Telecommunications and Network Security

Question 0

What does the NOS (Network Operating System) provide?

Answer 0

powerful directory services
internetworking
routing
WAN support
support for remote users
clustering functionality
strong authentication and auditing functionality
file and printing services
backup/replication
mgt. tools for remote clients
software and hardware tools inventory functionality
fault tolerance capabilities

Question 1

NOS software works in the _____ model. All resources, files, and applications are ______ which users access from a ______ server rather tahn from individual workstations

Answer 1

client/server
centralized
central

Question 2

DNS (Domain Name System) does what?

Answer 2

Resolves user-friendly hostnames to IP addresses/vice versa.

Question 3

On DNS servers, networks are split into:

Answer 3

zones

Question 4

A zone may contain one or many _____, with each ______ specific to a particular ________.

Answer 4

domains
domain
department

Question 5

When a user’s computer needs to resolve a hostname, it uses ______ settings to locate its ______, which refers to the resource records for retrieving the corresponding ____ _____.

Answer 5

TCP/IP
DNS Server
IP Address

Question 6

What do the primary DNS and secondary DNS contain? How is it synchronized? The DNS server should be properly configured to avoid unauthorized_____.

Answer 6

Primary: actual resource records
Secondary: copy of resource records.
Synchronized through a zone transfer.
Zone transfers.

Question 7

To communicate with eachtoher, computers need to sue the same type of addressing scheme. The internet uses _____.

Answer 7

public IP address scheme

Question 8

NAT =

Answer 8

Network Address Translation

Question 9

What does NAT do?

Answer 9

enables a network taht isn’t using the public IP address scheme to communicate with different networks over the Internet. An organziation can purchase a small number of public IP addresses for use by employees. When an employee wants to access resources on the Internet the employees private address is translated to a public IP address for the duration of the session. When it ends the public address ius released back into the public pool for reuse.

Question 10

How does NAT improve security? (2)

Answer 10

1 - private IP addresses within the org aren’t routable on the internet; aren’t available to attackers
2 - public IP addresses change constantly because a NAT device assigns an IP address to different clients over different sessions

Question 11

PAT =

Answer 11

Port Address Translation

Question 12

What’s the difference b/w PAT and NAT?

Answer 12

NAT uses a pool of IP addresses. PAT uses a single IP address.

Question 13

With PAT, all employees use the ______ ____ _______ to access the Internet. However, the session of each employee is ______. PAT assigns a different _____ ____ to each user. A ____ ___ combined with the IP address forms a _____, which is unique for each session.

Answer 13

same IP address
unique
source port
source port
socket

Question 14

Why can PAT conflict with multimedia applications?

Answer 14

they dynamically assign ports when connections are created; they may collide with the ports assigned by PAT for a session

Question 15

Define Router

Answer 15

A device that uses network protocols to forward or route data from one network to another.

Question 16

A router consists of ____ ____ that provide network connectivity, for example:

Answer 16

multiple interfaces
serial Ethernet
FDDI interfaces

Question 17

What layer of the OSI model do routers operate?

Answer 17

network layer

Question 18

The NOS forms an important part of a router that helps ___ ___ __ _ _.

Answer 18

route packets to their destinations

Question 19

A router filters network traffic using _ _ _.

Answer 19

Access control lists (ACLs).

Question 20

What are the 5 steps that occur when a packet arrives at a router.

Answer 20

1 - views routing data and retrieves the destinition IP network address
2 - views routing table to check which port matches the destintion iP address
3 - sends an error message to sender if no info about the destination address is found.
4 - changes header info of the packet so that it can reach the correct destination
5 - sends packet to the output queue for necessary interface

Question 21

Routers connect the _ _ _, aka _, of different organziations, enabling access to the Internet

Answer 21

local area network

LAN

Question 22

A router can also be a ____, which is like a system or device that connects _ _ _ _ _. A gateway is usually required to _ between different types of _ or _.

Answer 22

gateway
two unlike environments or systems
translate
applications or protocols

Question 23

What do boundary router do? Why are they important part of organizations’ security perimeter?

Answer 23

Advertise externally learned routes which are then used by internal hosts. They filter out traffic which has no place on the internal network.

Question 24

What type of attack can boundary routers prevent? How are those caused?

Answer 24

Man-in-the-middle attacks, which are caused by IP Spoofing

Question 25

What are the different ways IP Spoofing attacks can be done?

Answer 25

Non-Blind Spoofing: the attacker sniffs the sequence and acknowledgement messages and uses them to hijack a session.
Blind Spoofing attacks: where the attacker cannot sniff the sequence and acknowledgement messages but will try to probe a host for responses and in turn try to generate the correct responses.

