Lesson 4: Identifying Infrastructure Services Flashcards
What are considered edge services?
Edge services generally describe devices that are directly accessible from the Internet and provide access to internal services.
Which network devices constitute the 1st line of defense (1stLOD)?
Edge devices
What is a firewall?
A firewall provides a foundational level of protection for any network by blocking or allowing traffic based on a set of pre-configured rules.
How do firewalls filter traffic?
To filter traffic, firewall rules are crafted to inspect traffic protocols, IP addresses, and ports.
What are routers used for?
Routers forward traffic between subnets by inspecting IP addresses.
What are the 2 primary functions of a load balancer?
Load balancers are used:
1) To distribute traffic among one of many web servers to handle high-volume workloads better.
2) For fault tolerance, whereby the load balancer can determine if a particular web server in a group is inoperable so that traffic can be re-directed automatically to a different server, avoiding an outage.
What controls can be put in place for a DDoS attack?
Rate Limiting - can reduce the amount of throughput available to the server or service being attacked.
Web Application Firewall (WAF) - provides adequate protection of web applications by inspecting traffic for signs of malicious activity through sophisticated rules designed to identify attacks such as CSRF, XSS, SQLi, and many others, preventing these attacks from reaching the target.
Blackhole routing - is not an ideal solution, but it essentially takes all the traffic intended for an endpoint and drops it.
Cloud service providers - provide DDoS protection as a service, and using this approach requires updating DNS to point traffic to the service provider for it to be inspected before it reaches the intended service.
DDoS Mitigation Software/Appliance - provides special-purpose devices and software designed to identify and protect against this attack.
