Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

NetSec > Module 9 > Flashcards

Module 9 Flashcards

1
Q

A ___ is a system, or group of systems, that enforces an access control policy between networks.

A

firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

All firewalls share some common properties:

A

Firewalls are resistant to network attacks.

Firewalls are the only transit point between internal corporate networks and external networks because all traffic flows through the firewall.

Firewalls enforce the access control policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

There are several benefits of using a firewall in a network:

A

They prevent the exposure of sensitive hosts, resources, and applications to untrusted users.

They sanitize protocol flow, which prevents the exploitation of protocol flaws.

They block malicious data from servers and clients.

They reduce security management complexity by off-loading most of the network access control to a few firewalls in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Firewalls also have some limitations:

A

A misconfigured firewall can have serious consequences for the network, such as becoming a single point of failure.

The data from many applications cannot be passed over firewalls securely.

Users might proactively search for ways around the firewall to receive blocked material, which exposes the network to potential attack.

Network performance can slow down.

Unauthorized traffic can be tunneled or hidden as legitimate traffic through the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Types of Firewall

A

Packet Filtering (Stateless) Firewall

Stateful Firewall

Application Gateway Firewall

Next Generation Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Other methods of implementing firewalls include:

A

Host-based (server and personal) firewall - A PC or server with firewall software running on it.

Transparent firewall - Filters IP traffic between a pair of bridged interfaces.

Hybrid firewall - A combination of the various firewall types. For example, an application inspection firewall combines a stateful firewall with an application gateway firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An ____ filters information at Layers 3, 4, 5, and 7 of the OSI reference model.

A

application gateway firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A _____ is a combination of the various firewall types.

A

hybrid firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A _____ is part of a router firewall that permits or denies traffic based on Layer 3 and Layer 4 information.

A

packet filtering firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

_____ is a PC or server with firewall software running on it.

A

Host-based firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A _____ filters IP traffic between a pair of bridged interfaces.

A

transparent firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

There are several advantages of using a packet filtering firewall:

A

Packet filters implement simple permit or deny rule sets.

Packet filters have a low impact on network performance.

Packet filters are easy to implement, and are supported by most routers.

Packet filters provide an initial degree of security at the network layer.

Packet filters perform almost all the tasks of a high-end firewall at a much lower cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

There are several disadvantages of using a packet filtering firewall:

A

Packet filters are susceptible to IP spoofing. Threat actors can send arbitrary packets that meet ACL criteria and pass through the filter.

Packet filters do not reliably filter fragmented packets. Because fragmented IP packets carry the TCP header in the first fragment and packet filters filter on TCP header information, all fragments after the first fragment are passed unconditionally. Decisions to use packet filters assume that the filter of the first fragment accurately enforces the policy.

Packet filters use complex ACLs, which can be difficult to implement and maintain.

Packet filters cannot dynamically filter certain services. For example, sessions that use dynamic port negotiations are difficult to filter without opening access to a whole range of ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

There are several benefits to using a stateful firewall in a network:

A

Stateful firewalls are often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic.

Stateful firewalls strengthen packet filtering by providing more stringent control over security.

Stateful firewalls improve performance over packet filters or proxy servers.

Stateful firewalls defend against spoofing and DoS attacks by determining whether packets belong to an existing connection or are from an unauthorized source.

Stateful firewalls provide more log information than a packet filtering firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Stateful firewalls also present some limitations:

A

Stateful firewalls cannot prevent application layer attacks because they do not examine the actual contents of the HTTP connection.

Not all protocols are stateful. For example, UDP and ICMP do not generate connection information for a state table, and, therefore, do not garner as much support for filtering.

It is difficult to track connections that use dynamic port negotiation. Some applications open multiple connections. This requires a whole new range of ports that must be opened to allow this second connection.

