Chapter 15 - Supplement - Sheet1 Flashcards
Public Network
Network that everyone has access to
Private network
network that only select people (perhaps on an ACL) have access to
Network-Based Firewall
what companies use to protect their private network from
public networks. The defining characteristic of this type of firewall is that it’s designed
to protect an entire network of computers instead of just one system. Usually a combination of hardware and software
Host-based Firewall
implemented on a single
machine so it protects only that one machine. This type of firewall is usually a software
implementation
ACL
Access Control Lists. These reside on your routers and determine by IP addresses which machines are allowed to use those routers and in what direction
What types of attacks to ACLs mitigate against
IP address spoofing inbound, IP address spoofing outbound, DoS TCP SYN attacks, DoS Smurf attacks
How do ACLs mitigate against threats
Using TCP intercept to address DoS TCP SYN attacks, Filtering ICMP messages, inbound, Filtering ICMP messages, outbound, Filtering Traceroute
Standard ACLs
Use only the source IP address to determine allow/deny. Allowing a single IP address allows it to transmit any protocol, any port.
Extended ACLs
Make allow/deny decisions based on more than the source IP
Standard rules for ACLs
Deny any addresses from your internal networks to enter your internal network; Deny any local host addresses (127.0.0.0/8).; Deny any reserved private addresses.; Deny any addresses in the IP multicast address range (224.0.0.0/4).
Port security
Managing switch security (layer 2) to manage risk on internal networks.
2 examples of port security
Using MAC address filtering to ensure that only a specific address can use a specific port. Using MAC address filtering to ensure that only a group of MAC addresses can access a sensitive area of the network.
Packet Filtering
the ability of a router or a firewall to discard packets that don’t
meet the right criteria
dynamic packet filtering
Firewalls use dynamic packet filtering to ensure that the packets
they forward match sessions initiated on their private side by something called a dynamic
state list or state table, which keeps track of all communication sessions between stations
from inside and outside the firewall
Types of proxies
IP proxy, Web (HTTP) proxy, FTP Proxy, SMTP Proxy,
2 types of network layer firewalls
Statefull and Stateless
Stateless Packet Filter
a basic packet filter doesn’t care about whether the packet it
is examining is stand-alone or part of a bigger message stream. That type of packet filter
is said to be stateless. susceptible to various DoS attacks and IP spoofing
Advantage of stateless over statful firewall
Uses less memory
Stateful packet filtering
stateful firewall is one that keeps track of the various
data streams passing through it. If a packet that is a part of an established connection hits
the firewall, it’s passed through. New packets are subjected to the rules as specified in the
ACL
Firewall Scanning Services
Most firewalls are capable of performing scanning services, which means that they scan different
types of incoming traffic in an effort to detect problems. For example, firewalls can
scan incoming HTTP traffic to look for viruses or spyware, or they can scan email looking
for spam
IDS
Intrusion Detection System. keeps track of all activity on your network so you can see if
someone has been trespassing
2 ways IDS systems can detect attacks or intrusions
misuse-detection IDS (MD-IDS), anomaly-detection IDS (AD-IDS).
MD-IDS
The IDS sends up an alarm only if it recognizes
the fingerprints typical of attackers
AD-IDS
An AD-IDS basically watches for
anything out of the ordinary; if it discovers fingerprints where there shouldn’t be any, it will
send out an alert
2 common IDS implementations
Network-Based IDS (Most Common), Host-Based IDS
Well-known vulnerability scanners
NESSUS, NMAP (Network mapper)
Where can a DMZ be placed
A demilitarized zone (DMZ) can be located outside
a firewall, connected directly to the Internet. However, it can also be placed after the
firewall.
Which two levels of the OSI model can firewalls operate on?
Application, Network
Which level of the OSI model does port security on switches operate on?
Data Link
IPS
An intrusion prevention system (IPS) is like an IDS, but with two key differences.
First, it learns what is “normal” on the network and can react to abnormalities even if
they’re not part of the signature database. Second, it can issue an active response such as
shutting down a port, resetting connections, or attempting to lull the attacker into a trap.
Which type of security device employs a redirection device known as a honeypot?
IPS
Which type of firewall keeps track of existing connections passing through it?
Stateful
If you wanted to ensure that your firewall could block inflammatory email, which type
of service would you look for?
Content Filtering
A firewall’s list of rules that it uses to block traffic is called ___________________.
Access control list
If you wanted to allow remote access to 500 users, which type of device is recommended?
A VPN concentrator
If data from one of your subnets should be restricted from entering another subnet, the
subnets should be configured as different ___________________.
Security zones
What type of internal security is implemented at Layer 2?
port security
How does an ACL treat any traffic type by default?
Deny
What is a group of servers used to lure attackers called?
Honeypot
Logging, notification, and shunning are what types of reactions from what type of
security device?
Passive reactions from an IDS