Question 26

If two companies have different offices using different technologies that use different protocols, if they want to communicate, what is the device that can convert the data packets from one network to meet the protocol needs of the other network?

Answer 26

The gateway.

Question 27

What is an intranet and what does it enable?

Answer 27

A private network within an organization that is for internal use only.
Enables employees and authorized internal users to access applications and system resources using web-based technologies.

Question 28

What usually separates the intranet from the internet?

Answer 28

A firewall

Question 29

What is an extranet.

Answer 29

a private netwprk that extends outside an organizations network. It uses internet technologies and the public telecommunication system to enable the sharing of data with another organization.

Question 30

Why are firewalls necessary for extranet protection?

Answer 30

they’re set up over the Internet and can expose organizations and make them vulnerable to attack.

Question 31

Most organizations have distributed network environments that have integrated various network technologies. This _ their potential exposure and security vulnerabilities.

Answer 31

increases

Question 32

Various security technologies are used at a networks’s edge to protect he network from attack (4):

Answer 32

1 - logon security (username/ID)
2 - data encryption (protect in transmission)
3 - firewalls (protect a network by restricting the traffic that can enter
4 - remote access security (users provide logon credentials; resources that remote users use are defined; users have time, connection, and protocol restrictions

Question 33

Firewalls:

• Block _ traffic and allow _ traffic
• Usually placed in the _ _, aka _, which is the network segment between the unprotected and protected networks

Answer 33

• hostile , authorized

- demilitarized zone, DMZ

Question 34

What are the various types of firewall technologies (4)

Answer 34

1 - packet filtering
2 - stateful packet filtering
3 - dynamic packet filtering
4 - proxy firewalls

Question 35

Packet Filtering Firewalls:

• Operate at the _ layer of the OSI model
• Compare the information in _ _ against the _ _ _, which provide information about which packets can be accepted and which must be denied

Answer 35

• network

- packet headers, entries in the ACL

Question 36

What are the advantages of packet filtering firewalls?

Answer 36

1 - scalability with ability to handle large volumes of packets
2 - fast implementation becasue packet filters analyze only the info in packet headers
3 - application independence, becaseu only packet header info is evaluated

Question 37

What are the disadvantages of packet filtering firewalls?

Answer 37

Lower security; they don’t look deep into the packet.

Question 38

Stateful packet filtering firewalls:
- can operate at _ _ of the OSI model, but most often operate at the _ and _ layers
- initially investigates the _ _, _, and a _ _ _ _. For the rest of a session
, it then uses just the _ and _ header options for the packet.

Answer 38

all layers, network and transport
packet header, payload, and trailer
network, transport

Question 39

What is a state table and what does it contain

Answer 39

A stateful packet filtering FW maintains this. Contains the following info:
-source and destination IP Addresses
source and destination ports
acknowledgement bits

Question 40

If a state table indicates that a packet has been requested in any of the previous connections, the firewall ___ the packet.

If there is no prior information related to the packet, the firewll checks an ___ to determine whether or not the packet should or should not be allowed

Answer 40

allows

ACL

Question 41

Advantage of a stateful packet filtering firewall:

Answer 41

includes extra level of protection by keeping rack of the packets until relevant connections are closed

• reduces vulnerability to spoofing attacks
• allow for the inspection of mult-layer protocols, which reduces the chance of security breaches when the protocls use any combination of the layers within the OsO model for communicatio nand transfer of their payload
• provides data for tracking connectionalless protocols such as the UDP or ICMP

Question 42

Disadvantages of stateful packet filtering firewalls

Answer 42

• increased complexity becasue of the dynamic state table and connection tracking
• vulnerability to denial of service attacks (state tables may be flooded with bogus information, causing firewalls to freeze or reboot)

Question 43

Dynamic Packet Filtering Firewall:

• used when an _ _ needs to communicate with an _ _ _ _ _
• Internal system entity (sender) must choose a _ _ higher than _ to establish a connection with the external entity (receiver)
• FW creates an _ to allow the receiver to communicate with the sender. The _ created at the firewall is dynamic and remains until a connection is _.

Answer 43

• internal system, entity outside the trusted network
• dynamic port, 1023
• ACL, ACL, terminated

Question 44

Dynamic filtering firewalls are _ _ firewalls. They allow all types of _ _, but only response-attached _ _.

Answer 44

fourth generation; outbound traffic; inbound traffic

Question 45

Proxy Firewall:

• placed between a _ and _ network
• works at the _ layer
• makes a connection on behalf of the _ on the _ or _ networks

Answer 45

• trusted; untrusted
• application
• source; trusted; untrusted

Question 46

How does a Proxy FW work?

