Chapter 15

Question 1

is used to create a security zone that allows public traffic but the traffic is isolated from the company private network. p528

Answer 1

demilitarized zone (DMZ)

Question 2

this type of firewall is that it’s designed to protect an entire network of computers instead of just one system, and it’s usually a combination of hardware and software. p530

Answer 2

network-based firewall

Question 3

This type of firewall is usually a software implementation, because you don’t need any additional hardware in your personal computer to run it. p530

Answer 3

host-based firewall

Question 4

The first line of defense for any network that’s connected to the Internet is what we call? p531

Answer 4

access control lists (ACLs)

Question 5

an ACL applied to a protocol is referred to as a what? p532

Answer 5

distribution list

Question 6

what are the two types of ACLs.p532-33

Answer 6

Standard ACLs

Extended ACLs

Question 7

what is a standard ACLs p532

Answer 7

These use only the source IP address in an IP packet as the condition test, so all decisions regarding a packet will be based on the source IP address.

Question 8

what is a extended ACLs p533

Answer 8

Extended ACLs go the distance and evaluate lots of the other fields in the Layer 3 and 4 headers of an IP packet.

Question 9

what does the Inbound ACLs do. p533

Answer 9

When an ACL is applied to inbound packets on an interface, those packets are processed through the ACL before being routed to the outbound interface. Any packets that are denied won’t be routed because they’ll be discarded before the routing process is completed.

Question 10

what does the Outbound ACLs do. p533

Answer 10

When an ACL is applied to outbound packets on an interface, those packets are routed to the outbound interface and then processed through the ACL before being queued.

Question 11

protects data on the inside of a firewall; and because TCP/IP is what the Internet runs on, most external attacks take direct aim at this protocol stack. p534

Answer 11

Protocol switching

Question 12

Firewalls use dynamic packet filtering to ensure that the packets they forward match sessions initiated on their private side by something called a _______ or _______ which keeps track of all communication sessions between stations from inside and outside the firewall. p537

Answer 12

dynamic state list

state table

Question 13

what is a proxy services. p538

Answer 13

an internal client sends a request to an external host on the Internet. That request will get to the proxy server first, where it will be examined, broken down, and handled by an application that will create a new packet requesting information from the external server.

Question 14

what are some the proxy server types. p539-40

Answer 14

IP proxy
Web (HTTP) proxy
FTP proxy
SMTP proxy

Question 15

what does an IP proxy do. p539

Answer 15

An IP proxy hides the IP addresses of all the devices on the internal network by exchanging its IP address for the address of any requesting station.

Question 16

what does an web HTTP proxy do. p539

Answer 16

Web proxies, also called HTTP proxies, handle HTTP requests on behalf of the sending workstation. When these are implemented correctly, a client’s web browser asks a web server on the Internet for a web page using an HTTP request.

Question 17

what does an FTP proxy do. p540

Answer 17

FTP proxies handle the uploading and downloading of files from a server on behalf of a workstation.

Question 18

what does an SMTP proxy do. p540

Answer 18

Any packets or messages that contain material that is not considered secure can be blocked. Many SMTP proxies allow network virus protection software to scan inbound mail.

Question 19

means that they scan different types of incoming traffic in an effort to detect problems. p 542

Answer 19

scanning services

Question 20

Skips scanning of files larger than 50MB; can also enable deferred scanning p543

Answer 20

Web HTTP and FTP

Question 21

Cleans emails or attachments containing malware, and attaches a notification that the malware was deleted p543

Answer 21

Mail SMTP

Question 22

Scans all scannable files in the email

Rejects all messages larger than 15MB p543

Answer 22

Mail SMTP and POP3

Question 23

what is content filtering p544

Answer 23

Content filtering is very closely related to scanning services, and on Cisco routers it’s also provided by the CSC SSM. Specifically, content filtering means blocking data based on the content of the data rather than the source of the data. Most commonly, this is used to filter email and website access.

Question 24

what is an signature identification p544

Answer 24

is uses that are known will have a signature, which is a particular pattern of data, within them. Firewalls (and antivirus programs) can use signatures to identify a virus and remove it.

Question 25

what is Zones p545

Answer 25

zone is an individual area of the network that has been configured with a specific trust level. Firewalls are ideal devices to regulate the flow of traffic between zones.

Question 26

An intrusion detection system does replace a firewall on your network. T/F p548

Answer 26

false/ does not

Question 27

An intrusion detection system can detect attacks within encrypted traffic. T/F p548

Answer 27

False/ it can’t detect attacks

Question 28

There are two ways IDSs can detect attacks or intrusions. p548

Answer 28

MD-IDS/ it works by looking for fingerprints.

AD-IDS/ basically watches for anything out of the ordinary

Question 29

When an IDS moves to prevent an attack it’s often called a reactive system or an __________. p549

Answer 29

Intrusion protection system (IPS)

Question 30

What are the three common active responses. p549

Answer 30

Changing Network Configuration
Terminating Sessions
Deceiving the Attacker

Question 31

What is a Host-Based IDS (HIDS) p 551

Answer 31

software runs on one computer to detect abnormalities on that system alone by monitoring applications, system logs and event logs not by directly monitoring network traffic.

Question 32

What is an Nessus p551

Answer 32

Is a propriety vulnerability scanning program that requires a license to use commercially yet is the single most popular scanning program in use.

Question 33

What is an VPN Concentrators p552

Answer 33

Is a device that create remote access for virtual private networks VPNs either for users logging in remotely or for a large site-to-site VPN.

Question 34

What are Critical Nodes p562

Answer 34

Are individual systems or groups of systems without which the organization cannot operate.The process of identifying these system should begin with prioritization of the business processes that each supports.