11.1 Introduction to Firewalls and Network Security Flashcards

1
Q

Security professionals use the concept of _____ to implement security controls.

A

Security professionals use the concept of defense in depth to implement security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the seven basic layers of layered defense?

A
  1. Data - Attacker’s ultimate target.
  2. Application - Software used to defend networks.
  3. Host - Physical hardware running applications and storing data.
  4. Internal Network - everything between the host and the perimeter defenses.
  5. Perimeter - Hardware; everything external to the network.
  6. Physical - Physical barriers
  7. Policies, Procedures, Awareness - Written documentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The _______ is an intelligence-driven defense framework designed to identify and prevent cyber intrusions.

A

The cyber kill chain is an intelligence-driven defense framework designed to identify and prevent cyber intrusions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Cyber Kill Chain

Adversaries are categorized into three designations:

A

Advanced - An adversary who is targeted, coordinated, and purposeful.

Persistent - An adversary who is relentless and undeterred by time.

Threat - An adversary with opportunity, intent, and capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which layer of defense applies:

A criminal hacker cuts through a security fence to gain access to the property.

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which layer of defense applies:

A user clicks on a nefarious email, which downloads and installs malware on their computer.

A

Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which layer of defense applies:

An employee walks away from their terminal and leaves their screen unlocked.

A

Host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which layer of defense applies:

A criminal hacker scans a network to see which ports are open.

A

Perimeter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which layer of defense applies:

An employee forwards an email containing social security numbers to their personal email account.

A

Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which layer of defense applies:

An employee allows a stranger to tailgate them into a secured facility.

A

Policies, Procedures, Awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which layer of defense applies:

A disgruntled employee tries to log into their computer with administrative privileges when they only have basic user rights.

A

Internal Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which layer of the Cyber Kill Chain applies:

An attacker breaches a network and installs a remote access trojan, providing the attacker remote control over the computer.

A

Installation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which layer of the Cyber Kill Chain applies:

An attacker sucessfully enumerates company employee profiles and crafts convincing phishing emails that contain malware.

A

Weaponization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which layer of the Cyber Kill Chain applies:

An attacker sends commands to infected hosts (zombies), which generate pings to a remote victim’s IP address.

A

Explotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which layer of the Cyber Kill Chain applies:

An employee finds a USB thumb drive in the office parking lot and plugs it into their company’s workstation to see what’s on it.

A

Delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which layer of the Cyber Kill Chain applies:

An attacker compiles employee information from LinkedIn and gets the names and phone numbers of company personnel from publicly available resources.

A

Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which layer of the Cyber Kill Chain applies:

An attacker breaches a network, logs into the company’s server, copies files to a folder, compresses it, encrypts it, and exfiltrates the files to their local hard drive.

A

Action on Objectives

18
Q

______ provide a layer of protection by analyzing data leaving and entering a network.

A

Firewalls provide a layer of protection by analyzing data leaving and entering a network.

19
Q

Firewalls can be used to either control access to a single host (_______ firewall) or an entire network (_______ firewall).

A

Firewalls can be used to either control access to a single host (host-based firewall) or an entire network (network firewall).

20
Q

Network-based and host-based firewalls work in the same way:

A
  1. Intercept traffic before it reaches its target host or router.
  2. Inspect the source and destination address and ports, TCP flags, and other features of the incoming packets.
  3. Allow packets that come from trusted sources and deny packets that don’t.
21
Q

MAC firewalls operate on ______ of the OSI and filter based on source and destination MAC addresses.

A

Layer 2

The Media Access Control (MAC) address is a unique hardware ID that helps communicate with each other.

22
Q

MAC Layer Firewall

True or False:

Routers compare the IP address of a device against an approved list. If there is a match, the traffic is forwarded to that device.

A

False

Routers compare the MAC address of a device against an approved list. If there is a match, the traffic is forwarded to that device.

23
Q

MAC Layer Firewall Advantages / Disadvantages

A

Advantages:
Can secure the network from novice attackers.

Disadvantages:
Can be easily bypassed by MAC spoofing.

24
Q

Packet-Filtering Firewalls (Stateless)

Stateless packet-filtering firewalls operate between _____ and _____of the OSI model.

A

Stateless packet-filtering firewalls operate between Layer 3 and Layer 4 of the OSI model.

25
Q

Stateless packet-filtering firewalls create _______ within a router and examine _______ as they progress through an interface. If the information does not pass the inspection, it is dropped.

