Module 4 / Unit 4 Network Security Appliances Flashcards
On completion of this unit, you will be able to: □ Deploy and configure a firewall and troubleshoot security issues using tools such as iptables. □ Understand the uses for advanced security devices, such as IDS, UTM, and NGFW. □ Understand different types of DDoS attacks.
What parameters can a layer 3 firewall ruleset use?
IP source and destination address, protocol type, and port number.
What is the default rule on a firewall?
Deny anything not permitted by the preceding rules.
hat OSI layer does an NGFW work at and why?
OSI layer 7 (application) because the Next Generation FireWall (NGFW) is configured with application-specific filters that can parse the contents of protocols such as HTTP, SMTP, or FTP.
What type of software would you use to protect a web server against applicationlevel attacks?
Host-based or application-based firewall / intrusion protection system.
Using iptables, in which chain would you create rules to block all outgoing traffic not meeting certain exceptions?
OUTPUT chain.
You are troubleshooting a connectivity problem with a network application server. Certain clients cannot connect to the service port. How could you rule out a network or remote client host firewall as the cause of the problem?
Connect to or scan the service port from the same segment with no host firewall running.
Other than attempting to block access to sites based on content, what other security options might be offered by internet content filters?
Blocking access based on time of day or total usage.
Why would you deploy a reverse proxy?
To publish a web application without exposing the servers on the internal network to the Internet.
What sort of maintenance must be performed on signature-based monitoring software?
Definition / signature updates.
Why are most network DoS attacks distributed?
Most attacks depend on overwhelming the victim. This typically requires a large number of hosts.