Answer 46

• FW receives a packet; inspects to determin whether it’s malicious.
• If packet appears safe, allowed to enter the trusted network for routing to specific destination
• when entity on the trsuted network wants to transmit a packet to antoherh entity on untrusted network, packet is first sent to proxy firewall, which repackages the packet before sending to destination. This helps hide the packet’s true origin; the new packet contains only the ifrewall’s IP address so the address of the sender on the trusted network is protected.

Question 47

Proxy firewall provides ___ security than packet filtering. But supports only a limited number of applications and can __ traffic performance. Have ___ and ___ issues and can have an adverse effect on __/__ model functionality

Answer 47

better; degrade.

scalability; performance; client/server

Question 48

what are the different types of proxy firewalls?

Answer 48

Application-level
Circuit-level
Kernel proxy firewalls

Question 49

Application level proxy FW

Answer 49

operate at the app layer; make access decisions based on packet content (payload). Because packet travels up to layer 7, FW needs to completely understand the protocols associated with the application (specficy proxy per protocol). Provides more granular control.

Question 50

Describe circuit-level proxy firewalls:
what layer do they operate at of the OSI model?
what do they make access decions based on?
how does it work?
more or less granular control as application level proxy firewall?

Answer 50

• session
• packet’s address, port, and protocol type (not content)
• creates a circuit between a client computer and a server.
• no

Question 51

Describe kernal proxy firewalls

• what layer do they operate at?
• what generation FW?
• how does it work?
• is it faster than app level Fws? why/whynot?

Answer 51

• application layer
• fifth-generation
• when a packet arrives at a kernal proxy firewall, a new virtual stack is created. Stack contains only the protocol proxies needed to examine the specific packet. Packe tinvestigated at every layer of the stack, evaluating packet’s data link header along with network lheader, transport header, sessin layer information, application layer data
• yes, becasue all evaluation takes place at the kernal, not at higher layers of the operating system

Question 52

Firewall architecture consists of different interfaces that help secure a network (4):

Answer 52

1 - high-security interface, whcih connects to the trusted internal network
2 - low-security interface which connects to the untrusted network
3 - medium security interface which connects to the DMZ
4 - the Internet

Question 53

Screening router:

• placed _ _ of the firewall
• provides _ _ _ _
• provides RFC _ and RFC _ filtering, _ _ , and _ _ _

Answer 53

• in front
• first line of defense
• 1918; 2827; rate limiting; Quality of Service

Question 54

3 main FW architectures:

Answer 54

1 - bastion host
2 - dual-homed device
3 - screened subnet

Question 55

Bastion host:

• Is a - _ that’s placed _ _ _ _ networks.
• _ connected to FW software
• Is the _ _ _ _ in network security; highly exposed to _.
• No _ _ should be running, unused subsystems and user accounts should be _, unused ports must be _, and all vulnerabilities must be _ to secure a bastion host.
• If a FW isn’t installed on the bastion host, it becomes _.

Answer 55

• locked-down; trusted and untrusted networks.
• Isn’t
• first line of defense; attacks
• unnecessary services; disabled; closed; patched
• vulnerable

Question 56

Dual-homed device

• has two interfaces: one _ _ _ _ _ and the other _ _ _ _
• to use dual-homed device as a firewall, you need to turn off the _ _ _ of the _ _ .

Answer 56

• facing the external network; facign the internal network

- packet routing functionality; underlying operating system

Question 57

Screened subnet:
-an external router _ _ _ _ to data coming from an _ _ and then sends the packets to the FW. The FW sends the packets to an _ _ to _ _ _ and then routes to the packets to the internal network

Answer 57

-applies packet filtering; untrusted network internal router; filter the packets further

Question 58

Network services and protocols include _, _, _, and _.

Answer 58

NOS; DNS; NAT; Pat

Question 59

A router uses _ _ to _, or _, data from one network to another. It can also serve as a _, which _ between different types of _ _ or protocols.

Answer 59

network protocols; route; gateway; translates; network applications.

Question 60

An _ is a private network for internal use within an organization. An _ is a private network that extends outside the organizations network.

Answer 60

intranet; extranet

Question 61

_ block malicious traffic and allow authorized traffic. Firewall technologies include _ _, _ _ _, _ _ _, and _ _. A firewall can be configured as a _ _, _ _, or _ _.

Answer 61

Firewalls; packet filtering; stateful packet filtering; dynamic packet filtering; proxy firewalls; bastion host; dual-homed device; screened subnet