Lesson 14: Supporting and Troubleshooting Secure Networks Flashcards
Define network segmentation enforcement
Enforcing a security zone by separating a segment of the network from access by the rest of the network
How is network segmentation enforcement performed?
Using firewalls, VPNs, and VLANs to separate broadcast domains
What is a (security) zone?
A zone is an area of the network where the security configuration is the same for all hosts within it
Define an internet-facing host
A host that accepts inbound connections from the internet
Define a perimeter network zone
An area of a network that traffic can’t pass through directly enabling external clients access to data on private systems (DMZ)
What types of servers are in a perimeter network zone?
Web servers, application servers, ftp servers, mail servers
How is a perimeter network (DMZ) typically configured?
As a secured boundary between the internet and a private network with two firewalls placed on each side of the perimeter network zone
What is the purpose of an edge firewall in perimeter network/DMZ?
To restrict traffic on the external/public interface and allows permitted traffic to the hosts in the perimeter network zone
What is the purpose of a choke firewall/point in a perimeter network?
Servers as an internal firewall to filter communications between hosts in the perimeter network and hosts in the LAN network
Define a screened network/Triple Homed Firewall
A network containing one firewall with three network network interaces - one to the internet, one to the DMZ, and another to the LAN
What is the purpose of a firewall?
Software or hardware device that processes traffic according to set rules
Define a packet filtering firewall
Earliest type of firewall that is configured with rules in an ACL, packets are processed by filters to determine if they match defined rules and carry out the action associated with the rule
What are the rules a packet filtering firewall can use to filter traffic?
- Action - Accept/Deny/Drop
- Protocol type, routing protocols
- Port filtering
At what layer of the OSI model does a packet filtering firewall operate?
Layer 3 (Network layer)
What does is it mean that a packet filtering firewall is stateless?
Meaning that it does not preserve information about the connection between two hosts with no record of previously processed packets
Define a stateful inspection firewall
A firewall that maintains stateful information about the session established between two hosts
At what layer of the OSI model does a stateful inspection firewall operate?
Session layer - layer 5
How does a stateful inspection firewall process packets?
When a packet arrives, the firewall checks to confirm whether it belongs to an existing connection, if not, the firewall will apply ordinary filtering rules to determine whether to allow it
Define a proxy server
A system or router that provides a gateway between users and another server to filter and often modify communications
What is a forward proxy server?
A proxy server for accepting connections from clients on a private network and forwarding those requests to the public internet
What is a non-transparent proxy server?
A proxy server whose clients must be configured with the proxy server address and the port number to use, typically TCP port 8080
What is a transparent proxy server?
Proxy server that intercepts client traffic without the clients having to be configured for proxy, and is implemented on a switch/router
What is a reverse proxy server?
A proxy server for receiving connections from public interfaces and routing them to internal clients
Define Network Address Translation (NAT)
Routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally using an internet facing device
What is use of dynamic network address translation (NAT)?
Allows for less static 1:1 NAT mappings by using a pool of public IP address that maps to internal IP addresses
How does dynamic NAT operate?
The NAT service builds a table of public to private address mappings, new sessions creates a new pubic-private address binding in the table, when the session ends, the binding is released for use by another host
Define Port Address Translation (PAT)
Maps private host IP addresses onto a single public IP address and each host is tracked by assigning it a random high TCP port internally and applies the same port to the external connection
Define “defense in depth”
Security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack’s progress so all access attempts are authenticated, authorized, and audited
Define Network Access Control (NAC)
Term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level
What systems/protocols make up Network Access Control (NAC)?
EAP, AAA, 802.1X port security
Define a honeypot
A sacrificial computer system that’s intended to attract cyberattacks, like a decoy. uses their intrusion attempts to gain information about cybercriminals and cyberattacks
Define an Intrusion Detection System (IDS)
Security appliance or software that uses passive hardware sensors for real-time traffic monitoring on a specific segment of the network
How does an IDS function?
Uses a sniffer to read frames from a mirrored port and compares them against signature patterns and if a pattern is matched the IDS will alert
Where is an IDS positioned in a network?
Positioned behind a firewall to detect suspicious traffic that the firewall didn’t block as a form of defense in depth
Define an Intrusion Prevention System (IPS)
Security appliance or software that combines detection capabilities with functions that can actively block attacks
What is a reverse proxy server?
A proxy server for receiving connections from public interfaces and routing them to internal clients
Where is an IPS positioned in a network?
Typically built into firewall appliances, they are in-line with the networking meaning all traffic passes through it
What are basic reasons for DHCP failure?
- DHCP server is offline
- No more addresses available in scope
- Router doesn’t support specific DHCP protocol
What is a rouge DHCP server?
An extra DHCP server serving the same scope as the primary, causing clients to potentially obtain the wrong IP configuration