Stateful firewalls do not support user authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Benefits

A

Primary means of defense

Strong packet filtering

Improved performance over packet filters

Defends against spoofing and DoS attacks

Richer data log

17
Q

Limitations

A

No Application Layer inspection

Limited tracking of stateless protocols

Difficult to defend against dynamic port negotiation

No authentication support

18
Q

Common Security Architectures / Common Firewall Designs

A

Private and Public

Demilitarized Zone

Zone-Based Policy Firewalls

19
Q

Considerations for Layered Network Defense

A

Network Core security - Protects against malicious software and traffic anomalies, enforces network policies, and ensures survivability
Perimeter security - Secures boundaries between zones
Communications security - Provides information assurance
Endpoint security - Provides identity and device security policy compliance

20
Q

A ____ typically has one inside interface, one outside interface, and one DMZ interface.

A

demilitarized firewall design

21
Q

In a ____, security measures are taken at the network core, perimeter, endpoints, and other communication security points.

A

layered network defense

22
Q

The public internet is considered _____. Internal networks are generally considered to be _____; however additional security may be required to protect them from threats. In a ZPF, traffic that travels within zones is generally considered as trusted.

A

untrusted ; trusted

23
Q

____ groups interfaces into zones that have similar functions or features.

A

ZPF

24
Q

What is one benefit of using a next-generation firewall rather than a stateful firewall?

A

Stateful firewalls and next-generation firewalls provide better log information than a packet filtering firewall, both defend against spoofing, and both filter unwanted traffic. Next-generation firewalls provide the following benefits over stateful firewalls:

Granularity control within application​s
Website and application traffic filtering based on site reputation
Proactive rather than reactive protection from Internet threats
Enforcement of security policies based on multiple criteria including user, device, role, application, and threat profile
Improved performance with NAT, VPN, and stateful inspections
Integrated IPS

24
Q

_____ to limit access to endpoints. _____ to firewall devices to prevent tampering unauthorized access to configuration ports.

A

Disable unnecessary network services ; Strictly control physical access

25
Q

Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)

A

A stateful firewall provides filtering at the network layer, but also analyzes traffic at OSI Layer 4 and Layer 5.

26
Q

Which type of firewall is supported by most routers and is the easiest to implement?

A

A packet filtering firewall uses a simple policy table look-up that filters traffic based on specific criteria and is considered the easiest firewall to implement.

27
Q

Which statement is a characteristic of a packet filtering firewall?

A

Packet filtering firewalls have a low impact on network performance. They are stateless, examining each packet individually and they do not filter fragmented packets well.

28
Q

Which type of firewall generally has a low impact on network performance?

A

A stateless firewall uses a simple policy table look-up that filters traffic based on specific criteria and causes minimal impact on network performance.

28
Q

What are two characteristics of an application gateway firewall? (Choose two.)

A
28
Q

Which type of traffic is usually blocked when implementing a demilitarized zone?

A

A firewall will usually block traffic that is originating from the DMZ network and traveling to the private network. If traffic originated from the private network and the DMZ is sending returning traffic to the private network, then it will be allowed.

29
Q

Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?

A

A packet filtering firewall uses a simple policy table look-up that filters traffic based on specific criteria. These firewalls are usually part of a router firewall. They permit or deny traffic based on Layer 3 and Layer 4 information.

30
Q

How does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?

A

A firewall will usually block traffic that is originating from the DMZ network and traveling to the private network. If traffic originated from the private network and the DMZ is sending returning traffic to the private network, then it will be allowed.

31
Q

Which two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)

A

Connectionless protocols, such as ICMP and UDP, are not stateful and do not generate connection information for a state table.

32
Q

What are two benefits of implementing a firewall in a network? (Choose two.)

A

There are several benefits of using a firewall in a network:
It prevents the exposure of sensitive hosts, resources, and applications to untrusted users.
It sanitizes protocol flow, which prevents the exploitation of protocol flaws.
It blocks malicious data from servers and clients.
It reduces security management complexity by off-loading most of the network access control to a few firewalls in the network.

33
Q

When implementing a ZPF, which statement describes a zone?

A

When implementing a zone-based policy firewall (ZPF), a zone is a group of one or more interfaces that have similar functions or features.

34
Q
A

NetSec (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions