Lesson 14: Supporting and Troubleshooting Secure Networks

Question 1

Define network segmentation enforcement

Answer 1

Enforcing a security zone by separating a segment of the network from access by the rest of the network

Question 2

How is network segmentation enforcement performed?

Answer 2

Using firewalls, VPNs, and VLANs to separate broadcast domains

Question 3

What is a (security) zone?

Answer 3

A zone is an area of the network where the security configuration is the same for all hosts within it

Question 4

Define an internet-facing host

Answer 4

A host that accepts inbound connections from the internet

Question 5

Define a perimeter network zone

Answer 5

An area of a network that traffic can’t pass through directly enabling external clients access to data on private systems (DMZ)

Question 6

What types of servers are in a perimeter network zone?

Answer 6

Web servers, application servers, ftp servers, mail servers

Question 7

How is a perimeter network (DMZ) typically configured?

Answer 7

As a secured boundary between the internet and a private network with two firewalls placed on each side of the perimeter network zone

Question 8

What is the purpose of an edge firewall in perimeter network/DMZ?

Answer 8

To restrict traffic on the external/public interface and allows permitted traffic to the hosts in the perimeter network zone

Question 9

What is the purpose of a choke firewall/point in a perimeter network?

Answer 9

Servers as an internal firewall to filter communications between hosts in the perimeter network and hosts in the LAN network

Question 10

Define a screened network/Triple Homed Firewall

Answer 10

A network containing one firewall with three network network interaces - one to the internet, one to the DMZ, and another to the LAN

Question 11

What is the purpose of a firewall?

Answer 11

Software or hardware device that processes traffic according to set rules

Question 12

Define a packet filtering firewall

Answer 12

Earliest type of firewall that is configured with rules in an ACL, packets are processed by filters to determine if they match defined rules and carry out the action associated with the rule

Question 13

What are the rules a packet filtering firewall can use to filter traffic?

Answer 13

1. Action - Accept/Deny/Drop
2. Protocol type, routing protocols
3. Port filtering

Question 14

At what layer of the OSI model does a packet filtering firewall operate?

Answer 14

Layer 3 (Network layer)

Question 15

What does is it mean that a packet filtering firewall is stateless?

Answer 15

Meaning that it does not preserve information about the connection between two hosts with no record of previously processed packets

Question 16

Define a stateful inspection firewall

Answer 16

A firewall that maintains stateful information about the session established between two hosts

Question 17

At what layer of the OSI model does a stateful inspection firewall operate?

Answer 17

Session layer - layer 5

Question 18

How does a stateful inspection firewall process packets?

Answer 18

When a packet arrives, the firewall checks to confirm whether it belongs to an existing connection, if not, the firewall will apply ordinary filtering rules to determine whether to allow it

Question 19

Define a proxy server

Answer 19

A system or router that provides a gateway between users and another server to filter and often modify communications

Question 20

What is a forward proxy server?

Answer 20

A proxy server for accepting connections from clients on a private network and forwarding those requests to the public internet

Question 21

What is a non-transparent proxy server?

Answer 21

A proxy server whose clients must be configured with the proxy server address and the port number to use, typically TCP port 8080

Question 22

What is a transparent proxy server?

Answer 22

Proxy server that intercepts client traffic without the clients having to be configured for proxy, and is implemented on a switch/router

Question 23

What is a reverse proxy server?

Answer 23

A proxy server for receiving connections from public interfaces and routing them to internal clients

Question 24

Define Network Address Translation (NAT)

Answer 24

Routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally using an internet facing device

Question 25

What is use of dynamic network address translation (NAT)?

Answer 25

Allows for less static 1:1 NAT mappings by using a pool of public IP address that maps to internal IP addresses

Question 26

How does dynamic NAT operate?

Answer 26

The NAT service builds a table of public to private address mappings, new sessions creates a new pubic-private address binding in the table, when the session ends, the binding is released for use by another host

Question 27

Define Port Address Translation (PAT)

Answer 27

Maps private host IP addresses onto a single public IP address and each host is tracked by assigning it a random high TCP port internally and applies the same port to the external connection

Question 28

Define “defense in depth”

Answer 28

Security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack’s progress so all access attempts are authenticated, authorized, and audited

Question 29

Define Network Access Control (NAC)

Answer 29

Term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level

Question 30

What systems/protocols make up Network Access Control (NAC)?

Answer 30

EAP, AAA, 802.1X port security

Question 31

Define a honeypot

Answer 31

A sacrificial computer system that’s intended to attract cyberattacks, like a decoy. uses their intrusion attempts to gain information about cybercriminals and cyberattacks

Question 32

Define an Intrusion Detection System (IDS)

Answer 32

Security appliance or software that uses passive hardware sensors for real-time traffic monitoring on a specific segment of the network

Question 33

How does an IDS function?

Answer 33

Uses a sniffer to read frames from a mirrored port and compares them against signature patterns and if a pattern is matched the IDS will alert

Question 34

Where is an IDS positioned in a network?

Answer 34

Positioned behind a firewall to detect suspicious traffic that the firewall didn’t block as a form of defense in depth

Question 35

Define an Intrusion Prevention System (IPS)

Answer 35

Security appliance or software that combines detection capabilities with functions that can actively block attacks

Question 36

What is a reverse proxy server?

Answer 36

A proxy server for receiving connections from public interfaces and routing them to internal clients

Question 37

Where is an IPS positioned in a network?

Answer 37

Typically built into firewall appliances, they are in-line with the networking meaning all traffic passes through it

Question 38

What are basic reasons for DHCP failure?

Answer 38

1. DHCP server is offline
2. No more addresses available in scope
3. Router doesn’t support specific DHCP protocol

Question 39

What is a rouge DHCP server?

Answer 39

An extra DHCP server serving the same scope as the primary, causing clients to potentially obtain the wrong IP configuration