IS3220 CHAPTER 8 Flashcards
A system designed, built, and deployed specifically to serve as a frontline defense for a network and it withstands the brunt of any attack attempt to provide protection for hosts behind it is called ___?
It is a fortified computer device, possibly a host, firewall, or router, placed in the line of fire between privately owned and controlled networks and the public Internet.
BASTION HOST OS
This supports multiple layers of security and is similar to defense-in-depth. The difference is that each of the layers uses a different security mechanism is called ___? This then comes from using a collection of diverse security solutions.
DIVERSITY OF DEFENSE
This type of OS include Windows, Linux, Mac OS, UNIX, and others. These support a wide variety of purposes and functions, including serving as client or server host OS’s and is called ___?
When used as a Bastion Host OS they must be hardened and locked down. Otherwise, an insecure host OS can render the security provided by a firewall worthless.
GENERAL PURPOSE OS
Another aspect of defense-in-depth is to deploy multiple subnets in series to separate private resources from public. This is known as ___?
N-TIER
This OS is built exclusively to run on a bastion host device. Most appliance firewalls employ this OS and is called ___?
This includes commercial firewall devices as well as many ISP connection devices and wireless access points. These support the functions or services critical to security (or their other primary purposes) and little else.
PROPRIETARY OS
This allows static content to be cached and served by the proxy rather than requiring that each request for the same content be served by the Web server itself is called ___?
REVERSE CACHING
Network security managers must investigate the needs and threats to make informed decisions about what traffic to allow and what traffic to block in the individual organization. This is called ___?
SECURITY STANCE
For security to be effective, everyone must work within the limitations established by your organization’s written policy. Security only works when you employ forced ___?
UNIVERSAL PARTICIPATION
This is a security stance in an ongoing process of locating the least secure element of an infrastructure and security it is called ___?
The idea behind this process is that hackers are performing this task as they seek out vulnerabilities to compromise. Hackers discover and break this to gain access and entry into a secured environment.
WEAKEST LINK
Both consumer and commercial grade, include some form of firewall to provide filtering services for wireless clients and physical cable connections this is called ___?This could be labeled as routers and/or switches, especially when they include two to six extra-wired connection ports.
WIRELESS ACCESS POINT
- When crafting firewall rules, determining what to allow versus what to block is primarily dependent on what factor?
- Traffic levels
- Business tasks
- Bandwidth
- User preferences
- Timing
Business tasks
- The first step in determining what to allow and what to block in a firewall’s rule set is ___?
- Review vulnerability watch lists
- Poll users for what services they want
- Read blogs about best practices for firewall rules
- Record traffic for 24 hours
- Create an inventory of business communications
Create an inventory of business communications
- What is the purpose of including rules that block ports, such as 31337?
- Prevent users from accessing social networking sites
- To prevent DNS zone transfers
- To stop ICMP traffic
- Block known remote access and remote control malware
- Allow users to employ cloud backup solutions
Block known remote access and remote control malware
- What security strategy is based on the concept of locking the environment down so users can perform their assigned tasks but little else?
- Simplicity
- Principle of least privilege
- Diversity of defense
- Choke point
- Weakest link
Principle of least privilege
- What security strategy reverts to a secure position in the event of a compromise?
- Fail-safe
- Universal participation
- Defense-in-depth
- Security through obscurity
- N-tier deployment
Fail-safe