8 - 3: Network Security Devices

Question 1

Switches

Answer 1

Connect devices to the network

Question 2

Wireless Access Points

Answer 2

Connect to switches to create Wi-fi networks

Question 3

Switches operate at _____ of the OSI model

Answer 3

Level 2: data. MAC addresses only

Question 4

If a switch happens to operate at level _ of the OSI model, it can _____

Answer 4

3, interpret IP addresses

Question 5

Routers

Answer 5

Aggregate network traffic going to or from large networks

Question 6

Router functions

Answer 6

Intelligently management packets, provide security by maintaining an access control list

Question 7

Stateless inspection

Answer 7

Restricting network traffic without regard to connection state

Question 8

Bridges

Answer 8

Simply connect two networks together

Question 9

Firewalls

Answer 9

Determine if connections should be allowed based on security policy

Question 10

Firewalls often sit at:

Answer 10

The perimeter between routers and the internet

Question 11

Stateless inspection (firewalls)

Answer 11

Inspecting packets as they came through the firewall, highly inefficient and had no historical data

Question 12

DMZ

Answer 12

accepts external communications and isolates them from internal networks

Question 13

Stateful inspections

Answer 13

Monitor active connections, where the firewall monitors packet traffic for the duration of the connection

Question 14

Firewall rule contents

Answer 14

1) Source System Address, 2) Destination System Address 3) Destination Port and Protocol 4) allow/deny action

Question 15

Default/Implicit deny

Answer 15

If a request does not align to a rule, it is automatically denied

Question 16

NGFW

Answer 16

Next Generation Firewall, uses a lot of contextual information in making decisions

Question 17

Other firewall roles

Answer 17

Network Address Translation, content/URL filtering, Web Application Firewall

Question 18

Web Application Firewall

Answer 18

A specialized firewall that blocks website content including HTML elements, SQL forms, outdated media, etc.

Question 19

Network firewalls

Answer 19

Physical devices

Question 20

Host-based firewalls

Answer 20

Software Apps or OS components that reside on a server

Question 21

Advantage to using both firewall types

Answer 21

Achieves defense in depth

Question 22

Proxy servers

Answer 22

Connect to a websites on a users’ behalf and is in the middle of a server/client connection

Question 23

Proxy security benefits

Answer 23

1) Anonymity - only captures proxy server name 2) Performance - proxy server caches frequent pages 3) Content filtering - the proxy server itself can filter content on visited pages

Question 24

Forward proxies

Answer 24

Work on behalf of clients, web servers are not aware they are communicating with a proxy

Question 25

Reverse proxies

Answer 25

Work on behalf of servers sitting on a remote network, receiving client requests, passing them on to a proxy, then eventually on to the web server itself

Question 26

Transparent proxies

Answer 26

Work without either client or servers’ knowledge. Causes some errors with TLS encryption

Question 27

Load balancers

Answer 27

Scale network traffic to meet demand by answering which servers will answer what demands

Question 28

Virtual IP address

Answer 28

The address where a load balancer receives requests before deciding how to answer

Question 29

Autoscaling

Answer 29

Automatically adding more servers to answer demand

Question 30

Load balancer security roles

Answer 30

SSL certificate management, URL filtering, web application functions

Question 31

Round-Robin load balancing

Answer 31

The load balancer rotates through a pool of available servers giving each an equal load. Not the best as not all servers are equal.

Question 32

Advanced Scheduling Algorithms

Answer 32

Distribute requests based an algorithm accounting for performance, current load

Question 33

Session persistence

Answer 33

Routing an individual’s requests to the same server using the regular scheduling algorithm

Question 34

Load balancer caution

Answer 34

Can be a single point of failure, keep them in high availability mode

Question 35

Load balancer approaches

Answer 35

Active-Active: 2 balancers running continuously

Active-Passive: 1 balancer running, 1 in a backup. Monitors sessions and is ready to go if the first fails

Question 36

VPN roles

Answer 36

Connect remote locations to each other, connect remote users to locations. Significant encryption resource use

Question 37

VPN mechanism

Answer 37

Creates a tunnel encrypting incoming traffic and decrypting outcoming traffic.

Question 38

VPN endpoints

Answer 38

Firewall, router, server, dedicated concentrator

Question 39

IPsec

Answer 39

Internet Protocol Security, an earlier method of creating VPN tunnels at the network OSI layer, typically for site-to-site tunnels

Question 40

L2TP

Answer 40

Layer 2 Tunneling Protocol - a protocol IPsec supports

Question 41

Remote user VPNs

Answer 41

Typically use port SSL/TLS encryption on port 443

Question 42

HTML5 VPN

Answer 42

Web based interface which makes use of internal network resources and proxies for VPN connections entirely within a web browser

Question 43

Full-tunnel VPN

Answer 43

All traffic is routed through the tunnel, regardless of its destination

Question 44

Split-tunnel VPN

Answer 44

Only traffic intended for the organization is routed through the VPN tunnel. Recommended against because even though they conserve bandwidth, they may confuse users as they are not technically always secure

Question 45

Always-on VPN

Answer 45

Devices connect to a VPN at boot

Question 46

Intrusion detection

Answer 46

Monitors network traffic for potentially malicious traffic and alerts administrators

Question 47

Intrusion prevention

Answer 47

Monitors network traffic for potentially malicious traffic and automatically blocks when detected

Question 48

False positive

Answer 48

Alerted to a threat that did not take place

Question 49

False negative

Answer 49

An event took place but was not alerted

Question 50

Signature-based detection

Answer 50

Screens activity against a database of actions, as signatures. AKA rule-based detection

Question 51

Anomaly detection

Answer 51

Develops a model of what is baseline or normal behavior, then checks network activity against that baseline

Question 52

IDS/IPS systems are at ____ level

Answer 52

Application / OSI level 7

Question 53

Anomaly detection is AKA

Answer 53

Behavior detection or heuristic detection

Question 54

In-band / inline deployment

Answer 54

IPS sits directly on the network path and all communications must pass through it. Raises risk of, if the inline IPS fails, it could disrupt all network communications

Question 55

Out-of-band

Answer 55

IPS sits outside the flow of network traffic, connected to a SPAN port on a switch allowing it to receive copies of traffic sent through the network. AKA passive mode, because it can react by sending block commands for future communications but cannot stop them while they happen

Question 56

Protocol analyzers

Answer 56

Allow looking at individual packets traveling through a network

Question 57

Wireshark

Answer 57

A widely used, free protocol analyzer

Question 58

tcpdump

Answer 58

A command-line protocol analyzer

Question 59

tcpreplay

Answer 59

A command-line tool that allows editing and replaying packet captures

Question 60

Unified Threat Management

Answer 60

A device that combines all security services into a single unit. Don’t usually perform SSL termination