11.1 Introduction to Firewalls and Network Security

Question 1

Security professionals use the concept of _____ to implement security controls.

Answer 1

Security professionals use the concept of defense in depth to implement security controls.

Question 2

What are the seven basic layers of layered defense?

Answer 2

1. Data - Attacker’s ultimate target.
2. Application - Software used to defend networks.
3. Host - Physical hardware running applications and storing data.
4. Internal Network - everything between the host and the perimeter defenses.
5. Perimeter - Hardware; everything external to the network.
6. Physical - Physical barriers
7. Policies, Procedures, Awareness - Written documentation

Question 3

The _______ is an intelligence-driven defense framework designed to identify and prevent cyber intrusions.

Answer 3

The cyber kill chain is an intelligence-driven defense framework designed to identify and prevent cyber intrusions.

Question 4

The Cyber Kill Chain

Adversaries are categorized into three designations:

Answer 4

Advanced - An adversary who is targeted, coordinated, and purposeful.

Persistent - An adversary who is relentless and undeterred by time.

Threat - An adversary with opportunity, intent, and capability.

Question 5

Which layer of defense applies:

A criminal hacker cuts through a security fence to gain access to the property.

Answer 5

Physical

Question 6

Which layer of defense applies:

A user clicks on a nefarious email, which downloads and installs malware on their computer.

Answer 6

Application

Question 7

Which layer of defense applies:

An employee walks away from their terminal and leaves their screen unlocked.

Answer 7

Host

Question 8

Which layer of defense applies:

A criminal hacker scans a network to see which ports are open.

Answer 8

Perimeter

Question 9

Which layer of defense applies:

An employee forwards an email containing social security numbers to their personal email account.

Answer 9

Data

Question 10

Which layer of defense applies:

An employee allows a stranger to tailgate them into a secured facility.

Answer 10

Policies, Procedures, Awareness

Question 11

Which layer of defense applies:

A disgruntled employee tries to log into their computer with administrative privileges when they only have basic user rights.

Answer 11

Internal Network

Question 12

Which layer of the Cyber Kill Chain applies:

An attacker breaches a network and installs a remote access trojan, providing the attacker remote control over the computer.

Answer 12

Installation

Question 13

Which layer of the Cyber Kill Chain applies:

An attacker sucessfully enumerates company employee profiles and crafts convincing phishing emails that contain malware.

Answer 13

Weaponization

Question 14

Which layer of the Cyber Kill Chain applies:

An attacker sends commands to infected hosts (zombies), which generate pings to a remote victim’s IP address.

Answer 14

Explotation

Question 15

Which layer of the Cyber Kill Chain applies:

An employee finds a USB thumb drive in the office parking lot and plugs it into their company’s workstation to see what’s on it.

Answer 15

Delivery

Question 16

Which layer of the Cyber Kill Chain applies:

An attacker compiles employee information from LinkedIn and gets the names and phone numbers of company personnel from publicly available resources.

Answer 16

Reconnaissance

Question 17

Which layer of the Cyber Kill Chain applies:

An attacker breaches a network, logs into the company’s server, copies files to a folder, compresses it, encrypts it, and exfiltrates the files to their local hard drive.

Answer 17

Action on Objectives

Question 18

______ provide a layer of protection by analyzing data leaving and entering a network.

Answer 18

Firewalls provide a layer of protection by analyzing data leaving and entering a network.

Question 19

Firewalls can be used to either control access to a single host (_______ firewall) or an entire network (_______ firewall).

Answer 19

Firewalls can be used to either control access to a single host (host-based firewall) or an entire network (network firewall).

Question 20

Network-based and host-based firewalls work in the same way:

Answer 20

1. Intercept traffic before it reaches its target host or router.
2. Inspect the source and destination address and ports, TCP flags, and other features of the incoming packets.
3. Allow packets that come from trusted sources and deny packets that don’t.

Question 21

MAC firewalls operate on ______ of the OSI and filter based on source and destination MAC addresses.

Answer 21

Layer 2

The Media Access Control (MAC) address is a unique hardware ID that helps communicate with each other.

Question 22

MAC Layer Firewall

True or False:

Routers compare the IP address of a device against an approved list. If there is a match, the traffic is forwarded to that device.

Answer 22

False

Routers compare the MAC address of a device against an approved list. If there is a match, the traffic is forwarded to that device.

Question 23

MAC Layer Firewall Advantages / Disadvantages

Answer 23

Advantages:
Can secure the network from novice attackers.

Disadvantages:
Can be easily bypassed by MAC spoofing.

Question 24

Packet-Filtering Firewalls (Stateless)

Stateless packet-filtering firewalls operate between _____ and _____of the OSI model.

Answer 24

Stateless packet-filtering firewalls operate between Layer 3 and Layer 4 of the OSI model.

Question 25

Stateless packet-filtering firewalls create _______ within a router and examine _______ as they progress through an interface. If the information does not pass the inspection, it is dropped.

Answer 25

Stateless packet-filtering firewalls create checkpoints within a router and examine packets as they progress through an interface. If the information does not pass the inspection, it is dropped.

Question 26

Packet-Filtering Firewalls (Stateless) Advantages / Disadvantages

Answer 26

Advantages: Not resource intensive, meaning they are low-cost and do not have a significant impact on system performance. Work best with small networks. Disadvantages: Easy to subvert compared to more robust firewalls. Only operate at the network layer. They are vulnerable to spoofing and do not support custom based rule sets.

Question 27

Packet-Filtering Firewalls (Stateful) Stateful packet-filtering firewalls operate on _____ and _____ of the OSI model.

Answer 27

Stateful packet-filtering firewalls operate on Layer 3 and Layer 4 of the OSI model. 4 -Transport: Rather than look at individual packets, stateful firewalls examine the connection as whole, looking at streams of packets. They inspect the packets’ conversation and routing tables and use a combination of TCP handshake verification and packet inspection technology.

Question 28

Stateful firewalls can determine if a packet is:

Answer 28

Trying to establish a new connection, known as a NEW state. Part of an existing connection, known as an ESTABLISHED state. Is neither a new or existing connection, known as a rogue packet.

Question 29

Packet-Filtering Firewalls (Stateful) Advantages / Disadvantages

Answer 29

Advantages: Offer transparent mode, which allows direct connections between clients and servers. Disadvantages: Are resource-intensive systems.

Question 30

Circuit-level firewalls operate at _____ of the OSI model.

Answer 30

Layer 5 - Session Circuit-level firewalls operate at Layer 5 of the OSI model. These firewalls only look at the header of a packet. Once the circuit is allowed to establish an end-to-end connection, all data is tunneled between parties.

Question 31

Circuit-level firewalls Advantages / Disadvantages

Answer 31

By verifying the three-way TCP handshake, they ensure that session packets are from legitimate sources. Advantages: Quickly and easily approve and deny traffic without consuming significant computing resources. Relatively inexpensive and provide anonymity to the private network. Disadvantages: Do not check the contents of the packet. If a packet contains malware but has the correct TCP information, the data is allowed to pass through.

Question 32

Proxy firewalls operate at _____ through _____ of the OSI model.

Answer 32

Proxy firewalls operate at Layer 3 through Layer 7 of the OSI model. Proxy firewalls inspect the actual contents of the packet. It intercept all traffic on its way to its final destination., without the data source knowing. A connection is established to the proxy firewall, which inspects the traffic and forwards it if it's determined to be safe, or drops it if it's determined to be malicious

Question 33

True or False Proxy firewalls create an extra layer of protection between the traffic source and its destination behind the network by obscuring the destination from the source creating an additional layer of anonymity and protection for the network.

Answer 33

True

Question 34

Application / Proxy Firewalls Advantages / Disadvantages

Answer 34

Advantages: More secure than other implementations and provide simple log and file audit management for incoming traffic. Disadvantages: Resource intensive, requiring robust modern hardware and high costs. Bypassed with encryption.

Question 35

A _____ is a multifunctional firewall that provides stateless and stateful packet filtering.

Answer 35

A UFW is a multifunctional firewall that provides stateless and stateful packet filtering.

Question 36

True or False UFW is most commonly used on networks What's the corresponding term?

Answer 36

False UFW is most commonly used on hosts. Host-based

Question 37

What is a drawback to using UFW?

Answer 37

Before firewall rules can be changed or modified, all firewall services must be stopped and restarted. This can be extremely disruptive to an organization’s operations.

Question 38

True or False firewalld provides similar functionality to UFW but does not require the disruption of services when implementing firewall services.

Answer 38

True

Question 39

firewalld uses the concept of _____ to divide network interfaces into groups of shared trust level.

Answer 39

Zones firewalld uses the concept of zones to divide network interfaces into groups of shared trust level. The zones are assigned sets of rules depending on the needs and restrictions of each zone’s interfaces.

Question 40

_____ is the industry-standard network scanner

Answer 40

Nmap

Question 41

Attackers can get the following from network scans:

Answer 41

* Name and version of operating system (OS fingerprinting). * All open and closed ports. * All filtered ports (ports behind a firewall). * Types of services running on a specific port (service and daemon names). * Firewalking allows attackers to perform network analysis to determine which Layer 4 protocols a specific firewall allows.