Implementing A Secure Network Flashcards
explain the difference between segregation, segmentation and isolation
segregation is is the separation of a SENSITIVE network from a less sensitive one, e.g. your home network from the internet.
Segmentation is about dividing up the network into smaller segments to reduce traffic and control access between segments
Isolation is about physically isolating the network or device from other networks
What is meant by red networks and black networks?
It relates to physical separation of networks. Red networks are classified and should not be connected to black networks (unclassified)
Why would you implement a reverse proxy for internet users accessing your web server?
It improves performance by caching commonly accessed web pages
It can act as a load balancer to balance requests across multiple web servers increasing efficiency
Increases security by separating the web server from public connections
What device would you implement if you wanted save your administrator time and effort managing various security appliances like proxies and firewalls? Why?
Purchase a Unified Threat Management appliance. It combines several security applications into a single, easily administered device
If you wanted to protect sensitive information from outgoing email, what capability would you need and on what device could implements it?
What two methods does it use to achieve this?
A mail gateway with Data Loss Prevention Capabilities that checked for sensitive information and blocks it.
1) it uses content filtering to detect confidential or sensitive information
2) It also encrypts outgoing email to ensure confidentiality
Is a VLAN an example of Network isolation, why?
Yes. Because you can completely isolate groups of devices and their traffic that sit on the same physical switch by assigning VLANs to them
What security device commonly include a DDoS mitigator?
UTM
What device can implement the two use cases below?
Prevent IP address spoofing using ACLs
provide secure management of (the said devices themselves) using SNMPv3
A router
What’s the difference between static NAT, dynamic NAT and Port Address Translation?
static NAT maps a single private address to a single public ip address.
dynamic NAT maps a a pool of public IP address to multiple private addresses
PAT can map multiple internal addresses to a single public IP by using port numbers to separate communication and route data to the correct internal IP
you have some older computers that can’t connect to the newer wifi network because they don’t support the higher encryption standards, but you need to keep them. What should you do?
Connect them to a separate wifi network on their own so they don’t compromise the other wifi network as allowing them to connect to that could allow attackers onto the wifi APs
