4.5 Flashcards
Firewalls, web filtering, operating system security, secure protocols, email security, monitoring data, endpoint security
A network device that sits inline in the network and makes decisions about whether traffic should be allowed or disallowed.
Firewall
Traditional firewalls operate based on ____
Ports
NGFWs operate based on ____
Applications AND ports
True/False
Firewalls can be used as VPN concentrators that can encrypt/decrypt traffic
They can also perform routing services, like NAT and dynamic routing
True
Most firewall rules start from the ____ of the rule base and go to the ____.
This also means that firewall rules start more ____ and become more ____.
Top-to-bottom
Specific; broad/generic
Most firewalls include an ____ at the bottom of the rule base. That means that if a packet did not match any of the rules, it will be dropped.
Implicit deny
A rule base/policy list in a firewall is also described as
ACL
A part of the network that holds devices and services meant to be accessible to the internet. It does not contain any sensitive corporate data.
It is separated from the internal network so as to prevent attackers from gaining access to confidential data.
Screened subnet
AKA DMZ
Screened subnet is AKA
DMZ
IPS is often included in an ____
NGFW
2 ways that an IPS identifies malicious traffic
Signature-based
Anomaly-based
When an IPS tries to identify malicious traffic based on signatures, what is it looking for?
Perfect matches to known-bad code
When an IPS tries to identify malicious traffic based on anomalous behavior, what is it looking for? (2)
Deviations from baselines
Pattern detection of malicious traffic
Technology that controls traffic based on data within the content (web sites, files, etc.)
Content filtering
Technology that allows or restricts access based on a URL
URL scanning
URL stands for
Uniform Resource Locator
URL is AKA
URI
URI stands for
Uniform Resource Identifier
URL scanning is often integrated into an ____
NGFW
A content filter that is installed as software on the user’s device
Agent-based
Why would content filter agents be installed on a user’s device, instead of existing only on the network’s firewall?
Many people work from home or travel for work. They will not always be in the corporate network that has the content filter.
4 features of proxies other than NAT
Caching
Access control - limits which devices can communicate with the internet
URL filtering
Content scanning
Forward proxy is AKA
Internal proxy
A proxy that requires some configuration to let applications know how to use it
Explicit proxy
A proxy that requires no configuration with applications
Transparent proxy
Content/URL filters can filter based on content, FQDN, and ____
Reputation/risk
Trustworthy to high risk
2 ways to assign a reputation to a website for the use of a content/URL filter
Automated reputation - site is scanned and assigned a rep based on the content
Manual reputation - manager can assign a rep
A method of performing content filtering without a content/URL filter, NGFW, or firewall.
DNS filtering
How does DNS filtering work?
Real-time threat intelligence is constantly being updated. Administrators can configure the DNS server to not provide the user with the IP address of known-bad FQDNs.
What is one positive of using DNS filtering?
It does not work with just web pages.
If malware on a device is attempting to connect with a known-bad C2 server, the DNS server will block that.
A database containing all of the components of your network - computers, user accounts, file shares, printers, groups, etc.
It authenticates users, centralizes access control, and can perform administrative tasks like resetting passwords and removing accounts.
This solution is primarily Windows-based.
Active Directory
Security policies that enforce configuration settings and permissions for groups or individual users and devices.
Group Policy