Definitions

Question 1

What is a router?

Answer 1

A device that connects two or more packet-switched networks or sub-networks. It manages traffic between these networks by forwarding data packets to their intended IP addresses, and allows multiple devices to use the same Internet connection; operates at layer 3 or network layer of the OSI model.

Question 2

How does a router work?

Answer 2

A router helps direct data packets to their destination IP address by using an internal routing table — a list of paths to various network destinations. The router reads a packet’s header to determine where it is going, then consults the routing table to figure out the most efficient path to that destination. It then forwards the packet to the next network in the path.

Question 3

What is a switch?

Answer 3

A networking device operating at layer 2 or data link layer of the OSI model. They connect devices in a network and use MAC addresses to send data packets to selected destination ports, and packet switching to receive or forward data packets or data frames from the source to the destination device.

Question 4

What is a hub?

Answer 4

Networking devices operating at the physical layer of the OSI model that are used to connect multiple devices in a network. They are generally used to connect computers in a LAN.

A hub has many ports in it. A computer which intends to be connected to the network is plugged in to one of these ports. When a data frame arrives at a port, it is broadcast to every other port, without considering whether it is destined for a particular destination device or not.

Question 5

What is a gateway?

Answer 5

A network node that forms a passage between two networks operating with different transmission protocols. It acts as the entry – exit point for a network since all traffic that flows across the networks should pass through the gateway. Only the internal traffic between the nodes of a LAN does not pass through the gateway.

A gateway can operate at any of the seven layers of OSI model. The most common type, the network gateway, operates at layer 3 / network layer of the OSI model.

Question 6

What is a web application firewall?

Answer 6

A security tool for monitoring, filtering and blocking incoming and outgoing data packets from a web application or website. WAFs can be host-based, network-based or cloud-based and are typically deployed through reverse proxies and placed in front of an application or website (or multiple apps and sites).

WAFs can run as network appliances, server plugins or cloud services, inspecting each packet and analyzing application layer (Layer 7) logic according to rules to filter out suspicious or dangerous traffic.

Question 7

What is a reverse proxy?

Answer 7

A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability.

By intercepting requests headed for backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.

Question 8

What is a forward proxy?

Answer 8

A forward proxy sits in front of a client and ensures that no origin server ever communicates directly with that specific client.

Question 9

What is syslog?

Answer 9

Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server, called a syslog server. It is primarily used to collect various device logs from several different machines in a central location for monitoring and review.

The protocol is enabled on most network equipment such as routers, switches, firewalls, and even some printers and scanners. In addition, syslog is available on Unix and Linux based systems and many web servers including Apache. Syslog is not installed by default on Windows systems, which use their own Windows Event Log. These events can be forwarded via third-party utilities or other configurations using the syslog protocol.

Traditionally, Syslog uses the UDP protocol on port 514 but can be configured to use any port. In addition, some devices will use TCP 1468 to send syslog data to get confirmed message delivery.

Syslog packet transmission is asynchronous. What causes a syslog message to be generated is configured within the router, switch, or server itself.

Question 10

What are some of the disadvantages of syslog?

Answer 10

The syslog protocol offers no security mechanism. There is no authentication built-in to ensure that messages are coming from the device claiming to be sending them. There is no encryption to conceal what information is being sent to the server. It is particularly susceptible to so-called “playback attacks” where an attacker generates a previous stream of warnings to illicit a response.

One major limitation of the syslog protocol is that the device being monitoring must be up and running and connected to the network to generate and send a syslog event. A critical error from the kernel facility may never send an error at all as the system goes offline. In other words, syslog is not a good way to monitor the up and down status of devices.

Question 11

What is an intrusion prevention system?

Answer 11

An intrusion prevention system (IPS) is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.

Question 12

What is an intrusion detection system?

Answer 12

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.

Question 13

What is an application proxy firewall?

Answer 13

This firewall does not allow any packets to directly pass between protected systems. Instead, the firewall creates a proxy connection on the destination network and then passes traffic through that proxied connection. Proxy firewalls often contain advanced application inspection capabilities, allowing them to detect sophisticated application-layer attacks, such as buffer overflow attempts and SQL injection attacks. They’re much more expensive than stateful inspection firewalls, however, and are normally only used to protect data centers and other networks containing publicly accessible, high-value servers.

Question 14

What is a proxy server?

Answer 14

Servers that act as an intermediary for internet requests. They are used to mask traffic, protect data, and prevent unauthorized access to a system.

Instead of connecting directly to a server that can fulfill a request for a resource, such as a file or web page, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as load balancing, privacy, or security. A proxy server functions on behalf of the client when requesting service, potentially masking the true origin of the request to the resource server.

For example, a proxy server can act as a gateway between users and the internet, separating end users from the websites they browse.

Question 15

What are the security benefits of a proxy server?

Answer 15

Proxies provide a valuable layer of security for your computer. They can be set up as web filters or firewalls, protecting your computer from internet threats like malware. This extra security is also valuable when coupled with a secure web gateway or other email security products.

Question 16

How does a hardware firewall work?

