Lecture 6.5 Flashcards by J D

Technical controls – ?

Identify

Firewalls and VPN

essential

How well did you know this?

Not at all

Perfectly

Technical controls – ?

Identify

Firewalls and VPN

essential

How well did you know this?

Not at all

Perfectly

Enforcing policy for many ?

Identify

Firewalls and VPN

IT functions

How well did you know this?

Not at all

Perfectly

Not involve direct ?

Identify

Firewalls and VPN

human control

How well did you know this?

Not at all

Perfectly

Improve organization’s ability to ?

Identify

Firewalls and VPN

balance

How well did you know this?

Not at all

Perfectly

Use data classification schemes

Identify

Firewalls and VPN - Access Control

Mandatory access control (MAC)

How well did you know this?

Not at all

Perfectly

Give users and data owners limited control over access

Identify

Firewalls and VPN - Access Control

Mandatory access control (MAC)

How well did you know this?

Not at all

Perfectly

Each collection of information is rated

Identify

Firewalls and VPN - Access Control

Data classification schemes

How well did you know this?

Not at all

Perfectly

Each user is rated

Identify

Firewalls and VPN - Access Control

Data classification schemes

How well did you know this?

Not at all

Perfectly

May use matrix or authorization

Identify

Firewalls and VPN - Access Control

Data classification schemes

How well did you know this?

Not at all

Perfectly

Managed by central authority

Identify

Firewalls and VPN - Access Control

Nondiscretionary controls

How well did you know this?

Not at all

Perfectly

Tied to the role a user performs

Identify

Firewalls and VPN - Access Control

Role-based

How well did you know this?

Not at all

Perfectly

Tied to a set of tasks user performs

Identify

Firewalls and VPN - Access Control

Task-based

How well did you know this?

Not at all

Perfectly

Implemented at the option of the data user

Identify

Firewalls and VPN - Access Control

Discretionary access controls

How well did you know this?

Not at all

Perfectly

Used by peer to peer networks

Identify

Firewalls and VPN - Access Control

Discretionary access controls

How well did you know this?

Not at all

Perfectly

? ?? ??? ????

(4) All controls rely on

Enumerate

Firewalls and VPN - Access Control

Identification
Authentication
Authorization
Accountability

How well did you know this?

Not at all

Perfectly

Unverified entity – ?

Identify

Firewalls and VPN - Access Control - Identification

supplicant

How well did you know this?

Not at all

Perfectly

Seek access to a resource by ?

Identify

Firewalls and VPN - Access Control - Identification

label

How well did you know this?

Not at all

Perfectly

is called an identifier

Identify

Firewalls and VPN - Access Control - Identification

Label

How well did you know this?

Not at all

Perfectly

Mapped to one & only one ?

Identify

Firewalls and VPN - Access Control - Identification

entity

How well did you know this?

Not at all

Perfectly

Authentication:
* Something a supplicant ?
* Something a supplicant ??
* Something a supplicant ???

Identify

Firewalls and VPN - Access Control - Authentication

knows
has
is

How well did you know this?

Not at all

Perfectly

Matches supplicant to ?

Identify

Firewalls and VPN - Access Control - Authorization

resource

How well did you know this?

Not at all

Perfectly

Often uses access control ?

Identify

Firewalls and VPN - Access Control - Authorization

matrix

How well did you know this?

Not at all

Perfectly

(3) Handled by 1 of 3 ways

Enumerate

Firewalls and VPN - Access Control - Authorization

Authorization for each authenticated users
Authorization for members of a group
Authorization across multiple systems

How well did you know this?

Not at all

Perfectly

Accountability known as **?** | Identify ## Footnote Firewalls and VPN - Access Control - Accountability

auditability

All actions on a system can be attributed to an authenticated **?** | Identify ## Footnote Firewalls and VPN - Access Control - Accountability

identity

System logs and **?** | Identify ## Footnote Firewalls and VPN - Access Control - Accountability

database journals

Prevent information from moving between the **?** and **??** | Identify ## Footnote Firewalls and VPN - Firewalls - Purpose

* outside world * inside world

# **?** untrusted network | Identify ## Footnote Firewalls and VPN - Firewalls - Purpose

Outside world

# **?** trusted network | Identify ## Footnote Firewalls and VPN - Firewalls - Purpose

Inside world

# **?** Five major categories | Enumerate ## Footnote Firewalls and VPN - Processing Mode

* Packet filtering * Application gateway * Circuit gateway * MAC layer * Hybrids

# **?** Filtering firewall | Identify ## Footnote Firewalls and VPN

Packet Filtering

# **?** Examine header information & data packets | Identify ## Footnote Firewalls and VPN

Packet Filtering

# **?** **??** **???** **????** **?????** (5) Installed on TCP/IP based network | Enumerate ## Footnote Firewalls and VPN - Packet Filtering

* Functions at the IP level * Drop a packet (deny) * Forward a packet (allow) * Action based on programmed rules * Examines each incoming packet

Inspect networks at the **?** | Identify ## Footnote Firewalls and VPN - Filtering Packets

network layer

Packet matching restriction = **?** | Identify ## Footnote Firewalls and VPN - Filtering Packets

deny movement

# **?** **??** **???** **????** (4) Restrictions most commonly implemented in Filtering Packets | Enumerate ## Footnote Firewalls and VPN - Filtering Packets

* IP source and destination addresses * Direction (incoming or outgoing) * Protocol * Transmission Control Protocol (TCP) or User Datagram Protocol (UD) source or destination

# **?** **Requires rules** to be developed and **installed with firewall** | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Static filtering

# **?** Allows only a **particular packet with a particular source**, destination, and port address to enter | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Dynamic filtering

# **?** Uses a state table | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Stateful

# **?** Tracks the state and context of each packet | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Stateful

# **?** Records which station sent what packet and when | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Stateful

# **?** Perform packet filtering but takes extra step | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Stateful

# **?** Can expedite responses to internal requests | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Stateful

# **?** Vulnerable to DOS attacks because of processing time required | Identify ## Footnote Firewalls and VPN - Packet Filtering Subsets

Stateful

# **?** **Installed on dedicated computer** | Identify ## Footnote Firewalls and VPN

Application Gateway

# **?** Used in **conjunction with filtering router** | Identify ## Footnote Firewalls and VPN

Application Gateway

# **?** Goes **between external request and webpage** | Identify ## Footnote Firewalls and VPN - Application Gateway

Proxy server

# **?** **Between trusted and untrusted network** | Identify ## Footnote Firewalls and VPN - Application Gateway - 1/4 ?

Resides in DMZ

# **?** Exposed to risk | Identify ## Footnote Firewalls and VPN - Application Gateway - 2/4 ?

Resides in DMZ

# **?** Can place additional filtering routers behind | Identify ## Footnote Firewalls and VPN - Application Gateway - 3/4 ?

Resides in DMZ

# **?** Restricted to a single application | Identify ## Footnote Firewalls and VPN - Application Gateway - 4/4 ?

Resides in DMZ

# **?** Operates at **transport level** | Identify ## Footnote Firewalls and VPN - 1/6 ?

Circuit Gateways

# **?** Authorization **based on addresses** | Identify ## Footnote Firewalls and VPN - 2/6 ?

Circuit Gateways

# **?** **Don’t look at traffic** between networks | Identify ## Footnote Firewalls and VPN - 3/6 ?

Circuit Gateways

# **?** Do **prevent direct connections** | Identify ## Footnote Firewalls and VPN - 4/6 ?

Circuit Gateways

# **?** **Create tunnels** between networks | Identify ## Footnote Firewalls and VPN - 5/6 ?

Circuit Gateways

# **?** Only **allowed traffic can use tunnels** | Identify ## Footnote Firewalls and VPN - 6/6 ?

Circuit Gateways

# **?** Designed to operate at **media access sublayer** | Identify ## Footnote Firewalls and VPN - 1/3 ?

MAC Layer Firewalls

# **?** Able to **consider specific host computer identity** in filtering | Identify ## Footnote Firewalls and VPN - 2/3 ?

MAC Layer Firewalls

# **?** **Allows specific types of packets that are acceptable** to each host | Identify ## Footnote Firewalls and VPN - 3/3 ?

