CH12 Perimeter Security Flashcards

1
Q

What is Perimeter Security?

A

Security devices focused on the boundary between LAN and the WAN in your organization’s network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are teh 3 types of firewall?

A

Software, hardware, embedded

  1. Software – run as a piece of software on a host or a server.
  2. Hardware – standalone device that’s actually an appliance that’s installed into your network.
  3. Embedded – work as a single function out of many on a single device. (Small office, home office router or a unified threat management device) It’s one piece of the larger device that does many different functions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a firewall ?

A

Firewalls screen traffic between two portions of a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Packet Filtering?

A

inspects each packet passing through the firewall and accepts or rejects it based on the rules. (ex: only allowing port 80 and 443 inbound)

Two types of packet filtering : stateless and stateful

Stateless packet filtering – accept or reject packets based on the IP Address and the port number that was requested.

Stateful packet filtering – tracks the requests leaving the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is NAT Filtering ?

A

Filters traffic based upon the ports being utilized and type of connection. (TCP or UDP). Matches the incoming traffic to the requesting IP and matching the incoming traffic to the requesting IP address and port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is ALG ?

A

ALG = Application-Layer Gateway

ALG conducts an in-depth inspection based upon the application being used. This is going to apply security mechanisms to specific applications such as FDP or Telnet. Instead of deciding based on the port number, it will allow traffic that is meant for specific applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Circuit-level gateway ?

A

works at the session layer of the OSI model.

Only inspects the traffic during the establishment of the initial session over TPC or UDP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is MAC Filtering ?

A

filters out computers and prevent them from accessing beyond the firewall based on their MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What layers of OSI model does firewall operate on?

A

Most operate at Layer 3 (blocking IP addresses) and Layer 4 (blocking ports)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is WAF ?

A

WAF = Web Application Firewall

WAF is a firewall installed on a server. It provides traffic control in the data that’s being sent to and from your web application.

WAF can prevent threats like cross-site scripting (XSS) and SQL injection attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Proxy Server?

A

A device that acts as a middle man between a device and a remote server.

The proxy server allows the company to log everything that’s being requested, who made them, and to filter out things they don’t want you to access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are 4 types of proxies?

A

IP Proxy
Caching Proxy
Content Filter
Web Security Gateways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is IP Proxy ?

A

IP Proxy is used to secure a network by keeping its machines anonymous during web browsing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Caching Proxy?

A

Attempts to serve client requests by delivering content from itself without actually contacting the remote server. It keeps a copy of the target webpage from its cache to fulfill your request.

Disable Proxy Auto-Configuration (PAC) files for security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Internet Content Filter?

A

Used in organizations to prevent users from accessing prohibited websites and other content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Web Security Gateways?

A

a go-between device that scans for viruses, filters unwanted content, and performs data loss prevention functions

16
Q

What are Honeypots and Honeynets ?

A

used to attract and trap potential attackers

Honeypot – a single computer (or file, group of files, or IP range) that might be attractive to an attacker
Honeynet – a group of computers, servers, or networks used to attract an attacker.

Honeypots are normally used in security research

17
Q

What is DLP?

A

DLP = Data Loss Prevention

Systems designed to protect data by conducting content inspection of data being sent out of the network.

Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS).

Usually, these systems are installed as a network-based DLP or a Cloud-based DLP. Anytime an employees tries to send information outside of the domain through email, that email is flagged and they have to verify that they understand the data is being sent outside the company. DLP is used to ensure your private data remains withing your network, and that privacy of your confidential data remains private

18
Q

What is NIDS?

A

NIDS = Network Intrusion Detection Systems

NIDS attempts to detect, log, and alert on malicious network activities. NIDS use promiscuous mode to see all network traffic on a segment. It will not do anything to actually stop an attack from occurring. It will simply log and will let you know about it.

19
Q

What is NIPS?

A

NIPS = Network Intrusion Prevention Systems

NIPS attempts to inspect traffic and based on its configuration security policy, it can also remove, detain or redirect the malicious traffic.

NIPS should be installed in-line of the network traffic flow.

You will need to think about what’s going to happen if the device fails. Should it fail open? Or should it fail shut? Failing open is less secure. If you fail shut, the device is going to block all the traffic and your entire network will get denial of service.

NIPS can also perform functions as a protocol analyzer. It captures packets allowing admins to conduct analysis

20
Q

What is UTM?

A

UTM - Unified Threat Management

AKA, Next Generation Firewall (NGFW).

Combination of network security devices and technologies to provide more defense in depth within a single device as relying on a single firewall is not enough. It is a single device that combines many other devices and technologies into it.

UTM may include a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN