Lecture 3 pt. 2 Flashcards
The NGFW is ______ based
Routing based
The NGFWs security policy is either based on _-_____ or ____ __________:
Based on 6-tuple or user generated
The NGFWs decision making process includes ________ ____s or ______s
security zones or levels
The NGFW works on levels
2-4 and 7
Is the NGFW stateful or stateless?
Stateful
Fortinet, Palo Alto Checkpoint are examples of
NGFWs
What are Cisco Firepower, Juniper FW/ AWS Security Groups ?
NGFWs
Recite how User-ID and App-ID features are a cornerstone in NGFWs (3 parts)
- User-ID and App-ID is used in conjunction with a network segmented into zones
- Access privileges are tied to users and groups, rather than specific devices in a zone
- This ensures users have the appropriate access/privileges regardless of where they access the network
How does network segmentation affect the attack surface?
it decreases the size of the attack surface by preventing lateral movement between zones
Name this: a group of one or more physical/virtual firewall interfaces and the network
segments connected to those interfaces.
Security zone
You should always create a separate security zone to isolate/protect an area when there is a division in(3):
- Functionality
- App use
- Access privileges
Network segmentation is the logical grouping of network assets/resources to implement 3 things:
Services
Authentication Requirements
Security Controls
In ________ segmentation the topology is fixed in the architecture, _______ segmentation is more flexible as it requires no wiring
physical; logical
What is the emerging practice for access control, threat detection, and mitigation?
Use a single consolidated policy for all 3 and apply it across the entire network
rather than having separate systems handling each function in different
