Domain 2

Question 1

Network Based FWs

Answer 1

Control the flow of the network/ Filters traffic via ports over Layer 4. Encrypt traffic between sites. Can proxy traffic. Most FW’s sit on the ingress/egress of the network.

Question 2

Stateless

Answer 2

each packet is individually examined (Looks at ACL/Rules then allow or disallows traffic). Have to add two rules for traffic to go both ways. Rule -> and Rule

Question 3

Stateful

Answer 3

Keeps track of traffic flows by adding each flow to a session table. Session table makes note of (source,dest,port,protocol) one way from (workstation) to (web server) and FW checks session table when going back from (web server) to (workstation). Everything within a valid flow is allowed. If a packet is not in the session table, it will get dropped.

Question 4

NGFW

Answer 4

Performs deep packet inspection. Every packet must be analysed and categorised before making a security decision. Controls traffic flow based on application.

Question 5

IPS

Answer 5

Identify application, uses signature based for the identified application.

Question 6

Host based FW

Answer 6

Works with the OS and can manually select what applications you want to allow through the FW.

Question 7

VPN Concentrator

Answer 7

Encrypt and decrypt traffic, commonly found in Firewalls.

Question 8

Remote access VPN

Answer 8

Software connects to a VPN Concentrator. Host at a coffee shop sets up a VPN tunnel to the Concentrator. Concentrator decrypts the information and forwards on to the corporate network

Question 9

SSL VPN

Answer 9

Connected over port 443 via SSL/TLS. Ran over a browser. No requirement for digital certificates. Usually remote access communications.

Question 10

Full Tunnel

Answer 10

All traffic regardless of destination all passes through the tunnel.

Question 11

Split Tunnel

Answer 11

If you need to communcate to a website which isnt apart of the corporate network, it will take the normal route because it doesn’t require getting encrypted therefore the traffic will fall outside the vpn tunnel.

Question 12

Site2Site VPN

Answer 12

FW’s often act as VPN’s therefore take advantage of whats already there.

Question 13

IPSec

Answer 13

Layer 3. Authentication and encryption for every packet. We provide confidentiality through the encrption and data intergrity by preventing people replaying traffic. There are two core protocols associated with IPSec. AH & ESP. Authentication Header & Encapsulation Security Payload.

Question 14

When in Transport mode, is data encrypted or unencrypted?

Answer 14

Data is encrypted

Question 15

When in Tunnel Mode is Data encrypted/Header and data or just header? Plus what happens to the entire packet?

Answer 15

Tunnel Mode: Header and Data is encrypted. Plus a new IP header on the front of the packet. This means if someone sees the IP header going through, they wont actually know what the IP destination is because all of that information is encrypted in the Tunnel.

Question 16

Authentication Header

Answer 16

Provides integrity with data whats going through the network. IPSec takes the header and the data, combines that with a shared key and provides a hash. Its also adding the AH to the beginning of the packet.

Question 17

Encapsulated Security Payload

Answer 17

Provides encryption. Either usually Triple DES or AES. ESP adds a header, trailer and Integrity Check Value. ESP encrypts the header, data and ESP trailer.

Question 18

Can you use ESP and AH at the same time? Depending on Answer, why/why not?

Answer 18

You can use ESP and AH at the same time. This encrypts the data and authenticates the entire IP packet that means you can either do this in Transport mode or Tunnel mode.