Answer 16

A hardware firewall is a system that works independently from the computer it is protecting as it filters information coming from the internet into the system. If you have a broadband internet router, it likely has its own firewall.

A hardware firewall checks the data coming in from the various parts of the internet and verifies that it is safe. Hardware firewalls that use packet filtering examine each data packet and check to see where it is coming from and its location. The data the firewall collects about each packet is then compared to a permissions list to see if it fits the profile of data that should be discarded. A hardware firewall can protect all the computers attached to it, making it an easily scalable solution.

Question 17

What is a firewall?

Question 18

How does a software firewall work?

Answer 18

A software firewall is a program used by a computer to inspect data that goes in and out of the device. It can be customized by the user to meet their needs. Like hardware firewalls, software firewalls filter data by checking to see if it—or its behavior—fits the profile of malicious code.

Software firewalls can monitor traffic trying to leave your computer as well, preventing it from being used to attack other networks or devices. A software firewall has to be installed on each computer in the network. Therefore, a software firewall can only protect one computer at a time.

Question 19

What is stateful inspection?

Answer 19

A stateful inspection firewall inspects every data packet and compares it against a threat database. During the inspection process, the firewall checks where the data is coming from, the ports it uses, and the applications it is associated with. If the data packet checks out, it is allowed to pass. Otherwise, it is discarded.

Stateful inspection can also collect information about the data packets that go through it and use that to gain more insights into data that may pose potential threats in the future.

Question 20

What is packet filtering?

Answer 20

Data is organized in packets. When a firewall executes packet filtering, it examines the packets of data, comparing it against filters, which consist of information used to identify malicious data. If a data packet meets the parameters of a threat as defined by a filter, then it is discarded and your network is protected. Data packets that are deemed safe are allowed to pass through.

Question 21

What is a proxy firewall?

Answer 21

The firewall acts as a go-between positioned between your computer and anything that tries to connect to it. A proxy firewall is like a mirror of your computer and detects malicious actors attempting to get through to your device.

Proxy firewalls are a secure solution because of the separation they provide between your computer and the internet. Attackers often need to connect directly to your computer to attack it. Because a proxy is between your computer and the internet, hackers cannot form a direct connection to it, rendering their attack useless.

Question 22

What is a SSL certificate?

Answer 22

A small data file that authenticates the identity of a website, and allows secure connections from a web server to a browser.

Question 23

What is Platform-as-a-Service?

Answer 23

A third party that supplies an environment for an organization to develop, test, deliver, and manage software applications.

Question 24

What is Multi-Factor Authentication?

Answer 24

A method that requires two or more distinct authentication factors for successful authentication. Potential factors include something you know, something you have, something you are, somewhere you are, or something you do. A common example is logging in to an account by having a code sent to your phone which you then enter on the webpage.

Question 25

What is a cookie?

Answer 25

Small pieces of data stored on the user’s computer by a web browser as a way for websites to remember information about an individual’s browsing session. These are often used to track login status and advertising profiles.

Question 26

What is an access point?

Answer 26

A wireless network device (ex: a router) that allows other devices to communicate with a network.

Question 27

What is a buffer?

Answer 27

Physical memory storage used to temporarily store data while it is being moved from one place to another.

Question 28

What is hashing?

Answer 28

A mathematical process that produces a unique alphanumeric string for a specific file. This string can verify that the content of a message or data has not been tampered with in transit.

Question 29

What is Infrastructure-as-a-Service

Answer 29

The ability to rent infrastructure from a third party. An organization does not have physical control over the infrastructure but does have control over operating systems, applications, and possibly networking components (ex: firewalls).

Question 30

What is Software-as-a-Service?

Answer 30

A software application that is delivered over the internet, typically on a subscription basis.

Question 31

What is a virtual machine?

Answer 31

A virtual machine (VM) is a digital version (typically called an image) of a physical computer. Virtual machine software can run programs and operating systems, store data, connect to networks, and do other computing functions, and requires maintenance such as updates and system monitoring.

Virtual machines run on a physical machine and access computing resources from software called a hypervisor.

The virtual machine is partitioned from the rest of the system, meaning that the software inside a VM can’t interfere with the host computer’s primary operating system.

Question 32

What is a hypervisor?

Answer 32

The hypervisor is software that allows virtual machines to run on a physical machine and access computing resources. The hypervisor abstracts the physical machine’s resources into a pool that can be provisioned and distributed as needed, enabling multiple VMs to run on a single physical machine.

Question 33

What is a container?

Answer 33

A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.

Question 34

What is the difference between a VM and a container?

Answer 34

Virtual machines virtualize an entire machine down to the hardware layers and containers only virtualize software layers above the operating system level.

Question 35

What is the purpose of Active Directory?

Answer 35

The main function of Active Directory is to enable administrators to manage permissions and control access to network resources in a convenient manner.

Active Directory enables users to log on to and manage a variety of resources from one location. Login credentials are unified so that it is easier to manage multiple devices without having to enter account details to access each individual machine.

Question 36

What is Active Directory?

Answer 36

Active Directory is a directory service or container which stores data objects on your local network environment. The service records data on users, devices, applications, groups, and devices in a hierarchical structure.

