Final Exam (V.2) Flashcards
What are firewalls?
Provide central “choke point” for all traffic entering and exiting the system
Main goals of firewall?
- Service control
- Behavior control
- User/machine control
Firewalls can also run security functionality, like IPsec and VPN. T/F
True
What can’t firewalls protect against?
- insider attacks
- users bypassing the firewall to connect to the Internet
- Infected devices connecting to network internally
Why not just provision each computer with its own firewall/IDS?
- Not cost effective
- Different OS’s make management difficult
- Patches must be propagated to all machines in the system
- Does not protect against insider attacks that extend beyond the local network
What is default policy?
Specifies what to do if no other policy applies.
What is default deny?
- blocklist/denylist
- specifies connectivity that is explicitly disallowed
- less secure, but allows functionality
What is default accept?
- allowlist
- specifies connectivity that is explicitly allowed
- more secure but may break functionality
In firewall rule order, firewall policies are monotonic. T/F
False
In firewall rule order, policy evaluate by first match, not best match. T/F
True
How to optimize firewall performance?
Do frequent deny first
Stateless packets are _____ while stateful packets ____.
considered in isolation; allow historical context consideration
Advantages and disadvantages of stateless packets?
A: much faster packets processing
D: more complex rule specification, less secure
Advantages and disadvantages of stateful packets?
A: more simple rule specification, more secure
D: slower packets processing
We can have multiple network firewalls, each providing different protection. T/F
T
Multiple firewalls means they have ____ filtering rules to ________.
stricter; protect each server from each other
What is a DMZ?
A logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger network
In DMZ, internal network is ___ whereas the DMZ is ____.
trusted; semi-trusted
DMZ hosts often communicate with both the ___ and the ___.
Internet; LAN
What are honeypots?
Decoy systems to lure potential attackers.
Goals of honeypots are:-
- divert attackers from critical systems
- collect information about attacker’s activity
- delay attacker long enough to respond
What are some features of honeypots deployed outside firewall?
- can detect attempted connections to unused IP addresses, port scanning
- no risk of compromised systems behind firewalls
- does not divert internal attackers
What is PKI?
- a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption
What are the 3 entities form a PKI?
- client (connect securely or verify an entity)
- server (prove its entity)
- CA (validate identifies and generate certificates)
How to obtain the signature for X.509?
Compute a message digest of the above fields with a hashing algorithm and then encrypting it with the CA’s private key
What are the steps of verifying the digital certificate?
- the server has a digital certificate
- client asks for the server’s digital certificate
- client is able to verify the server through issuing CA
Root CA may delegate the trust to other CA’s who in turn may be allowed to delegate that trust. T/F
True
The initial list of trusted Root CA’s decided on by web browser’s producer. T/F
True
Any certificate signed by one of these Root CAs is trusted. T/F
True
Reasons to revoke a certificate?
- private key corresponding to the certified public key has been compromised
- user stopped paying his certification fee to the CA and the CA no longer wishes to certify him
- CA’s certificate has been compromised
Expiration is not a form of revocation. T/F
False
Because certificate serial numbers must be unique with each CA, this is enough to identify the certificate. T/F
True
What is a certificate revocation list (CRL)?
- CA periodically issues a signed list of revoked certificates
- can issue a “delta CRL” containing only updates
What is OCSP?
- Online Certificate Status Protocol
- when a certificate is presented, recipient goes to a special online service to verify whether it is still valid
How does OCSP Stapling?
- the web server sends regular, automatic OCSP requests to the OCSP responder (CA)
- the OCSP responder provides time-stamped data
- the web server caches this timestamped response
- the web server sends the cached, CA-signed and timestamped data to the client. The client trusts this response because it’s digitally signed and timestamped
