Flashcards in Chapter 15 - Supplement - Sheet1 Deck (40)
Loading flashcards...
1
Public Network
Network that everyone has access to
2
Private network
network that only select people (perhaps on an ACL) have access to
3
Network-Based Firewall
what companies use to protect their private network from
public networks. The defining characteristic of this type of firewall is that it’s designed
to protect an entire network of computers instead of just one system. Usually a combination of hardware and software
4
Host-based Firewall
implemented on a single
machine so it protects only that one machine. This type of firewall is usually a software
implementation
5
ACL
Access Control Lists. These reside on your routers and determine by IP addresses which machines are allowed to use those routers and in what direction
6
What types of attacks to ACLs mitigate against
IP address spoofing inbound, IP address spoofing outbound, DoS TCP SYN attacks, DoS Smurf attacks
7
How do ACLs mitigate against threats
Using TCP intercept to address DoS TCP SYN attacks, Filtering ICMP messages, inbound, Filtering ICMP messages, outbound, Filtering Traceroute
8
Standard ACLs
Use only the source IP address to determine allow/deny. Allowing a single IP address allows it to transmit any protocol, any port.
9
Extended ACLs
Make allow/deny decisions based on more than the source IP
10
Standard rules for ACLs
Deny any addresses from your internal networks to enter your internal network; Deny any local host addresses (127.0.0.0/8).; Deny any reserved private addresses.; Deny any addresses in the IP multicast address range (224.0.0.0/4).
11
Port security
Managing switch security (layer 2) to manage risk on internal networks.
12
2 examples of port security
Using MAC address filtering to ensure that only a specific address can use a specific port. Using MAC address filtering to ensure that only a group of MAC addresses can access a sensitive area of the network.
13
Packet Filtering
the ability of a router or a firewall to discard packets that don’t
meet the right criteria
14
dynamic packet filtering
Firewalls use dynamic packet filtering to ensure that the packets
they forward match sessions initiated on their private side by something called a dynamic
state list or state table, which keeps track of all communication sessions between stations
from inside and outside the firewall
15
Types of proxies
IP proxy, Web (HTTP) proxy, FTP Proxy, SMTP Proxy,
16
2 types of network layer firewalls
Statefull and Stateless
17
Stateless Packet Filter
a basic packet filter doesn’t care about whether the packet it
is examining is stand-alone or part of a bigger message stream. That type of packet filter
is said to be stateless. susceptible to various DoS attacks and IP spoofing
18
Advantage of stateless over statful firewall
Uses less memory
19
Stateful packet filtering
stateful firewall is one that keeps track of the various
data streams passing through it. If a packet that is a part of an established connection hits
the firewall, it’s passed through. New packets are subjected to the rules as specified in the
ACL
20
Firewall Scanning Services
Most firewalls are capable of performing scanning services, which means that they scan different
types of incoming traffic in an effort to detect problems. For example, firewalls can
scan incoming HTTP traffic to look for viruses or spyware, or they can scan email looking
for spam
21
IDS
Intrusion Detection System. keeps track of all activity on your network so you can see if
someone has been trespassing
22
2 ways IDS systems can detect attacks or intrusions
misuse-detection IDS (MD-IDS), anomaly-detection IDS (AD-IDS).
23
MD-IDS
The IDS sends up an alarm only if it recognizes
the fingerprints typical of attackers
24
AD-IDS
An AD-IDS basically watches for
anything out of the ordinary; if it discovers fingerprints where there shouldn’t be any, it will
send out an alert
25
2 common IDS implementations
Network-Based IDS (Most Common), Host-Based IDS
26
Well-known vulnerability scanners
NESSUS, NMAP (Network mapper)
27
Where can a DMZ be placed
A demilitarized zone (DMZ) can be located outside
a firewall, connected directly to the Internet. However, it can also be placed after the
firewall.
28
Which two levels of the OSI model can firewalls operate on?
Application, Network
29
Which level of the OSI model does port security on switches operate on?
Data Link
30