A

Stateless packet-filtering firewalls create checkpoints within a router and examine packets as they progress through an interface. If the information does not pass the inspection, it is dropped.

26
Q

Packet-Filtering Firewalls (Stateless) Advantages / Disadvantages

A

Advantages:
Not resource intensive, meaning they are low-cost and do not have a significant impact on system performance. Work best with small networks.

Disadvantages:
Easy to subvert compared to more robust firewalls. Only operate at the network layer. They are vulnerable to spoofing and do not support custom based rule sets.

27
Q

Packet-Filtering Firewalls (Stateful)

Stateful packet-filtering firewalls operate on _____ and _____ of the OSI model.

A

Stateful packet-filtering firewalls operate on Layer 3 and Layer 4 of the OSI model.

4 -Transport:

Rather than look at individual packets, stateful firewalls examine the connection as whole, looking at streams of packets. They inspect the packets’ conversation and routing tables and use a combination of TCP handshake verification and packet inspection technology.

28
Q

Stateful firewalls can determine if a packet is:

A

Trying to establish a new connection, known as a NEW state.

Part of an existing connection, known as an ESTABLISHED state.

Is neither a new or existing connection, known as a rogue packet.

29
Q

Packet-Filtering Firewalls (Stateful) Advantages / Disadvantages

A

Advantages:
Offer transparent mode, which allows direct connections between clients and servers.

Disadvantages:
Are resource-intensive systems.

30
Q

Circuit-level firewalls operate at _____ of the OSI model.

A

Layer 5 - Session
Circuit-level firewalls operate at Layer 5 of the OSI model.

These firewalls only look at the header of a packet. Once the circuit is allowed to establish an end-to-end connection, all data is tunneled between parties.

31
Q

Circuit-level firewalls Advantages / Disadvantages

A

By verifying the three-way TCP handshake, they ensure that session packets are from legitimate sources.

Advantages:
Quickly and easily approve and deny traffic without consuming significant computing resources. Relatively inexpensive and provide anonymity to the private network.

Disadvantages:
Do not check the contents of the packet. If a packet contains malware but has the correct TCP information, the data is allowed to pass through.

32
Q

Proxy firewalls operate at _____ through _____ of the OSI model.

A

Proxy firewalls operate at Layer 3 through Layer 7 of the OSI model.

Proxy firewalls inspect the actual contents of the packet. It intercept all traffic on its way to its final destination., without the data source knowing. A connection is established to the proxy firewall, which inspects the traffic and forwards it if it’s determined to be safe, or drops it if it’s determined to be malicious

33
Q

True or False

Proxy firewalls create an extra layer of protection between the traffic source and its destination behind the network by obscuring the destination from the source creating an additional layer of anonymity and protection for the network.

A

True

34
Q

Application / Proxy Firewalls Advantages / Disadvantages

A

Advantages:
More secure than other implementations and provide simple log and file audit management for incoming traffic.

Disadvantages:
Resource intensive, requiring robust modern hardware and high costs. Bypassed with encryption.

35
Q

A _____ is a multifunctional firewall that provides stateless and stateful packet filtering.

A

A UFW is a multifunctional firewall that provides stateless and stateful packet filtering.

36
Q

True or False

UFW is most commonly used on networks

What’s the corresponding term?

A

False

UFW is most commonly used on hosts.

Host-based

37
Q

What is a drawback to using UFW?

A

Before firewall rules can be changed or modified, all firewall services must be stopped and restarted. This can be extremely disruptive to an organization’s operations.

38
Q

True or False

firewalld provides similar functionality to UFW but does
not require the disruption of services when implementing firewall services.

A

True

39
Q

firewalld uses the concept of _____ to divide network interfaces into groups of shared trust level.

A

Zones

firewalld uses the concept of zones to divide network interfaces into groups of shared trust level.

The zones are assigned sets of rules depending on the needs and restrictions of each zone’s interfaces.

40
Q

_____ is the industry-standard network scanner

A

Nmap

41
Q

Attackers can get the following from network scans:

A
  • Name and version of operating system (OS fingerprinting).
  • All open and closed ports.
  • All filtered ports (ports behind a firewall).
  • Types of services running on a specific port (service and daemon names).
  • Firewalking allows attackers to perform network analysis to determine which Layer 4 protocols a specific firewall allows.