Final Exam (V.2)

Question 1

What are firewalls?

Answer 1

Provide central “choke point” for all traffic entering and exiting the system

Question 2

Main goals of firewall?

Answer 2

• Service control
• Behavior control
• User/machine control

Question 3

Firewalls can also run security functionality, like IPsec and VPN. T/F

Answer 3

True

Question 4

What can’t firewalls protect against?

Answer 4

• insider attacks
• users bypassing the firewall to connect to the Internet
• Infected devices connecting to network internally

Question 5

Why not just provision each computer with its own firewall/IDS?

Answer 5

• Not cost effective
• Different OS’s make management difficult
• Patches must be propagated to all machines in the system
• Does not protect against insider attacks that extend beyond the local network

Question 6

What is default policy?

Answer 6

Specifies what to do if no other policy applies.

Question 7

What is default deny?

Answer 7

• blocklist/denylist
• specifies connectivity that is explicitly disallowed
• less secure, but allows functionality

Question 8

What is default accept?

Answer 8

• allowlist
• specifies connectivity that is explicitly allowed
• more secure but may break functionality

Question 9

In firewall rule order, firewall policies are monotonic. T/F

Answer 9

False

Question 10

In firewall rule order, policy evaluate by first match, not best match. T/F

Answer 10

True

Question 11

How to optimize firewall performance?

Answer 11

Do frequent deny first

Question 12

Stateless packets are _____ while stateful packets ____.

Answer 12

considered in isolation; allow historical context consideration

Question 13

Advantages and disadvantages of stateless packets?

Answer 13

A: much faster packets processing
D: more complex rule specification, less secure

Question 14

Advantages and disadvantages of stateful packets?

Answer 14

A: more simple rule specification, more secure
D: slower packets processing

Question 15

We can have multiple network firewalls, each providing different protection. T/F

Answer 15

T

Question 16

Multiple firewalls means they have ____ filtering rules to ________.

Answer 16

stricter; protect each server from each other

Question 17

What is a DMZ?

Answer 17

A logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger network

Question 18

In DMZ, internal network is ___ whereas the DMZ is ____.

Answer 18

trusted; semi-trusted

Question 19

DMZ hosts often communicate with both the ___ and the ___.

Answer 19

Internet; LAN

Question 20

What are honeypots?

Answer 20

Decoy systems to lure potential attackers.

Question 21

Goals of honeypots are:-

Answer 21

• divert attackers from critical systems
• collect information about attacker’s activity
• delay attacker long enough to respond

Question 22

What are some features of honeypots deployed outside firewall?

Answer 22

• can detect attempted connections to unused IP addresses, port scanning
• no risk of compromised systems behind firewalls
• does not divert internal attackers

Question 23

What is PKI?

Answer 23

• a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption

Question 24

What are the 3 entities form a PKI?

Answer 24

• client (connect securely or verify an entity)
• server (prove its entity)
• CA (validate identifies and generate certificates)

Question 25

How to obtain the signature for X.509?

Answer 25

Compute a message digest of the above fields with a hashing algorithm and then encrypting it with the CA's private key

Question 26

What are the steps of verifying the digital certificate?

Answer 26

- the server has a digital certificate - client asks for the server's digital certificate - client is able to verify the server through issuing CA

Question 27

Root CA may delegate the trust to other CA's who in turn may be allowed to delegate that trust. T/F

Answer 27

True

Question 28

The initial list of trusted Root CA's decided on by web browser's producer. T/F

Answer 28

True

Question 29

Any certificate signed by one of these Root CAs is trusted. T/F

Answer 29

True

Question 30

Reasons to revoke a certificate?

Answer 30

- private key corresponding to the certified public key has been compromised - user stopped paying his certification fee to the CA and the CA no longer wishes to certify him - CA's certificate has been compromised

Question 31

Expiration is not a form of revocation. T/F

Answer 31

False

Question 32

Because certificate serial numbers must be unique with each CA, this is enough to identify the certificate. T/F

Answer 32

True

Question 33

What is a certificate revocation list (CRL)?

Answer 33

- CA periodically issues a signed list of revoked certificates - can issue a "delta CRL" containing only updates

Question 34

What is OCSP?

Answer 34

- Online Certificate Status Protocol - when a certificate is presented, recipient goes to a special online service to verify whether it is still valid

Question 35

How does OCSP Stapling?

Answer 35

- the web server sends regular, automatic OCSP requests to the OCSP responder (CA) - the OCSP responder provides time-stamped data - the web server caches this timestamped response - the web server sends the cached, CA-signed and timestamped data to the client. The client trusts this response because it's digitally signed and timestamped