Firewalls

Question 1

Hardware firewall

Answer 1

Often built into routers
Protects LAN from outside threats by filtering the packets before they reach your internal machines

Question 2

SPI

Answer 2

Stateful packet inspection
Used by hardware firewalls
Inspects each incoming packet individually
Blocks incoming traffic that is not in response to your outgoing traffic
Can even disable unused ports completely

Question 3

Port forwarding/mapping

Answer 3

Enables you to open a port in the firewall and direct incoming traffic on that port to a specific IP address on your LAN

Question 4

Port triggering

Answer 4

Enables you to open an incoming connection to one computer automatically based on a specific outgoing connection
Trigger port defines the outgoing connection
Destination port defines the incoming connection

Question 5

Screened subnet

Answer 5

Puts systems with the specified IP address outside the protection of the firewall
Opens all ports and enables all incoming traffic
VERY DANGEROUS
DO NOT USE

Question 6

Software firewalls

Answer 6

Windows defender firewall or windows defender firewall with advanced security (examples)
Handles heavy lifting of port blocking, security logging, and more
Fine tune port security
Set up exceptions to open individual ports
Adjust application security by adding exceptions to let specific programs/services pass through the firewall

Question 7

Network types

Answer 7

Domain
Private
Guest/public

Question 8

Domain network

Answer 8

Windows network controlled by windows domain controller
Runs Active Directory domain services
Domain tells machine what it can and cannot share

Question 9

Private network

Answer 9

Enables you to share resources, discover other devices, and allow other devices to discover your computer safely

Question 10

Guest/public network

Answer 10

Network prevents your computer from sharing and disables all discovery protocols

Question 11

IDS

Answer 11

Intrusion detection system
Internet application that inspects packets looking for active intrusions
Functions inside the network
Watches for threats the firewall might miss (viruses, illegal logon attempts, other well known attacks)
Can discover internal threats (inspects traffic inside the network)
Attacks are logged at the very least, some offer notifications
CANNOT stop and attack, only request assistance from other devices

Question 12

IPS

Answer 12

Intrusion prevention system
Sits directly in the flow of network traffic
CAN stop an attack while it is happening
Network bandwidth and latency take a hit
If IPS goes down, the network link might go down too
Some can block incoming packets on the fly based on IP address, port number, or application type
Some can even fix packets on the fly

Question 13

Network tap

Answer 13

Network monitoring hardware that sits between devices on the network and copies the traffic between them for later analysis
Allows traffic to flow normally
Copied traffic can be inspected without risk of network disruptions
Can also be a part of virtual networks