Chapter 15 Flashcards
is used to create a security zone that allows public traffic but the traffic is isolated from the company private network. p528
demilitarized zone (DMZ)
this type of firewall is that it’s designed to protect an entire network of computers instead of just one system, and it’s usually a combination of hardware and software. p530
network-based firewall
This type of firewall is usually a software implementation, because you don’t need any additional hardware in your personal computer to run it. p530
host-based firewall
The first line of defense for any network that’s connected to the Internet is what we call? p531
access control lists (ACLs)
an ACL applied to a protocol is referred to as a what? p532
distribution list
what are the two types of ACLs.p532-33
Standard ACLs
Extended ACLs
what is a standard ACLs p532
These use only the source IP address in an IP packet as the condition test, so all decisions regarding a packet will be based on the source IP address.
what is a extended ACLs p533
Extended ACLs go the distance and evaluate lots of the other fields in the Layer 3 and 4 headers of an IP packet.
what does the Inbound ACLs do. p533
When an ACL is applied to inbound packets on an interface, those packets are processed through the ACL before being routed to the outbound interface. Any packets that are denied won’t be routed because they’ll be discarded before the routing process is completed.
what does the Outbound ACLs do. p533
When an ACL is applied to outbound packets on an interface, those packets are routed to the outbound interface and then processed through the ACL before being queued.
protects data on the inside of a firewall; and because TCP/IP is what the Internet runs on, most external attacks take direct aim at this protocol stack. p534
Protocol switching
Firewalls use dynamic packet filtering to ensure that the packets they forward match sessions initiated on their private side by something called a _______ or _______ which keeps track of all communication sessions between stations from inside and outside the firewall. p537
dynamic state list
state table
what is a proxy services. p538
an internal client sends a request to an external host on the Internet. That request will get to the proxy server first, where it will be examined, broken down, and handled by an application that will create a new packet requesting information from the external server.
what are some the proxy server types. p539-40
IP proxy
Web (HTTP) proxy
FTP proxy
SMTP proxy
what does an IP proxy do. p539
An IP proxy hides the IP addresses of all the devices on the internal network by exchanging its IP address for the address of any requesting station.
what does an web HTTP proxy do. p539
Web proxies, also called HTTP proxies, handle HTTP requests on behalf of the sending workstation. When these are implemented correctly, a client’s web browser asks a web server on the Internet for a web page using an HTTP request.
what does an FTP proxy do. p540
FTP proxies handle the uploading and downloading of files from a server on behalf of a workstation.
what does an SMTP proxy do. p540
Any packets or messages that contain material that is not considered secure can be blocked. Many SMTP proxies allow network virus protection software to scan inbound mail.
means that they scan different types of incoming traffic in an effort to detect problems. p 542
scanning services
Skips scanning of files larger than 50MB; can also enable deferred scanning p543
Web HTTP and FTP
Cleans emails or attachments containing malware, and attaches a notification that the malware was deleted p543
Mail SMTP
Scans all scannable files in the email
Rejects all messages larger than 15MB p543
Mail SMTP and POP3
what is content filtering p544
Content filtering is very closely related to scanning services, and on Cisco routers it’s also provided by the CSC SSM. Specifically, content filtering means blocking data based on the content of the data rather than the source of the data. Most commonly, this is used to filter email and website access.
what is an signature identification p544
is uses that are known will have a signature, which is a particular pattern of data, within them. Firewalls (and antivirus programs) can use signatures to identify a virus and remove it.
what is Zones p545
zone is an individual area of the network that has been configured with a specific trust level. Firewalls are ideal devices to regulate the flow of traffic between zones.
An intrusion detection system does replace a firewall on your network. T/F p548
false/ does not
An intrusion detection system can detect attacks within encrypted traffic. T/F p548
False/ it can’t detect attacks
There are two ways IDSs can detect attacks or intrusions. p548
MD-IDS/ it works by looking for fingerprints.
AD-IDS/ basically watches for anything out of the ordinary
When an IDS moves to prevent an attack it’s often called a reactive system or an __________. p549
Intrusion protection system (IPS)
What are the three common active responses. p549
Changing Network Configuration
Terminating Sessions
Deceiving the Attacker
What is a Host-Based IDS (HIDS) p 551
software runs on one computer to detect abnormalities on that system alone by monitoring applications, system logs and event logs not by directly monitoring network traffic.
What is an Nessus p551
Is a propriety vulnerability scanning program that requires a license to use commercially yet is the single most popular scanning program in use.
What is an VPN Concentrators p552
Is a device that create remote access for virtual private networks VPNs either for users logging in remotely or for a large site-to-site VPN.
What are Critical Nodes p562
Are individual systems or groups of systems without which the organization cannot operate.The process of identifying these system should begin with prioritization of the business processes that each supports.
