chapter15 Flashcards
what are firewalls?
529
they are a combination of hardware and software, the hardware [part is a router, computer or a black box.
the software part is responsible for packets filtering.
network based firewall:
530
it protect a network of computers, normally used in big companies.
it is a combination of software and hardware.
Host based firewall:
530
it is Implemented on a single computer and it protect only that computer.
it is a software firewall.
what do Access control lists do?
531
they are sets of rules used by the firewall to determines which traffic can pass through it.
2 main types of ACL what are they?
532
Standard ACL and Extended ACL.
Standard ACL:
532
it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic.
Extended ACL:
533
Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.
evaluat haders
what is DMZ?
534
DeMilitarized Zone and acts as a buffer area between outside users (the internet) and a private (local or wide area network) server. DMZs accepts internet traffic such as DNS, FTP and Web servers and email server.
DMZ can be placed outside of the firewall or inside which mean between the firewall and the network.
what is a proxy server?
538
A Proxy server is an intermediary machine, between a client ( internal host) and the actual server ( external hosts), which is used to filter or cache requests made by the client.
what are some types of proxy server?
539
IP proxy
web proxy
FTP proxy
SMTP proxy
IP proxy
539
- it hide the IP addresses of all the devices on the internal network by exchanging its IP address for the address of any station.
- they are called network address translation ( NAT )
web proxy
539
also called HTTP proxy, it processes HTTP requests on behalf of the sending workstation.
- when the requested page is returned the proxy server caches a copy of it locally for next use.
- it increase the network security by filtering out content.
FTP proxy
540
FTP (File Transfer Protocol) is used to send files from one computer to a different computer. The FTP server can be a resource that keeps files on the same network or on a different network.
SMTP proxy
540
use the SMTP-proxy to control email messages and email content. The proxy scans SMTP messages for any unsecure materials and block it.
stateful Network layer firewall:
541
it keeps track of the established connection passing through it, so when another packet is received that is part of a current state that packet is passed without checking the ACL
stateless network layer firewall:
541
it is a basic packet filtering, it examines each packet individually that means that it does not care whether the packet is a stand- alone or part of bigger message stream.
stateful firewalls are more powerful and secure then a stateless firewall. T/F
542
True
application layer firewall:
542
they work at the application layer, they work by inspecting more then just data in the IP header, they will know if the packet is FTP, SNMP, HTTP or any other protocol.
they are slower then the network layer firewalls.
port security
533
we use port security to maintain security between users in the same network, that mean that the security is on the switch on the layer 2 ( MAC addresses )
physical security:
554
physical barriers network closets Video monitoring door access control biometrics security gared
physical barriers
555
is keeping people from physically getting into your equipment.
the data layer should have more the one form of security, it should have 3 barrier, we call that multiple barrier system.
what does IDS do?
548
Intrusion Detection System inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
network based IDS ( NIDS )
549
it is the most common implementation of IDS, it is a separate device attached to the network via switch or tap
IPS intrusion protection system
549
when an IDS move to prevent an attack it is a reactive system or IPS
there are 3 types of IPS, what are they?
549-550
- changing network configuration
- terminating sessions
- deceiving the attack
changing network configuration
549
if an attack come through a port, the IDS clos the port for 60 seconds.
terminating sessions
550
the IDS will force all sessions to close and restart
deceiving the attack
550
it tricks the bad gay into thinking their attack is really working when it is not,for that we use some thing called honeypot which is a server or access points, to which the hacker is directed, it keep them long enough to gather more information of them and their attack method so it can prevent another attack.
host-based IDS ( HIDS )
551
the software run on one computer to detect abnormalities on that system alone.
vulnerability:
551
A vulnerability is a security weakness in a software program that puts the program or computer at risk of malicious programs and users.
vulnerability scanners
551
it is used to verify the proper application of some ACLs to a firewall.
2 of the most known and effective programs that are used for vulnerability scanner, what are they?
551
_Nessus
_NMAP
Nessus:
551
it operates by performing a port scan and then follows up with more specific tests.
NMAP
552
network mapper can be used from the command line and it can be used with web based interfaces to be controlled remotely.