MAC Layer Firewalls

# **?** **??** **???** **????** **?????** **??????** **???????** (7) OSI Model | Enumerate ## Footnote Firewalls and VPN

1. Physical 2. Data 3. Network 4. Transport 5. Session 6. Presentation 7. Application

# **?** **Combine elements of other types of firewalls**; i.e., elements of packet filtering and proxy services, or of packet filtering and circuit gateways | Identify ## Footnote Firewalls and VPN - 1/2 ?

Hybrid Firewalls

# **?** **Alternately, may consist of two separate firewall devices**; each a separate firewall system, but are connected to work in tandem | Identify ## Footnote Firewalls and VPN - 2/2 ?

Hybrid Firewalls

# **?** **Static** packet filtering | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 1/3 ?

First Generation

# **?** **Simple** networking devices | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 2/3 ?

First Generation

# **?** Filter packets **according to their headers** | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 3/3 ?

First Generation

# **?** **Application level** or proxy servers | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 1/3 ?

Second Generation

# **?** **Dedicated** systems | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 2/3 ?

Second Generation

# **?** Provides **intermediate services** for the requestors | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 3/3 ?

Second Generation

# **?** **Stateful** | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 1/2 ?

Third Generation

# **?** Uses **state tables** | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 2/2 ?

Third Generation

# **?** **Dynamic** filtering | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 1/2 ?

Fourth Generation

# **?** **Particular packet with a particular source**, destination, and port address to enter | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 2/2 ?

Fourth Generation

# **?** Kernel proxy | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 1/4 ?

Fifth Generation

# **?** Works un the **Windows NT Executive** | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 2/4 ?

Fifth Generation

# **?** Evaluates at **multiple layers** | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 3/4 ?

Fifth Generation

# **?** Checks security as packet **passes from one level to another** | Identify ## Footnote Firewalls and VPN - Categorization by Development Generation - 4/4 ?

Fifth Generation

# **?** State-alone | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 1/3 ?

Commercial-Grade

# **?** Combination of hardware and software | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 2/3 ?

Commercial-Grade

# **?** Many of features of stand alone computer | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 3/3 ?

Commercial-Grade

# **?** Configured application software | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 1/2 ?

Commercial-Grade Firewall Systems

# **?** Runs on general-purpose computer | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 2/2 ?

Commercial-Grade Firewall Systems

# **?** **??** (2) Runs on general-purpose computer | Enumerate ## Footnote Firewalls and VPN - Categorized by Structure - Runs on general-purpose computer

* Existing computer * Dedicated computer

# **?** Broadband gateways or DSL/cable modem routers | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 1/6 ?

Small Office/Home Office (SOHO)

# **?** First – stateful | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 2/6 ?

Small Office/Home Office (SOHO)

# **?** Many newer one – packet filtering | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 3/6 ?

Small Office/Home Office (SOHO)

# **?** Can be configured by use | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 4/6 ?

Small Office/Home Office (SOHO)

# **?** Router devices with WAP and stackable LAN switches | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 5/6 ?

Small Office/Home Office (SOHO)

# **?** Some include intrusion detection | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 6/6 ?

Small Office/Home Office (SOHO)

# **?** Installed directly on user’s system | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 1/3 ?

Residential

# **?** Many free version not fully functional | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 2/3 ?

Residential

# **?** Limited protection | Identify ## Footnote Firewalls and VPN - Categorized by Structure - 3/3 ?

Residential

# **?** Lacks auditing and strong authentication | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 1/2 ?

Packet filtering routers

# **?** Can degrade network performance | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 2/2 ?

Packet filtering routers

# **?** **Combines packet filtering router** with **dedicated firewall** – such as proxy server | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 1/3 ?

Screened Host firewall

# **?** * Allows router to **prescreen packets** * **Application proxy examines** at application layer | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 2/3 ?

Screened Host firewall

# **?** * Separate host – **bastion or sacrificial host** * **Requires external attack** to compromise 2 separate systems. | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 3/3 ?

Screened Host firewall

# **?** Two network interface cards | Identify ## Footnote Firewalls and VPN - Firewall Architectures

Dual Homed Host

# **?** * **Dominant architecture used today** * Provides **DMZ** | Identify ## Footnote Firewalls and VPN - Firewall Architectures

Screened Subnet Firewalls (with DMZ)

# **?** **Protocol for handling TCP** traffic through a **proxy server** | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 1/3 ?

