Chapter 15 - Supplement - Sheet1 Flashcards Preview

CompTIA Network+ > Chapter 15 - Supplement - Sheet1 > Flashcards

Flashcards in Chapter 15 - Supplement - Sheet1 Deck (40):
1

Public Network

Network that everyone has access to

2

Private network

network that only select people (perhaps on an ACL) have access to

3

Network-Based Firewall

what companies use to protect their private network from
public networks. The defining characteristic of this type of firewall is that it’s designed
to protect an entire network of computers instead of just one system. Usually a combination of hardware and software

4

Host-based Firewall

implemented on a single
machine so it protects only that one machine. This type of firewall is usually a software
implementation

5

ACL

Access Control Lists. These reside on your routers and determine by IP addresses which machines are allowed to use those routers and in what direction

6

What types of attacks to ACLs mitigate against

IP address spoofing inbound, IP address spoofing outbound, DoS TCP SYN attacks, DoS Smurf attacks

7

How do ACLs mitigate against threats

Using TCP intercept to address DoS TCP SYN attacks, Filtering ICMP messages, inbound, Filtering ICMP messages, outbound, Filtering Traceroute

8

Standard ACLs

Use only the source IP address to determine allow/deny. Allowing a single IP address allows it to transmit any protocol, any port.

9

Extended ACLs

Make allow/deny decisions based on more than the source IP

10

Standard rules for ACLs

Deny any addresses from your internal networks to enter your internal network; Deny any local host addresses (127.0.0.0/8).; Deny any reserved private addresses.; Deny any addresses in the IP multicast address range (224.0.0.0/4).

11

Port security

Managing switch security (layer 2) to manage risk on internal networks.

12

2 examples of port security

Using MAC address filtering to ensure that only a specific address can use a specific port. Using MAC address filtering to ensure that only a group of MAC addresses can access a sensitive area of the network.

13

Packet Filtering

the ability of a router or a firewall to discard packets that don’t
meet the right criteria

14

dynamic packet filtering

Firewalls use dynamic packet filtering to ensure that the packets
they forward match sessions initiated on their private side by something called a dynamic
state list or state table, which keeps track of all communication sessions between stations
from inside and outside the firewall

15

Types of proxies

IP proxy, Web (HTTP) proxy, FTP Proxy, SMTP Proxy,

16

2 types of network layer firewalls

Statefull and Stateless

17

Stateless Packet Filter

a basic packet filter doesn’t care about whether the packet it
is examining is stand-alone or part of a bigger message stream. That type of packet filter
is said to be stateless. susceptible to various DoS attacks and IP spoofing

18

Advantage of stateless over statful firewall

Uses less memory

19

Stateful packet filtering

stateful firewall is one that keeps track of the various
data streams passing through it. If a packet that is a part of an established connection hits
the firewall, it’s passed through. New packets are subjected to the rules as specified in the
ACL

20

Firewall Scanning Services

Most firewalls are capable of performing scanning services, which means that they scan different
types of incoming traffic in an effort to detect problems. For example, firewalls can
scan incoming HTTP traffic to look for viruses or spyware, or they can scan email looking
for spam

21

IDS

Intrusion Detection System. keeps track of all activity on your network so you can see if
someone has been trespassing

22

2 ways IDS systems can detect attacks or intrusions

misuse-detection IDS (MD-IDS), anomaly-detection IDS (AD-IDS).

23

MD-IDS

The IDS sends up an alarm only if it recognizes
the fingerprints typical of attackers

24

AD-IDS

An AD-IDS basically watches for
anything out of the ordinary; if it discovers fingerprints where there shouldn’t be any, it will
send out an alert

25

2 common IDS implementations

Network-Based IDS (Most Common), Host-Based IDS

26

Well-known vulnerability scanners

NESSUS, NMAP (Network mapper)

27

Where can a DMZ be placed

A demilitarized zone (DMZ) can be located outside
a firewall, connected directly to the Internet. However, it can also be placed after the
firewall.

28

Which two levels of the OSI model can firewalls operate on?

Application, Network

29

Which level of the OSI model does port security on switches operate on?

Data Link

30

IPS

An intrusion prevention system (IPS) is like an IDS, but with two key differences.
First, it learns what is “normal” on the network and can react to abnormalities even if
they’re not part of the signature database. Second, it can issue an active response such as
shutting down a port, resetting connections, or attempting to lull the attacker into a trap.

31

Which type of security device employs a redirection device known as a honeypot?

IPS

32

Which type of firewall keeps track of existing connections passing through it?

Stateful

33

If you wanted to ensure that your firewall could block inflammatory email, which type
of service would you look for?

Content Filtering

34

A firewall’s list of rules that it uses to block traffic is called ___________________.

Access control list

35

If you wanted to allow remote access to 500 users, which type of device is recommended?

A VPN concentrator

36

If data from one of your subnets should be restricted from entering another subnet, the
subnets should be configured as different ___________________.

Security zones

37

What type of internal security is implemented at Layer 2?

port security

38

How does an ACL treat any traffic type by default?

Deny

39

What is a group of servers used to lure attackers called?

Honeypot

40

Logging, notification, and shunning are what types of reactions from what type of
security device?

Passive reactions from an IDS