The structure of the data makes it possible to find the details of resources connected to the network from one location. In essence, Active Directory acts like a phonebook for your network so you can look up and manage devices easily.

Question 37

What is an Active Directory domain controller?

Answer 37

A domain controller is a central computer that will respond to authentication requests and authenticate other computers throughout the network. The domain controller stores the login credentials of all other computers and printers.

All other computers connect to the domain controller so that the user can authenticate every device from one location. The advantage of this is that the administrator won’t have to manage dozens of login credentials.

Question 38

What are Active Directory forests and trees?

Answer 38

A tree is an entity with a single domain or group of objects that is followed by child domains.

A forest is a group of domains put together. When multiple trees are grouped together they become a forest.

Trees in the forest connect to each other through a trust relationship, which enables different domains to share information. All domains will trust each other automatically so you can access them with the same account info you used on the root domain.

Each forest uses one unified database. Logically, the forest sits at the highest level of the hierarchy and the tree is located at the bottom.

Question 39

What are Active Directory trust relationships?

Answer 39

Trusts are used to facilitate communication between domains. Trusts enable authentication and access to resources between two entities. Trusts can be one-way or two-way in nature. Within a trust, the two domains are divided into a trusting domain and a trusted domain.

In a one-way trust, the trusting domain accesses the authentication details of the trusted domain so that the user can access resources from the other domain. In a two-way trust, both domains will accept the other’s authentication details. All domains within a forest trust each other automatically, but you can also set up trusts between domains in different forests to transfer information.

Question 40

What is a right?

Answer 40

A right authorizes a user to perform certain actions on a computer, such as backing up files and folders or shutting down a computer.

Question 41

What is a permission?

Answer 41

A permission is a rule associated with an object (usually a file, folder, or printer), and it regulates which users can have access to the object and in what manner.

Question 42

What is an access control list?

Answer 42

A network access control list (ACL) is made up of rules that either allow access to a computer environment or deny it. This enables administrators to ensure that, unless the proper credentials are presented by the device, it cannot gain access.

There are two basic kinds of ACLs: filesystem ACLs and networking ACLs.

When ACLs were first conceived, they worked like firewalls, blocking access to unwanted entities. While many firewalls have network access control functions, some organizations still use ACLs with technologies such as virtual private networks (VPNs). In this way, an administrator can dictate which kinds of traffic get encrypted and then sent through the secure tunnel of the VPN.

Question 43

What is a filesystem access control list?

Answer 43

This works as a filter, managing access to directories or files. A filesystem ACL gives the operating system instructions as to the users that are allowed to access the system, as well as the privileges they are entitled to once they are inside.

A filesystem ACL uses a table that tells the computer’s operating system which users have which access privileges. The table dictates the users that are allowed to access specific objects, such as directories or files on the system. Every object on the computer has a security property that links it to its associated access control list. On the list, there is information for every user that has the requisite rights to access the system.

Question 44

What is a networking access control list?

Answer 44

Networking ACLs manage access to a network by providing instructions to switches and routers as to the kinds of traffic that are allowed to interface with the network. They also dictate what each user or device can do once they are inside.

To filter traffic, a network ACL uses rules that have been predefined by an administrator or the manufacturer. These rules check the contents of packets against tables that govern access parameters. Based on whether the user checks out, their access is either granted or denied.

Switches and routers that have ACLs perform the function of packet filters. They check the Internet Protocol (IP) addresses of the sources and destination, the source and destination ports, and the packet’s official procedure, which dictates how it is supposed to move through the network.

Question 45

What is an access control list on a router?

Answer 45

An access control list on a router consists of a table that stipulates which kinds of traffic are allowed to access the system. The router is placed between the incoming traffic and the rest of the network or a specific segment of the network, such as the demilitarized zone (DMZ). The ACL examines the information held within data packets flowing into or out of the network to determine where it came from and where it is going. The ACL on the router then decides whether the data packet should be allowed to pass to the other side.

Question 46

What are the benefits of access control lists?

Answer 46

With an access list, you can simplify the way local users, remote users, and remote hosts are identified. This is done using an authentication database configured to ensure only approved users are allowed access to the device.

An access list also allows you to prevent unwanted users and traffic. If you set up parameters that dictate which source or destination addresses and which users are allowed to access a network, you can prevent all others from getting inside. You can also categorize the kinds of traffic you want to allow to access the network and then apply those categories to the ACL. For example, you can create a rule that enables all email traffic to pass through to the network but block traffic that contains executable files.

Question 47

Where can you place an access control list?

Answer 47

Many admins choose to place ACLs on the edge routers of a network. This enables them to filter traffic before it hits the rest of their system. To do this, you can place a routing device that has an ACL on it, positioning it between the demilitarized zone (DMZ) and the internet. Within the DMZ, you may have devices such as application servers, web servers, VPNs, or Domain Name System (DNS) servers.

You can also place an ACL between the DMZ and the rest of your network. If you use an ACL between the internet and the DMZ, as well as between the DMZ and the rest of your network, they will have different configurations—each setting designed to protect the devices and users that come after the ACL.