SOCS Servers

# **?** **Proprietary circuit-level proxy server** | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 2/3 ?

SOCS Servers

# **?** Places special **SOCS** client-side agents on each workstation | Identify ## Footnote Firewalls and VPN - Firewall Architectures - 3/3 ?

SOCS Servers

# **?** Extent to which the **firewall design provides the required protection** | Identify ## Footnote Firewalls and VPN - Selecting the Right Firewall

Most important factor

# **?** Cost | Identify ## Footnote Firewalls and VPN - Selecting the Right Firewall

Second most important factor

# **?** **Software filter—not a firewall**—that allows administrators to **restrict content access** from within network | Identify ## Footnote Firewalls and VPN - 1/4 ?

Content Filters

# **?** **Essentially a set of scripts** or programs**restricting user access to certain networking protocols**/Internet locations | Identify ## Footnote Firewalls and VPN - 2/4 ?

Content Filters

# **?** Primary focus to **restrict internal access to external material** | Identify ## Footnote Firewalls and VPN - 3/4 ?

Content Filters

# **?** Most common **content filters** restrict users from accessing non-business Web sites or deny incoming span | Identify ## Footnote Firewalls and VPN - 4/4 ?

Content Filters

# **?** **Installing internetwork connections requires leased lines** or other data channels; **these connections usually secured under requirements** of formal service agreement | Identify ## Footnote Firewalls and VPN

Protecting Remote Connections

# **?** Unsecured, **dial-up** connection points represent a substantial exposure to attack | Identify ## Footnote Firewalls and VPN - Protecting Remote Connections

Dial-Up

# **?** : automatic phone-dialing program that **dials every number in a configured range** and **records number if modem picks up** | Identify ## Footnote Firewalls and VPN - Protecting Remote Connections - Dial-Up

War dialer

# **?** **??** (2) Authentication Systems | Enumerate ## Footnote Firewalls and VPN - Protecting Remote Connections - Authentication systems

* RADIUS AND TACACS * Kerberos

# **?** Access control for dial-up | Identify ## Footnote Firewalls and VPN - Protecting Remote Connections - 1/2 Authentication systems

RADIUS AND TACACS

# **?** * **Symmetric key encryption** to validate * Keeps a **database containing the private keys** | Identify ## Footnote Firewalls and VPN - Protecting Remote Connections - 2/2 Authentication systems 1/2 ?

Kerberos

# **?** * **Both networks and clients** have to **register** * Does the authentication **based on database** | Identify ## Footnote Firewalls and VPN - Protecting Remote Connections - 2/2 Authentication systems 2/2 ?

Kerberos

# **?** * Secure European System for applications in Multiple vendor Environment * **Similar to Kerberos** | Identify ## Footnote Firewalls and VPN - Protecting Remote Connections

Sesame

# **?** Implementation of cryptographic technology | Identify ## Footnote Firewalls and VPN - Protecting Remote Connections

VPN

# **? ?? ???** (3) Private and secure network connection | Enumerate ## Footnote Firewalls and VPN - Protecting Remote Connections - VPN

* Trusted VPN * Secure VPN * Hybrid VPN

# **?** **Data within IP packet is encrypted**, but **header information is not** | Identify ## Footnote Firewalls and VPN - 1/2 ?

Transport Mode

# **?** **Allows user to establish secure link** directly with remote host, **encrypting only data contents** of packet | Identify ## Footnote Firewalls and VPN - 2/2 ?

Transport Mode

# **?** Organization establishes two perimeter **tunnel servers** | Identify ## Footnote Firewalls and VPN - 1/3 ?

Tunnel Mode

# **?** These servers act as encryption points, **encrypting all traffic that will traverse unsecured network** | Identify ## Footnote Firewalls and VPN - 2/3 ?

Tunnel Mode

# **?** Primary benefit to this model is that an **intercepted packet reveals nothing** about true destination system | Identify ## Footnote Firewalls and VPN - 3/3 ?

Tunnel Mode