and commercial. Also, I am pretty sure RADIUS – Does something like IEEE 802.11 have licensing fees? (passed on to consumers/users?)
Brent Hladik says
In this unit, we looked at the categories of network security software and devices. However, in the market, many of these have converged… the line between a firewall and a router is much less defined, especially in low to mid-range devices. Is this a good thing or a bad thing? What are the consequences of this convergence?
In this case it is not necessary a bad idea as many laptops etc have a combination network setup and firewall on the same device. Just the only issue would be the person setting up the device would need to ensure they are enabling the right ports on the fire wall.
In the presentation, there is some discussion on open source and commercial network security devices. Which would you prefer, and why? Does it depend on the environment? What do we sacrifice when we go with one over the other? Is there any intersection between open source and commercial network security devices?
Personally I would trust more commercial based network devices as they are held to a higher standard to make sure their devices are updated on a regular basis as there is no guarantee that open sourced base devices would be updated on a reg basis.
In the presentation, we see that there are two actions when not passing traffic… We can reject or deny. What is the difference between these? When might you use one or the other?
Basically with reject a message is sent back to the sender if they are rejected. If denied they won’t get back any message.
Ryan P Boyce says
There are two ways to prevent a packet from reaching a destination address. The packet can either be Dropped or Rejected. The difference lies in the response the sender gets back regarding this prevention. In the case of a Rejection, the sender would receive a response back from where the packet was dropped stating, “Destination Unreachable”. This is basically a friendly response to users that let them know the hose they’re trying to reach is there but it is not taking packets from them for whatever reason. When a application receives a Rejection response, it ends its attempts at connection. In the case of Dropping a packet, the receiver is intending to completely forbid any communcation with that sender at all. Here, the application sending packets does not get a response back (“Host Unreachable”) so it keeps trying to reestablish the connection. Dropping packets is beneficial to preventing malicious users getting access to any information about a system.
Shi Yu Dong says
Traffic on a system can be managed by either Rejecting or Denying. Both these choices are utilized broadly in separating activity from clients to a framework or server. Reject is utilized when the objective host needs to dismiss parcels got from source by sending and ICMP Unreachable message. The reason for Reject is to tell the source that the framework is dynamic and that a firewall is being utilized to dismiss the parcels got. Likewise, Deny is utilized when one needs to totally dispose of a client movement to an objective framework. Such parcels are dropped or disposed of and there is no answer that is sent to a source have. One may utilize it when one needs to digest spam movement from honest to goodness activity. An association might not have any desire to obstruct a movement, but rather in light of the fact that the framework needs to keep any security risk, it is modified in a way that it is made a request to dismiss certain activity.
Younes Khantouri says
In the presentation, we see that there are two actions when not passing traffic… We can reject or deny. What is the difference between these? When might you use one or the other?
So many people get confused to make the difference between reject or deny in a network traffic. Deny traffic means drop it without any response, this is when the firewall defines the traffic as suspicious and an actions needs to be done to prevent any type of attacks. However, reject traffic means that the system or the firewall is predefined to stop the traffic for a reason such as a policy created by the architecture administrator. In this case, the client received a message back to be informed with the reason for the rejection,
A good example of traffic reject is when the administrator created a policy doesn’t let certain traffic to go through.In this case the client will know why their traffic can’t go through. In the other hand, a good example of a deny traffic will be when a firewall define one of hacking attack is trying to access through the traffic, In this case the deny action will be taking a place and a deny traffic without informing the client.
Sachin Shah says
In the presentation, we see that there are two actions when not passing traffic… We can reject or deny. What is the difference between these? When might you use one or the other?
reject and deny in both cases result in a closed or gap in connectivity. Reject may mean that the data is corrupt or that a server is open but can not connect to a port. reject can also mean the message header or message type is wrong and to drop that message. Whereas deny means that this connection is not trusted, not allowed and therefore denied.
As stated reject is based upon policy, rule, and configuaration. Denial is because there may be secuirty breach and denial of connectivity..