Section 1.1

Question 1

A device that can filter incoming and outgoing traffic.

Answer 1

Firewall

Question 2

Router

Answer 2

A device that connects multiple network segments into one.

Uses ACL (rules) to manage traffic between network segments.

A layer 3 device.

Question 3

Switches

Answer 3

A device used to connect computers together and learns which device is attached to which port.

A layer 2 device, some can also operate on layer three.

Used to create VLANs.

Question 4

Load Balancer

Answer 4

A system that distribute traffic between multiple servers that provide the same service.

Provides increased availability of server services.

Question 5

What is a proxy server?

Answer 5

Proxy servers request services (ie HTTP, FTP, etc) on behalf of clients on a network.

They are capable of caching data to improve network performance by storing commonly requested data and supply it to clients when requested.

A proxy server is also capable of performing URL filtering, denying access to sites that are not authorized on the network.

Question 6

Web security gateway

Answer 6

A type of UTM detects malicious software coming in as email attachments, as code embedded in websites, and spam.

Question 7

VPN Concentrators

Answer 7

A server dedicated to VPN connections.

Deployed by large organizations.

Has strong encryption and authentication techniques, and can has support for a large number of clients.

Question 8

Protocol Analyser

Answer 8

Used to gather packets that are passed on a network.

Gathered packets can be analysed to see packet header information and packet payload.

This can be used to either detect malicious activities over the network, or it can be used by an attacker to gather information about the network and any information passed as cleartext.

Use is called Packet Sniffing.

Question 9

Span Filter

Answer 9

Performed by either the email server or a UTM solution.

This helps prevent sending large amounts of junk data, the servers storing garbage data, and help prevents emails malicious scripts coming through.

Question 10

What is a Web Application Firewall (WAF)?

Answer 10

A firewall designed to protect web applications.

Normally hosted on the web server.

Not to be used in place of a network based firewall since it only protects the web application and not the rest of the network.

Is an example of an Application level fire wall.

Question 11

What is the main difference between IPS and IDS

Answer 11

An IPS is always placed in-line with the traffic so that it can prevent the attack from reaching the network.

Question 12

What is the difference between Active and Passive IDS

Answer 12

While both log and can notify personnel of alerts active systems will take actions to change the environment.

Question 13

What is IDS?
What are the two types?
What methods can it use to detect attacks?

Answer 13

Intrusion Detection System

Host-based (installed on a single host)
Network-based (installed on a router or firewall)

Signature Based (a.k.a. Definition-based)
Anomaly Based (a.k.a. Behaviour based or Heuristic based)

Question 14

How does signature based detection work?

Answer 14

Detects attacks based on known attack patterns.

Question 15

How does anomaly detection work?

Answer 15

Detects attacks by comparing activity against a baseline.

Question 16

What is a Honeypot?

Answer 16

A single host that is designed to be vulnerable to in order to draw attacks away from production systems, and should not hold any data that is deemed too sensitive.

Are used to gather information on attackers.

They should not be left completely vulnerable or else attackers might become aware to the deception.

Honeynets are the same thing, but for an entire network.

Question 17

List 3 methods of securing a Switch

Answer 17

Disable unused ports
Implement MAC filtering
Implement 802.1x
Physically block access to the switch

Question 18

What is MAC Filtering?

Answer 18

Assigning a specific MAC address to a port, or having the switch learn the MAC address of the first or second device connected to it; not allowing any other device to connect to the port.

Question 19

What is 802.1x?

Answer 19

An authentication protocol that uses either a RADIUS or Diameter Server.

Clients must be authenticated by the server prior to being granted access to the network.

Can be implemented in either a wired or wireless network.

Question 20

What is NAT?

Answer 20

Network Address Translation

Translates Public IP address to private IPs, and private IPs to public ones.

Used on internet facing devices

Question 21

What is PAT?

Answer 21

Port Address Translation

Question 22

What is a reverse proxy server?

Answer 22

A reverse proxy server acts in the opposite manner of a proxy server in that request come in from out side the network. The reverse proxy request the data from the servers on the network, and then it provides the data to the requesting client.

This provides an extra layer of protection for the internal servers.

Question 23

What is a UTM?

Answer 23

Universal Threat Management

Can provide:

• -URL Filtering
• -Malware Inspection
• -Content Inspection