Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
45 Cards in this Set
- Front
- Back
|
Which firewall methodology requires the administrator to know and configure all the specific ports, IPs, and protocols required for the firewall?a. AGLb. Packet filteringc. Stateful filteringd. Proxy server
|
B
|
|
|
Which technology dynamically builds a table for the purpose of permitting the return traffic from an outside server, back to the client, in spite of a default security policy that says no traffic is allowed to initiate from the outside networks?a. Proxyb. NATc. Packet filteringd. Stateful filtering
|
D
|
|
|
What does application layer inspection provide?a. Packet filtering at Layer 5 and higherb. Enables a firewall to listen in on a client/server communication, looking for information regarding communication channelsc. Proxy server functionalityd. Application layer gateway functionality
|
B
|
|
|
Which one of the following is true about a transparent firewall?a. Implemented at Layer 1b. Implemented at Layer 2c. Implemented at Layer 3d. Implemented at Layer 4 and higher
|
B
|
|
|
What is the specific term for performing Network Address Translation for multiple inside devices but optimizing the number of global addresses required?a. NAT-Tb. NATc. PATd. PAT-T
|
C
|
|
|
What term refers to the internal IP address of a client using NAT as seen from other devices on the same internal network as the client?a. Inside localb. Inside globalc. Outside locald. Outside global
|
A
|
|
|
Which of the following describes a rule on the firewall which will never be matched because of where the firewall is in the network?a. Orphaned ruleb. Redundant rulec. Shadowed ruled. Promiscuous rule
|
A
|
|
|
What is the long-term impact of providing a promiscuous rule as a short-term test in an attempt to get a network application working?a. The promiscuous rule may be left in place, leaving a security hole.b. The rule cannot be changed later to more accurately filter based on the business requirement.c. It should be a shadowed rule.d. Change control documentation may not be completed for this test.
|
A
|
|
|
Should a firewall be resistant to attacks? Explain
|
Yes, if a firewall can be infiltrated or brought down with a DoS then it can no longer serve it's purpose.
|
|
|
Where should network traffic flow when firewalls are in the infrastructure?
|
Traffic should be forced through the firewall.
|
|
|
How do we reduce the risk of exposing sensitive systems to untrusted individuals?
|
By hiding most of the functionality of a host/network device. Only the minimum required connectivity should be allowed to a given system. ie. allowing only web traffic to a webserver in a DMZ
|
|
|
How do we reduce exploitation of protocol flaws?
|
Firewalls can be configured to inspect protocols to ensure compliance with the standards for that protocol at multiple layers. ie allowing only a specific amount of time between a dns request/reply
|
|
|
How do we eliminate unauthorized users/access?
|
Need to use authentication methods. Can control which user traffic can pass through, and can block based on policy. Parser views. Leverages AAA services using an ACS server.
|
|
|
How can we stop malicious data?
|
A firewall can detect/block malicious data with an IPS
|
|
|
What might happen with a configuration mistake in a firewall?
|
Serious consequences. The firewall's job is to implement a policy, we use ACLs, NAT, authentication, etc. If these are misconfigured through human error than the firewall can't do its job.
|
|
|
Why might people try to engineer a way around the firewall?
|
If there are security policies that the users are annoyed by, ie instant messaging is blocked, then people might try to get creative and circumvent the rule.
|
|
|
Why might latency be added by the firewall?
|
If the firewall has to analyze a large amount of traffic it might take a few milliseconds or more per packet, which might add overall network traffic delivery time.
|
|
|
Network firewalls provide key features for perimeter security. What processes can we use for this?
|
Simple packet filtering, proxy servers, NAT, stateful inpection firewalls, transparent firewalls
|
|
|
What is static packet filtering?
|
A static set of policies, like ACLs that require an administrator to change them. This can be tricky if you have users that need to access many servers.
|
|
|
What are application layer gateways?
|
Acts as an intemediary between original clinet and server. No direct communication occurs between clinet and destination server. Operates on Layer 3 and up.
|
|
|
What is stateful packet filtering
|
It remembers the state of sessions passing through the firewall. Customers on the inside reach outside networks, their packets go thought the firewall on the way out. Even though certain ports may be blocked on the way back in, the traffic is allowed as it matches informatoin in the stateful database.
|
|
|
What are some advantages of stateful firewalls?
|
used as a primary means of defense by filtering traffic, implemented on routers/firewalls, dynamic, provides defense agains DoS
|
|
|
What is an application inspection firewall?
|
It can analyze and verify protocols up to layer 7, but does not act as a proxy
|
|
|
What are the features of application firewalls?
|
Can see deeper into conversations, and see secondary channels initanted from the server, awareness of details at application layer, can prevent more kinds of attacks than stateful.
|
|
|
What are transparent firewalls?
|
It is more how the firewall in injected in the network as it can use packet based filtering, stateful filtering, and application inpection. It is implemented at layer 2. WE still have two interfaces but we do not assign ip addresses, and they act as a bridge.
|
|
|
What are next generation firewalls?
|
Cisco ASA with FirePOWER. Combines forewall with Sourcefire threat prevention and advanced malware protection in a single device.
|
|
|
What is the goal of NGFW?
|
To provide visibility into users, mobile devices, client-side apps, VM-to-VM communications, vulnerabiliites, threats, and URL
|
|
|
What is the goal of NAT?
|
Translates addresses from the private space to the public internet
|
|
|
Can NAT be used for security?
|
NAT in itself is not security, needs to be used in conjunction with ACLs.
|
|
|
Define inside local NAT
|
The real IP configured on an inside host, such as user 1
|
|
|
Define inside global NAT
|
The mapped/global address that the router is swapping out for the inside host during NAT. The outside world sees user 1 coming from this mapped address.
|
|
|
Define outside local NAT
|
If performing NAT on outside devices, this is the mapped address of the outside device as it would appoear to inside hosts. If not doing outside NAT on the routerm this appears as normal outside device's IP address to the inside devices
|
|
|
Define outside global NAT
|
The real IP configured on an outside host
|
|
|
How does PAT work?
|
Subset of NAT, though everyone doesn't get their own unique IP address. Keeps track of individual sessions on an array of ports, then forwards all packets to a single source IP.
|
|
|
Define Static NAT
|
this is a one to one permanent mapping. Typically used in a dmz scenario where we might want a server to be able to be accessed from the public internet.
|
|
|
Definy Dynamic NAT
|
We use a pool of global addresses and only map these to inside devices when they have a need to go out to the internet. ie, printer that needs to go out to the internet.
|
|
|
Define dynamic PAT
|
a feature used for most users who access the internet. Combines benefits of dynamically assigning global addresses only when needed and uses overload so thousands of inside devices can be translated with PAT
|
|
|
Where should firewalls be placed?
|
At security boundaries, ie between two networks.
|
|
|
Should a firewall be the only security device?
|
No they should exist in conjunction with other security measures.
|
|
|
What is better, permit all first or deny all first.
|
deny all first. Use a restrictive approach first, open as needed.
|
|
|
Best practice for many users?
|
Dynamic NAT/PAT, along with stateful filtering and deny all inbound
|
|
|
Should you presume that your internal machines might be part of the problem?
|
Yes! malicious code, or hackers could find their way on to the internal network.
|
|
|
Should you use any or all in your permit statements?
|
You can but best to be as specific as possible
|
|
|
Filter bogus traffic and perform loggin on that traffic
|
do it
|
|
|
The problem with shadowed rule implementation
|
When a line appears in the wrong order. Won't filter the traffic correctly.
|
