Chapter 9: Firewalls and Intrusion Detection Flashcards
When it comes to defense against attacks, one of the most important principles is what?
A. Authorization
B. Authentication
C. Defense-in-Depth
D. Time
Answer: C
Source: Defense-in-Depth Lecture
Firewalls are typically what type of mechanism?
A. Prevention
B. Botnet
C. Attack
D. None of the Above
Answer: A
Source: Defense-in-Depth Lecture
(T/F) The firewall will enforce different security restrictions on traffic
Answer: True
Source: What is a Firewall
A ______ is a device that provides secure connectivity between networks
A. Enterprise Intranet
B. Trusted Users
C. Firewall
D. DMZ
Answer: C
Source: What is a Firewall
Firewalls as a prevention mechanism should be designed to enforce what?
A. User Safety
B. Security Policy
C. Organizational Policy
D. Public Key Infrastructure
Answer: B
Source: Firewall
(T/F) All traffic from internal network to the internet and vice versa (external and out of network) must pass through the firewall
Answer: True
The critical component of planning and implementation of a firewall is specifying a suitable _______ policy
A. Security
B. Access
C. Network
D. Directory
Answer: B
Source: Firewall Access Policy
At a high level the types of traffic that are allowed through the access policy is what?
A. Address Ranges (machines, protocols, applications, and content)
B. IPSEC & TLS
C. Intranet
D. Defense in Depth
Answer: A
Source: Firewall Access Policy
(T/F) A policy should not be developed based on the security and risk assessment/organizational needs but how the CEO thinks it should be
Answer: False
It should be based on what the whole organization needs
(T/F) Firewalls always provide protection 100% of the time
Answer: False
No firewall is 100% secure
(T/F) Firewalls can log all traffic and can provide Network Address Translation
Answer: True
What is firewall filtering?
A. Is when policies are defined for a firewall
B. When firewalls authenticate users into the system
C. When firewalls decide whether to let traffic in or not
D. When firewalls decide to allow for defense in depth strategy
Answer: C
(T/F) Packet filtering at a very high level is essentially a policy that has a set of access control lists based on packet types
Answer: True
Session filtering is based on the context within a session. In order to do this a firewall maintains a session or connection and performs a ________
A. Traffic Block
B. Stateful Inspection
C. DMZ Re-Route
D. Virtual Switch
Answer: B
(T/F) In a packet filtering firewall, decisions are made on a per-packet basis and not other packets
Answer: True
(T/F) The packet filtering firewall applies a list of rules to match the IP or TCP header of a packet. Based on the rules, it matches the firewall and then decides to forward or discard the pack.
Answer: True
What are the weaknesses to packet filtering?
A. Limited Logging Functionality
B, Vulnerable to attacks that take advantage of TCP/IP
C. Can’t prevent attacks that employ application specific vulnerabilities or functions
D. Packet filter firewalls are susceptible to security breaches if improperly configured
E. All of the above
Answer: E
Packet Filtering Firewall Countermeasures are all of the following except…
A. IP Address Spoofing
B. Source Routing Attacks
C. Tiny Fragment Attack
D. Stateful Inspection Attack
Answer: D
(T/F) Firewalls can only be a single computer system
Answer: False
They can be a set of two or more systems
The goals of a firewall are all of the following except…
A. All traffic from inside to outside and vice versa must pass thru the firewall
B. Only authorized traffic as defined by the local security policy is allowed to pass
C. Only unauthorized users are defined by the local security policy and will be allowed to pass
D. The firewall is immune to penetration
Answer: C
A firewall itself is immune to penetration IF a hardened system with a secured operating system is used
(T/F) A major component in the planning and implementation of a firewall is specifying an access policy
Answer: True
A firewall access policy would use which of the following to filter traffic?
A. IP Address and Protocol Values B. Application Protocol C. User Identity D. Network Activity E. All of the above
Answer: E
Text p. 290-291
The following are all in the scope of a firewall except which?
A. Firewalls are a single choke point that attempts to keep unauthorized users out of the network, prohibit potential vulnerable services from entering or leaving the network and provide protection from various kinds of IP spoofing or routing attacks
B. Firewalls provide a location for monitoring security-related events
C. Firewalls fully protect against internal threats which include disgruntled employees
D. Firewalls allow for several internet functions that are not security related also to happen such as Network Address Translators and Network management function
E. A firewall can serve as a platform for IPSec. Firewalls can be used to implement VPN’s as well
Answer: C
(T/F) A web proxy is a form of application-level gateway
Answer: True