chapter15

Question 1

what are firewalls?

529

Answer 1

they are a combination of hardware and software, the hardware [part is a router, computer or a black box.
the software part is responsible for packets filtering.

Question 2

network based firewall:

530

Answer 2

it protect a network of computers, normally used in big companies.
it is a combination of software and hardware.

Question 3

Host based firewall:

530

Answer 3

it is Implemented on a single computer and it protect only that computer.
it is a software firewall.

Question 4

what do Access control lists do?

531

Answer 4

they are sets of rules used by the firewall to determines which traffic can pass through it.

Question 5

2 main types of ACL what are they?

532

Answer 5

Standard ACL and Extended ACL.

Question 6

Standard ACL:

532

Answer 6

it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic.

Question 7

Extended ACL:

533

Answer 7

Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.
evaluat haders

Question 8

what is DMZ?

534

Answer 8

DeMilitarized Zone and acts as a buffer area between outside users (the internet) and a private (local or wide area network) server. DMZs accepts internet traffic such as DNS, FTP and Web servers and email server.
DMZ can be placed outside of the firewall or inside which mean between the firewall and the network.

Question 9

what is a proxy server?

538

Answer 9

A Proxy server is an intermediary machine, between a client ( internal host) and the actual server ( external hosts), which is used to filter or cache requests made by the client.

Question 10

what are some types of proxy server?

539

Answer 10

IP proxy
web proxy
FTP proxy
SMTP proxy

Question 11

IP proxy

539

Answer 11

• it hide the IP addresses of all the devices on the internal network by exchanging its IP address for the address of any station.
• they are called network address translation ( NAT )

Question 12

web proxy

539

Answer 12

also called HTTP proxy, it processes HTTP requests on behalf of the sending workstation.

• when the requested page is returned the proxy server caches a copy of it locally for next use.
• it increase the network security by filtering out content.

Question 13

FTP proxy

540

Answer 13

FTP (File Transfer Protocol) is used to send files from one computer to a different computer. The FTP server can be a resource that keeps files on the same network or on a different network.

Question 14

SMTP proxy

540

Answer 14

use the SMTP-proxy to control email messages and email content. The proxy scans SMTP messages for any unsecure materials and block it.

Question 15

stateful Network layer firewall:

541

Answer 15

it keeps track of the established connection passing through it, so when another packet is received that is part of a current state that packet is passed without checking the ACL

Question 16

stateless network layer firewall:

541

Answer 16

it is a basic packet filtering, it examines each packet individually that means that it does not care whether the packet is a stand- alone or part of bigger message stream.

Question 17

stateful firewalls are more powerful and secure then a stateless firewall. T/F
542

Answer 17

True

Question 18

application layer firewall:

542

Answer 18

they work at the application layer, they work by inspecting more then just data in the IP header, they will know if the packet is FTP, SNMP, HTTP or any other protocol.
they are slower then the network layer firewalls.

Question 19

port security

533

Answer 19

we use port security to maintain security between users in the same network, that mean that the security is on the switch on the layer 2 ( MAC addresses )

Question 20

physical security:

554

Answer 20

physical barriers
network closets
Video monitoring
door access control
biometrics
security gared

Question 21

physical barriers

555

Answer 21

is keeping people from physically getting into your equipment.
the data layer should have more the one form of security, it should have 3 barrier, we call that multiple barrier system.

Question 22

what does IDS do?

548

Answer 22

Intrusion Detection System inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

Question 23

network based IDS ( NIDS )

549

Answer 23

it is the most common implementation of IDS, it is a separate device attached to the network via switch or tap

Question 24

IPS intrusion protection system

549

Answer 24

when an IDS move to prevent an attack it is a reactive system or IPS

Question 25

there are 3 types of IPS, what are they?

549-550

Answer 25

• changing network configuration
• terminating sessions
• deceiving the attack

Question 26

changing network configuration

549

Answer 26

if an attack come through a port, the IDS clos the port for 60 seconds.

Question 27

terminating sessions

550

Answer 27

the IDS will force all sessions to close and restart

Question 28

deceiving the attack

550

Answer 28

it tricks the bad gay into thinking their attack is really working when it is not,for that we use some thing called honeypot which is a server or access points, to which the hacker is directed, it keep them long enough to gather more information of them and their attack method so it can prevent another attack.

Question 29

host-based IDS ( HIDS )

551

Answer 29

the software run on one computer to detect abnormalities on that system alone.

Question 30

vulnerability:

551

Answer 30

A vulnerability is a security weakness in a software program that puts the program or computer at risk of malicious programs and users.

Question 31

vulnerability scanners

551

Answer 31

it is used to verify the proper application of some ACLs to a firewall.

Question 32

2 of the most known and effective programs that are used for vulnerability scanner, what are they?
551

Answer 32

_Nessus

_NMAP

Question 33

Nessus:

551

Answer 33

it operates by performing a port scan and then follows up with more specific tests.

Question 34

NMAP

552

Answer 34

network mapper can be used from the command line and it can be used with web based interfaces to be controlled remotely.