CH12 Perimeter Security

Question 1

What is Perimeter Security?

Answer 1

Security devices focused on the boundary between LAN and the WAN in your organization’s network

Question 2

What are teh 3 types of firewall?

Answer 2

Software, hardware, embedded

1. Software – run as a piece of software on a host or a server.
2. Hardware – standalone device that’s actually an appliance that’s installed into your network.
3. Embedded – work as a single function out of many on a single device. (Small office, home office router or a unified threat management device) It’s one piece of the larger device that does many different functions

Question 2

What is a firewall ?

Answer 2

Firewalls screen traffic between two portions of a network

Question 3

What is Packet Filtering?

Answer 3

inspects each packet passing through the firewall and accepts or rejects it based on the rules. (ex: only allowing port 80 and 443 inbound)

Two types of packet filtering : stateless and stateful

Stateless packet filtering – accept or reject packets based on the IP Address and the port number that was requested.

Stateful packet filtering – tracks the requests leaving the network.

Question 4

What is NAT Filtering ?

Answer 4

Filters traffic based upon the ports being utilized and type of connection. (TCP or UDP). Matches the incoming traffic to the requesting IP and matching the incoming traffic to the requesting IP address and port

Question 5

What is ALG ?

Answer 5

ALG = Application-Layer Gateway

ALG conducts an in-depth inspection based upon the application being used. This is going to apply security mechanisms to specific applications such as FDP or Telnet. Instead of deciding based on the port number, it will allow traffic that is meant for specific applications.

Question 6

What is Circuit-level gateway ?

Answer 6

works at the session layer of the OSI model.

Only inspects the traffic during the establishment of the initial session over TPC or UDP.

Question 7

What is MAC Filtering ?

Answer 7

filters out computers and prevent them from accessing beyond the firewall based on their MAC address

Question 8

What layers of OSI model does firewall operate on?

Answer 8

Most operate at Layer 3 (blocking IP addresses) and Layer 4 (blocking ports)

Question 9

What is WAF ?

Answer 9

WAF = Web Application Firewall

WAF is a firewall installed on a server. It provides traffic control in the data that’s being sent to and from your web application.

WAF can prevent threats like cross-site scripting (XSS) and SQL injection attacks

Question 10

What is Proxy Server?

Answer 10

A device that acts as a middle man between a device and a remote server.

The proxy server allows the company to log everything that’s being requested, who made them, and to filter out things they don’t want you to access

Question 11

What are 4 types of proxies?

Answer 11

IP Proxy
Caching Proxy
Content Filter
Web Security Gateways

Question 12

What is IP Proxy ?

Answer 12

IP Proxy is used to secure a network by keeping its machines anonymous during web browsing

Question 13

What is Caching Proxy?

Answer 13

Attempts to serve client requests by delivering content from itself without actually contacting the remote server. It keeps a copy of the target webpage from its cache to fulfill your request.

Disable Proxy Auto-Configuration (PAC) files for security

Question 14

What is Internet Content Filter?

Answer 14

Used in organizations to prevent users from accessing prohibited websites and other content

Question 15

What is Web Security Gateways?

Answer 15

a go-between device that scans for viruses, filters unwanted content, and performs data loss prevention functions

Question 16

What are Honeypots and Honeynets ?

Answer 16

used to attract and trap potential attackers

Honeypot – a single computer (or file, group of files, or IP range) that might be attractive to an attacker
Honeynet – a group of computers, servers, or networks used to attract an attacker.

Honeypots are normally used in security research

Question 17

What is DLP?

Answer 17

DLP = Data Loss Prevention

Systems designed to protect data by conducting content inspection of data being sent out of the network.

Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS).

Usually, these systems are installed as a network-based DLP or a Cloud-based DLP. Anytime an employees tries to send information outside of the domain through email, that email is flagged and they have to verify that they understand the data is being sent outside the company. DLP is used to ensure your private data remains withing your network, and that privacy of your confidential data remains private

Question 18

What is NIDS?

Answer 18

NIDS = Network Intrusion Detection Systems

NIDS attempts to detect, log, and alert on malicious network activities. NIDS use promiscuous mode to see all network traffic on a segment. It will not do anything to actually stop an attack from occurring. It will simply log and will let you know about it.

Question 19

What is NIPS?

Answer 19

NIPS = Network Intrusion Prevention Systems

NIPS attempts to inspect traffic and based on its configuration security policy, it can also remove, detain or redirect the malicious traffic.

NIPS should be installed in-line of the network traffic flow.

You will need to think about what’s going to happen if the device fails. Should it fail open? Or should it fail shut? Failing open is less secure. If you fail shut, the device is going to block all the traffic and your entire network will get denial of service.

NIPS can also perform functions as a protocol analyzer. It captures packets allowing admins to conduct analysis

Question 20

What is UTM?

Answer 20

UTM - Unified Threat Management

AKA, Next Generation Firewall (NGFW).

Combination of network security devices and technologies to provide more defense in depth within a single device as relying on a single firewall is not enough. It is a single device that combines many other devices and technologies into it.

UTM may include a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN