Secure network designs part 2 Flashcards
What is a proxy server?
A proxy server sits between the users and the external network.
It receives the users requests and sends the requests on their behalf.
It then receives the response on their behalf, usually performs a security check, and then if everything looks good it sends it back through to the original requester.
These are useful for caching information, access control, URL filtering, and content scanning.
What is the difference between an explicit proxy connection and a transparent proxy communication?
In an explicit proxy communication you may need to tell an application exactly how to use the proxy (the ip, port, etc). And the user will know their traffic is being proxied.
In a transparent proxy the end users will have no idea that their connection is being pro
Which OSI layer do proxies usually exist at?
Application layer.
The proxy understands the way the application works.
A proxy may only know one application, for example HTTP.
Many proxies are multipurpose proxies though and could understand HTTP,HTTPS,FTP,etc.
What is the difference between a forward proxy and a reverse proxy?
A forward proxy (“internal proxy”) is commonly used to protect and control user access to the internet. It exists for your internal users.
A reverse proxy exists on the other end of this equation where it stands between users from the external network and your internal network. For example this would be good to place between the internet and your web server. Users from the internet will only be communicating with your proxy and not directly with your web server.
What is an Open proxy?
This is often used to circumvent existing security controls.
This is a third party proxy that exists on the internet, in the middle of your network and the external resource you are trying to access. Not local to either side.
This is really not preferred for any serious organization and is really primarily used to get around security controls, and also is inherently insecure because you don’t know what this third party is doing to your data along the way.
How would an out of band IPS be able to respond to malicious traffic and help stop malicious traffic?
All traffic would be forwarded to an IPS from a switch, if the IPS sees anything malicious, it would send TCP RST(reset) frames, after the fact. It would not stop the first packet from getting through, but it would stop all subsequent information from getting through from that same flow.
This would not be possible for UDP.
What would an in-band IPS set up look like?
All traffic is sent through the IPS on its way through the network.
It is able to drop malicious packets in real time and they will not proceed through the network.
What is a jump server?
A jump server is a private device on the inside of a network that you can use to allow access to secure network zones.
“jump box”
It provides an access mechanism to a protected network.
This would be a highly secured device that has been hardened with strict rules.
You would use ssh/rdp/tunnel/vpn to jump to the device, and then from there be able to jump to the other very secure devices on the inside of that network.
It is very important to keep the jump server incredibly secure because if the jump server were compromised they would have access to many very important devices.
What is an HSM? (hardware security module)
These devices are devices that are specifically designed to help you manage and control a large number of keys and certificates.
Usually in large environments.
This is usually a device that needs to always be online so there is usually many sources of redundancy here and many different power supplies on these devices.
Inside they usually have specialized hardware for cryptography.
Many environments will use this device as a cryptographic accelerator so that they can offload the CPU overhead from other devices onto this one device.
