Chapter 15 - Supplement - Sheet1

Question 1

Public Network

Answer 1

Network that everyone has access to

Question 2

Private network

Answer 2

network that only select people (perhaps on an ACL) have access to

Question 3

Network-Based Firewall

Answer 3

what companies use to protect their private network from
public networks. The defining characteristic of this type of firewall is that it’s designed
to protect an entire network of computers instead of just one system. Usually a combination of hardware and software

Question 4

Host-based Firewall

Answer 4

implemented on a single
machine so it protects only that one machine. This type of firewall is usually a software
implementation

Question 5

ACL

Answer 5

Access Control Lists. These reside on your routers and determine by IP addresses which machines are allowed to use those routers and in what direction

Question 6

What types of attacks to ACLs mitigate against

Answer 6

IP address spoofing inbound, IP address spoofing outbound, DoS TCP SYN attacks, DoS Smurf attacks

Question 7

How do ACLs mitigate against threats

Answer 7

Using TCP intercept to address DoS TCP SYN attacks, Filtering ICMP messages, inbound, Filtering ICMP messages, outbound, Filtering Traceroute

Question 8

Standard ACLs

Answer 8

Use only the source IP address to determine allow/deny. Allowing a single IP address allows it to transmit any protocol, any port.

Question 9

Extended ACLs

Answer 9

Make allow/deny decisions based on more than the source IP

Question 10

Standard rules for ACLs

Answer 10

Deny any addresses from your internal networks to enter your internal network; Deny any local host addresses (127.0.0.0/8).; Deny any reserved private addresses.; Deny any addresses in the IP multicast address range (224.0.0.0/4).

Question 11

Port security

Answer 11

Managing switch security (layer 2) to manage risk on internal networks.

Question 12

2 examples of port security

Answer 12

Using MAC address filtering to ensure that only a specific address can use a specific port. Using MAC address filtering to ensure that only a group of MAC addresses can access a sensitive area of the network.

Question 13

Packet Filtering

Answer 13

the ability of a router or a firewall to discard packets that don’t
meet the right criteria

Question 14

dynamic packet filtering

Answer 14

Firewalls use dynamic packet filtering to ensure that the packets
they forward match sessions initiated on their private side by something called a dynamic
state list or state table, which keeps track of all communication sessions between stations
from inside and outside the firewall

Question 15

Types of proxies

Answer 15

IP proxy, Web (HTTP) proxy, FTP Proxy, SMTP Proxy,

Question 16

2 types of network layer firewalls

Answer 16

Statefull and Stateless

Question 17

Stateless Packet Filter

Answer 17

a basic packet filter doesn’t care about whether the packet it
is examining is stand-alone or part of a bigger message stream. That type of packet filter
is said to be stateless. susceptible to various DoS attacks and IP spoofing

Question 18

Advantage of stateless over statful firewall

Answer 18

Uses less memory

Question 19

Stateful packet filtering

Answer 19

stateful firewall is one that keeps track of the various
data streams passing through it. If a packet that is a part of an established connection hits
the firewall, it’s passed through. New packets are subjected to the rules as specified in the
ACL

Question 20

Firewall Scanning Services

Answer 20

Most firewalls are capable of performing scanning services, which means that they scan different
types of incoming traffic in an effort to detect problems. For example, firewalls can
scan incoming HTTP traffic to look for viruses or spyware, or they can scan email looking
for spam

Question 21

IDS

Answer 21

Intrusion Detection System. keeps track of all activity on your network so you can see if
someone has been trespassing

Question 22

2 ways IDS systems can detect attacks or intrusions

Answer 22

misuse-detection IDS (MD-IDS), anomaly-detection IDS (AD-IDS).

Question 23

MD-IDS

Answer 23

The IDS sends up an alarm only if it recognizes

the fingerprints typical of attackers

Question 24

AD-IDS

Answer 24

An AD-IDS basically watches for
anything out of the ordinary; if it discovers fingerprints where there shouldn’t be any, it will
send out an alert

Question 25

2 common IDS implementations

Answer 25

Network-Based IDS (Most Common), Host-Based IDS

Question 26

Well-known vulnerability scanners

Answer 26

NESSUS, NMAP (Network mapper)

Question 27

Where can a DMZ be placed

Answer 27

A demilitarized zone (DMZ) can be located outside
a firewall, connected directly to the Internet. However, it can also be placed after the
firewall.

Question 28

Which two levels of the OSI model can firewalls operate on?

Answer 28

Application, Network

Question 29

Which level of the OSI model does port security on switches operate on?

Answer 29

Data Link

Question 30

IPS

Answer 30

An intrusion prevention system (IPS) is like an IDS, but with two key differences.
First, it learns what is “normal” on the network and can react to abnormalities even if
they’re not part of the signature database. Second, it can issue an active response such as
shutting down a port, resetting connections, or attempting to lull the attacker into a trap.

Question 31

Which type of security device employs a redirection device known as a honeypot?

Answer 31

IPS

Question 32

Which type of firewall keeps track of existing connections passing through it?

Answer 32

Stateful

Question 33

If you wanted to ensure that your firewall could block inflammatory email, which type
of service would you look for?

Answer 33

Content Filtering

Question 34

A firewall’s list of rules that it uses to block traffic is called ___________________.

Answer 34

Access control list

Question 35

If you wanted to allow remote access to 500 users, which type of device is recommended?

Answer 35

A VPN concentrator

Question 36

If data from one of your subnets should be restricted from entering another subnet, the
subnets should be configured as different ___________________.

Answer 36

Security zones

Question 37

What type of internal security is implemented at Layer 2?

Answer 37

port security

Question 38

How does an ACL treat any traffic type by default?

Answer 38

Deny

Question 39

What is a group of servers used to lure attackers called?

Answer 39

Honeypot

Question 40

Logging, notification, and shunning are what types of reactions from what type of
security device?

Answer 40

Passive reactions from an IDS