Information Security Specialist Exam: Keywords for Firewall, IDS, IPS, UTM


Firewall

Basic Concepts

  • Packet Filtering Type
    • Header inspection, Rule-based filtering, Stateless operation
  • Application Gateway Type (Proxy Type)
    • Deep packet inspection, Protocol-specific proxies, Content filtering
  • Circuit Level Gateway Type
    • Session-level control, SOCKS protocol, Connection validation
  • Stateful Inspection (Dynamic Packet Filtering)
    • Connection state tracking, Session table, Context-aware filtering
  • DMZ (Demilitarized Zone) Configuration
    • Three-legged architecture, Dual firewall setup, Bastion hosts
  • Screening Router
    • Border router security, Basic ACL filtering, Perimeter defense

Technical Elements

  • ACL (Access Control List)
    • Rule priority, Implicit deny, Sequential processing
  • Port Number Filtering
    • Well-known ports, Service identification, Port range blocking
  • IP Address Filtering
    • Source/destination filtering, Whitelist/blacklist, Geolocation blocking
  • Protocol Filtering
    • TCP/UDP/ICMP control, Protocol anomaly detection, Layer 4 inspection
  • NAT/NAPT (IP Masquerading)
    • Address translation, Port address translation, Private IP hiding
  • Default Policy (deny all / permit all)
    • Least privilege principle, Implicit deny rule, Security baseline
  • Inbound/Outbound Control
    • Directional rules, Egress filtering, Ingress filtering

IDS (Intrusion Detection System)

Basic Functions

  • Unauthorized Access Detection and Notification
    • Alert generation, Event correlation, Threat intelligence integration
  • Real-time Monitoring
    • Continuous surveillance, Traffic analysis, Behavioral monitoring
  • Log Collection and Analysis
    • Event aggregation, Forensic analysis, Audit trail maintenance
  • Alert Generation
    • Severity classification, Alert prioritization, Notification mechanisms

Detection Methods

  • Signature-based Detection (Pattern Matching)
    • Known attack patterns, Signature database, Regular expression matching
  • Anomaly-based Detection
    • Baseline establishment, Statistical analysis, Machine learning models
  • Heuristic Detection
    • Behavioral analysis, Rule-based logic, Hybrid approach

Deployment Types

  • NIDS (Network-based IDS)
    • Promiscuous mode, Tap/SPAN monitoring, Network segment coverage
  • HIDS (Host-based IDS)
    • System call monitoring, File integrity checking, Log file analysis

Important Terms

  • False Positive
    • Benign traffic flagged, Alert fatigue, Tuning requirements
  • False Negative
    • Missed attacks, Detection gaps, Evasion techniques
  • Signature File Updates
    • Regular updates, Zero-day coverage, Custom signatures
  • Sensor Placement
    • Strategic positioning, Traffic visibility, Choke points

IPS (Intrusion Prevention System)

Differences from IDS

  • Active Defense (Detection + Blocking)
    • Automated response, Prevention capability, Real-time protection
  • Inline Deployment (In the communication path)
    • Bridge mode, Transparent operation, Fail-open/fail-close
  • Real-time Blocking
    • Immediate action, Packet dropping, Session termination
  • Automatic Response Function
    • Adaptive security, Dynamic rules, Countermeasure execution

Defense Functions

  • Malicious Packet Blocking
    • Signature matching, Protocol validation, Payload inspection
  • Session Termination
    • TCP reset, Connection teardown, Force disconnection
  • Attack Source IP Blocking
    • Temporary blacklisting, Shunning, Rate limiting
  • Traffic Normalization
    • Protocol standardization, Fragmentation handling, Ambiguity removal

Implementation Considerations

  • Risk of Blocking Legitimate Traffic due to False Positives
    • Business impact, Whitelist management, Testing requirements
  • Network Latency
    • Processing delay, Throughput impact, Performance degradation
  • Single Point of Failure Risk
    • High availability, Redundancy planning, Failover mechanisms

UTM (Unified Threat Management)

Integrated Functions

  • Firewall
    • Stateful inspection, NAT/VPN, Zone-based policies
  • IDS/IPS
    • Threat prevention, Signature updates, Behavioral analysis
  • Antivirus/Antispam
    • Malware scanning, Email filtering, Content sanitization
  • Web Filtering
    • URL categorization, Content blocking, SSL inspection
  • VPN Function
    • Site-to-site tunnels, Remote access, Encryption
  • Application Control
    • Layer 7 filtering, Application visibility, Bandwidth management
  • Content Filtering
    • Data loss prevention, Keyword blocking, File type restrictions

Characteristics

  • All-in-One Security
    • Consolidated platform, Simplified architecture, Single vendor solution
  • Centralized Management
    • Unified console, Single pane of glass, Simplified administration
  • For Small to Medium Networks
    • Cost-effective solution, Resource optimization, Scalability limits
  • Cost Reduction
    • Lower CapEx, Reduced OpEx, License consolidation

Considerations

  • Single Point of Failure (SPOF) Risk
    • Availability concerns, Redundancy requirements, Disaster recovery
  • Processing Capacity Limitations
    • Performance bottleneck, Throughput constraints, Resource contention
  • Performance Degradation with Added Features
    • Feature overload, CPU utilization, Memory constraints

Common Important Keywords

Attack Techniques

  • DoS/DDoS Attacks
    • Volumetric attacks, Resource exhaustion, Botnet operations
  • Port Scanning
    • Reconnaissance activity, Service enumeration, Vulnerability discovery
  • SQL Injection
    • Database manipulation, Input validation bypass, Query manipulation
  • Cross-Site Scripting (XSS)
    • Script injection, Session hijacking, Client-side attacks
  • Buffer Overflow
    • Memory corruption, Code execution, Stack smashing
  • Zero-Day Attack
    • Unknown vulnerabilities, No available patch, Advanced threats

Operations Management

  • Log Management and SIEM Integration
    • Event correlation, Threat intelligence, Compliance reporting
  • Security Policy Configuration
    • Rule optimization, Policy review, Change management
  • Regular Signature Updates
    • Automated updates, Threat intelligence feeds, Vendor notifications
  • Patch Management
    • Vulnerability remediation, Update scheduling, Testing procedures
  • Incident Response
    • Incident handling, Forensic investigation, Recovery procedures

Performance Metrics

  • Throughput
    • Bandwidth capacity, Data transfer rate, Maximum performance
  • Latency (Delay)
    • Processing time, Response delay, User experience impact
  • Concurrent Sessions
    • Connection limit, Session table size, Capacity planning
  • Processing Power (pps: packets per second)
    • Packet rate, Frame processing, Hardware acceleration