Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITS > M9: Firewalls and tunnels, security architecture - C10 > Flashcards

M9: Firewalls and tunnels, security architecture - C10 Flashcards

1
Q

What is a Firewall?

M9: Firewalls and tunnels, security architecture - C10

A

A gateway providing access control and filtering. Thus it can allow, deny or modify any package in either direction through it.

Relates to Complete-Mediation(P4) and Isolated-Compartments(P5)

P. 282

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an Encrypted Tunnel?

M9: Firewalls and tunnels, security architecture - C10

A

Is an encrypted persistet connection between two networks and/or hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Virtual Private Network?

M9: Firewalls and tunnels, security architecture - C10

A

Is a private network established over the network. It is maintained by secure communication channels and authentications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Perimeter-based Defenses?

M9: Firewalls and tunnels, security architecture - C10

A

Defenses focused on the edge of the network, such as Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why filter inbound packages?

M9: Firewalls and tunnels, security architecture - C10

A

Filtering inbound packages protects the internal network from the outside forces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why filter outbound packages?

M9: Firewalls and tunnels, security architecture - C10

A

To both limit exposed functionality and detect/monitor unauthorized transfers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a package filter Firewall?

M9: Firewalls and tunnels, security architecture - C10

A

Also called a Screening Router, it filters packages based on the header information in particular source IP. It often acts as a first line of defence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the Actions a Package Filter Firewall can take?

M9: Firewalls and tunnels, security architecture - C10

A

The primary actions on any given package are
* Allow - allow
* Drop - silently drop
* Reject - drop and inform source
Additionally we may log information about the package.

intelligent pack filtering may involvde content based rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Stateless package filter?

M9: Firewalls and tunnels, security architecture - C10

A

A firewall where each package is examined Individually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Stateful package filter?

M9: Firewalls and tunnels, security architecture - C10

A

A firewall which stores data about prior packets to inform decisions about future packets. It investigates the flow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Dynamic package filter?

M9: Firewalls and tunnels, security architecture - C10

A

An adaptive statefull package filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why should the firewall use allow listing rather than deny listing?

M9: Firewalls and tunnels, security architecture - C10

A

P2(Safe Defaults) - motivates that we deny-by-default. Alternatively we would need to enumerate all the baddies and exploits in our deny-list to achieve the same safety, which is impossible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the connection between Firewall and Security Policy?

M9: Firewalls and tunnels, security architecture - C10

A

In a sense the Firewall instantiates the network security policy through its rule set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the recognized limitations of Firewalls

A

Limitations include
* Topological - is there truly a perimeter?
* Malicious insiders - user/hosts within network may be compromised
* Bad connections - users may inadvertently make visit infected sites
* Tunneling - Filtering based on port number, can be circumvented
* Encrypted Content - Package inspection may be defeated by encrypted content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Proxy firewall?

M9: Firewalls and tunnels, security architecture - C10

A

Like any proxy it sits between the internal and external network. Ideally all trafic is routed through the proxy, without any knowledge of or impact on the end hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Circuit-level proxy?

M9: Firewalls and tunnels, security architecture - C10

A

Facilitates internal and external hosts connecting, seemingly to eachother, but in reality to and through the proxy. This way only allowed connections can be made.

17
Q

What is an Application-level filter?

M9: Firewalls and tunnels, security architecture - C10

A

Uses specialized programs for pre-determined applications with deep understanding of protocols to examine and possibly ammend packages.

P. 290

18
Q

What are Proxy Firewall Requirements?

M9: Firewalls and tunnels, security architecture - C10

A
  • Transparency - users experience is unchanged
  • Performance - Performance is not degredaded
19
Q

What are the Limitations of Application-Level Filters

M9: Firewalls and tunnels, security architecture - C10

A

They require highly specialized programs often implemented in hardware to reduce performance impacts. Thus limited in range to only the most used and most critical of protocols.

20
Q

What is a Bastion Host

M9: Firewalls and tunnels, security architecture - C10

A

It is a harded host exposed to the internet on one side and the internal network on the other

21
Q

How can Firewalls provide Defense-in-Depth(P13)

M9: Firewalls and tunnels, security architecture - C10

A

By using internal Firewalls we can frustrate attackers who have gained initial access

22
Q

What are the components of a comprehensive Firewall architecture?

M9: Firewalls and tunnels, security architecture - C10

A

An outer layer using a perimeter network - DMZ.
It consists of a Bastion host between two Screening Routers (package filters). The routers filter inbound and outbound packages and the Bastion provides more screening such as Application-level filtering

23
Q

What is a WAF?

Web Application Filter

M9: Firewalls and tunnels, security architecture - C10

A

An application filter firewall, targeting HTTP and HTTPS

24
Q

What is a DMZ?

Demilitarized Zone

M9: Firewalls and tunnels, security architecture - C10

A

Contains our servers in a separately secured environment

25
Q

What is NAT?

Network Address Translation

M9: Firewalls and tunnels, security architecture - C10

A

Translates from external IP addresses to internal IP addresses. This can have incidental or secundary security benefits in that if there is no mapping there is no way to connect.

26
Q

Why would we want to limit outgoing pings?

M9: Firewalls and tunnels, security architecture - C10

A

Outgoing pings can be used to
* Map the internal network
* Can be used to ping a Command and Control server

27
Q

What security principles should we practice with out perimeter defense?

M9: Firewalls and tunnels, security architecture - C10

A
  • Defence in Depth
  • No Single Point of Failure
  • Segmentation
  • Deny by Default
28
Q

Where to encrypt?

M9: Firewalls and tunnels, security architecture - C10

A

“Depends”
Internet layer with IPSec
Transport layer with TLS
Application layer.

29
Q

Transport mode vs Tunnel mode?

M9: Firewalls and tunnels, security architecture - C10

A

Transport mode encrypts end to end.
Tunnel encrypts network to network.
There are security tradeoff between them.

30
Q

Why dont we aways use Tunnel Mode?

M9: Firewalls and tunnels, security architecture - C10

A
  • Difficult - Difficult to setup and keep running with rapidly changing internel infrastructure
  • Inspection - internally encrypted data makes surveilance difficult
31
Q

Why use advanced servers?

Advanced as in placed further forward

M9: Firewalls and tunnels, security architecture - C10

A

They allow us to segregate critical data from exposed data.

32
Q

Why are Perimeter Defences less applicable now?

M9: Firewalls and tunnels, security architecture - C10

A

There is less and less a clear cut perimeter, and trusting hosts on the network is outdated.

33
Q

What is Zero-Trust?

M9: Firewalls and tunnels, security architecture - C10

A

A new paradigm in security, where we assume that everyone/everything is compromised.

34
Q

What is OT?

Operational Technology

M9: Firewalls and tunnels, security architecture - C10

A

Runs all the physical stuff like machines.

35
Q

What is the purdue model?

M9: Firewalls and tunnels, security architecture - C10

A

A layered security model between IT systems and OT systems.

36
Q

Why are OT systems not always updated?

M9: Firewalls and tunnels, security architecture - C10

A
  • Often the money maker of the company.
  • If it aint broke
  • Often manual process

ITS (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions