Security Appliances

Question 1

Network Segmentation Enforcement

Answer 1

• Dividing network into clear areas for placement of security appliances
• Applied at layers 2 and 3 with use of VLANS and subnets
• Each segment is a separate broadcast domain
• All traffic between them must be routed

Question 2

Security Zone

Answer 2

• Area of a network where the security configuration is the same for all hosts
• Traffic between zones should be controlled by firewall

Question 3

Perimeter network Zone

Answer 3

• Contains internet-facing hosts (that accepts inbound connections from the internet)
• Traffic cannot pass through it directly
• Allows external clients access to data

Question 4

Proxy server

Answer 4

• Host in perimeter zone configured to communicate to internal network
• If a host on local network require connection with internet, proxy in perimeter zone takes request and retransmits it if valid
• External hosts have idea what is behind perimeter

Question 5

Bastion Hosts

Answer 5

• Hosts in the perimeter zone
• Typically web, mail, proxy and remote access servers
• Not fully trusted by internal network

Question 6

Screened Subnet

Answer 6

• Uses two firewalls placed on either side of the perimeter network zone
• Edge firewall interacts with public interface
• Internal (choke) firewall filters communication between hosts in perimeter and LAN

Question 7

Firewall

Answer 7

• Processes traffic according to rules

- Blocks traffic that does not conform

Question 8

Packet Filtering Firewal

Answer 8

• Earliest type of firewall
• Configured with rules in ACL (Access Control List)
• Defines data packet type and what to do with it.
• Works at layer 3 and scans headers of IP packets
• Can make decisions based on source/destination IP, Protocol or source or destination port
• Stateless, does not preserve information about connection between hosts
• Vulnerable to attacks spread over packets

Question 9

Stateful Inspection Firewall

Answer 9

• Addresses problems of security and traffic flow from packet filtering FWs
• Maintains stateful information about the session established
• Info on sessions is stored on state table
• Operates at Level 5
• Checks each packet to see if it belongs to existing session

Question 10

Appliance Firewall

Answer 10

• Stand-alone firewall that performs only firewall functions
• Monitors all traffic in and out of network segment
• Can be implemented as layer 2 or virtual wire (transparent)

Question 11

Router Firewall

Answer 11

• Functionality built into router firmware

- Used by SOHO routers

Question 12

Proxy Server

Answer 12

• Forwards requests and responses on behalf of client
• Deconstructs and analyzes packets before forwarding them
• Placed in the perimeter network

Question 13

Forward Proxy

Answer 13

• Provides for protocol-specific outbound traffic
• must understand application it is serving
• Usually contain caching engines as well to negate the need to refetch pages

Question 14

Transparent vs nontransparent proxy servers

Answer 14

• Nontransparent: the client must be configured with proxy server address and port number
• Often port 8080
• Transparent intercepts traffic without having the client to be configured
• must be configured inline on switch or router

Question 15

Reverse proxy

Answer 15

• Provides for protocol specific in bound traffic
• Often used for messaging or Voip servers which should not be in perimeter network
• Publishing web server, message or conferencing applications and enabling pop/Imap retrieval

Question 16

NAT

Answer 16

Network Address Translation

• Translates private addressing scheme used by LAN and public addressing scheme used by internet-facing device
• Configured on border device
• not a security tool
• Supports multiple connections, but is limited by the number of public IP addresses

Question 17

PAT

Answer 17

Port Address Translation

• AKA Network Address Port Translation
• Allocates each new connection an ephemeral TCP or UDP port
• Allows multiple connections on the same external IPs

Question 18

Defense in Depth

Answer 18

• Placing security controls throughout the network

- Examples are NAC, honeypots, separation of duties and intrusion detection

Question 19

NAC

Answer 19

• Authenticates endpoints at the point they connect to network.
• Uses 802.1x port security, EAP, and AAA model of supplicants
• Enables devices to be authenticated when they connect to the network
• Authentication is done by certificates or passwords or health policy, which requires up to date security on the device

Question 20

Honeypot

Answer 20

• System set up to attract attackers
• Honeynet is entire decoy network.
• Provides early warning and information on attacks

Question 21

Separation of Duties

Answer 21

• Dividing duties and responsibilities between individuals to prevent conflicts or abuses

Question 22

IDS

Answer 22

Intrusion Detection System

• Performs real-time analysis of traffic and logs
• Configured with signature patterns
• Requires sniffer to read frames
• Does not slow down network or take actions again attackers

Question 23

IPS

Answer 23

Intrusion Prevention System

• Provides active response to threats that match
• Ends sessions with reset packets
• Applies temporary filters or blocks
• Commonly built into firewalls and proxy servers

Question 24

Triple Homed Router

Answer 24

• Perimeter network configuration
• 3 network interfaces
• One faces public, one is perimeter subnet and one connects to LAN
• Routing and filtering rules determine what filtering is allowed between interfaces
• Can achieve similar configuration to screened subnet