Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Soen321 Extra > 8. Firewalls, IDS, DDoS > Flashcards

8. Firewalls, IDS, DDoS Flashcards

1
Q

Name 2 Firewall goals

A

Provide defense in depth by:
1. Blocking attacks against hosts and services
2. Control traffic between zones of trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of firewall placement protects the whole network?

A

Network-based firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A host-based firewall is faithful to local configuration

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In the context of a TCP handshake, it’s possible to have a SYN/ACK packet without an originating SYN

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe a state holding attack

A

An attacker flooding Syn’s without Acknowledgments to a firewall under stateful TCP policy, causing an exhaustion of resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the DMZ

A

A security layer between internal network and external network (internet).
E.g. company may have a web server in DMZ to give customers access from the internet, but web server can’t directly access internal database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can Signature based IDS detect zero-based attacks? They have … false positive rate.

A

No they cannot. Low false positive rate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Can Anomaly based IDS detect zero-based attacks? They have … false positive rate.

A

Yes they can. High false positive rate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do Signature based IDS flag potential threats?

A

Detects intrusions by comparing incoming data to database of known patterns or signatures of malicious activity. Requires frequent updates to db to remain effective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do Anomaly based IDS flag potential threats?

A

By identifying deviations from normal network behaviour. Established a baseline of what ‘normal’ traffic looks like and flags significantly different activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If IDS received 1000000 packets where 20 were intrusions. What is the intrusion rate?

A

20/1000000 =0.00002

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What would be the most important characteristic of a Firewall amongst effectiveness, security, transparency, expressiveness, efficiency and ease of use?

A

Efficiency (otherwise user’s won’t want to have it on their device)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What’s a DNS amplification attack?

A
  1. Send DNS query (60 bytes question)
  2. Spoof IP source address
  3. DNS server responds to target with large reply (3k bytes answer)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

‘DNS amplification’ style attack may also go to … server

A

Network time protocol (NTP) server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is comically considered the worst DDoS amplifier on the internet?

A

DNSSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is DNSSEC’s main goal?

A

Authentication and integrity of DNS requests and responses

17
Q

Most attacks are due to social engineering.

A

True

Soen321 Extra (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions