Security Architecture 3

Question 1

What is Device Placement?

Answer 1

Describes the network infrastructure of an organization
* Depending on individual needs
* Firewalls, Honeypots, jump server, load balancer

Question 2

What are Security Zones?

Answer 2

Structuring the network design based on different zones
* Trusted / Untrusted
* Internal / External

Question 3

What is Connectivity and how can it be securely achieved?

Answer 3

Describes an organizations connection to the internet

Achieved by:
* Secure network cabelling
* Application Level Encrypption
* Network Level Encryption: IPsec tunnels, VPN

Question 4

What are failure modes?

Answer 4

If security fails Device fails, how should it behave?
Fail-Closed
* Block all traffic passing
Fail-Open
* Allow all traffic

Question 5

Name device attributes

Answer 5

Active / Passive
* Does device needs power or not

Inline
* Network traffic passes through security device that actively inspects and takes actions based on defined rules

Tap/Monitor
* Passive
* Does not participate in traffic flow
* Copying and forwarding of traffic for further analysis

Question 6

What is a Proxy and what types?

Answer 6

Server handling communication between devices by:
* Accepting and forwarding requests
* Filer and modify traffic
* Access restrictions by IP

Forward Proxies
* Between client and server
* inside of own network
* protects traffic to internet

Reverse Proxy
* Places between server and client
* Help with load balancing and caching of content

Open Proxies
* Third party, uncoltrolled
* Security risk often blocked by organizations

Question 7

Explain the types of load balancers

Answer 7

Active / Active
* All servers are connected and ready to use
* TCP offload
* SSL offload
* Caching
* Priorization
* Content switching

Active / Passive
* Some servers are passive or on standby in case active server fail

Question 8

Explain components of port security and its two main components

Answer 8

EAP - Extensible Authentication Protocol
* Protocol to securely identify and allow devices on a network
* Supports various identification methods

EAP Integrates with 802.1X

802.1X
* Standart that prevents access to the network until authentication succeeds

Question 9

What is a network-based firewall?

Answer 9

Network-based Firewall
* Filter traffic by port number or application
* Traditional Firewalls controlled traffic via TCP/UDP number on Layer 4
* Modern Firewalls are based which application is used on Layer 7
* Encrypt traffic - VPN between sites

Question 10

UTM / Web security gateway

Answer 10

Unified Threat Management
Handles many different services:
* URL filter / Content inspection
* Malware Inspection
* Spam filter
* CSU / DSU
* Router, switch
* IDS / IPS
* VPN Endpoint
* Firewall

Disadvantages
* Only operates on layer 4
* Performances drawbacks due to many fucntions

Question 11

NGFW

Answer 11

Next Generation Firewall
* Operate on Layer 7
* Controls traffic flow based on applications
* Full decode of packet information
* Content filtering

Question 12

WAF

Answer 12

Web Application Firewall
* Applies to rules of HTTPS/HTTP traffic
* Allow or deny based on expected input
* SQL injection prevention