chapter15 Flashcards Preview

Network+ > chapter15 > Flashcards

Flashcards in chapter15 Deck (34):
1

what are firewalls?
529

they are a combination of hardware and software, the hardware [part is a router, computer or a black box.
the software part is responsible for packets filtering.

2

network based firewall:

530

it protect a network of computers, normally used in big companies.
it is a combination of software and hardware.

3

Host based firewall:
530

it is Implemented on a single computer and it protect only that computer.
it is a software firewall.

4

what do Access control lists do?


531

they are sets of rules used by the firewall to determines which traffic can pass through it.

5

2 main types of ACL what are they?

532

Standard ACL and Extended ACL.

6

Standard ACL:





532

it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic.

7

Extended ACL:


533

Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.
evaluat haders

8

what is DMZ?



534

DeMilitarized Zone and acts as a buffer area between outside users (the internet) and a private (local or wide area network) server. DMZs accepts internet traffic such as DNS, FTP and Web servers and email server.
DMZ can be placed outside of the firewall or inside which mean between the firewall and the network.

9

what is a proxy server?


538

A Proxy server is an intermediary machine, between a client ( internal host) and the actual server ( external hosts), which is used to filter or cache requests made by the client.

10

what are some types of proxy server?


539

IP proxy
web proxy
FTP proxy
SMTP proxy

11

IP proxy

539

-it hide the IP addresses of all the devices on the internal network by exchanging its IP address for the address of any station.
-they are called network address translation ( NAT )

12

web proxy


539

also called HTTP proxy, it processes HTTP requests on behalf of the sending workstation.
- when the requested page is returned the proxy server caches a copy of it locally for next use.
- it increase the network security by filtering out content.

13

FTP proxy


540

FTP (File Transfer Protocol) is used to send files from one computer to a different computer. The FTP server can be a resource that keeps files on the same network or on a different network.

14

SMTP proxy

540

use the SMTP-proxy to control email messages and email content. The proxy scans SMTP messages for any unsecure materials and block it.

15

stateful Network layer firewall:
541

it keeps track of the established connection passing through it, so when another packet is received that is part of a current state that packet is passed without checking the ACL

16

stateless network layer firewall:

541

it is a basic packet filtering, it examines each packet individually that means that it does not care whether the packet is a stand- alone or part of bigger message stream.

17

stateful firewalls are more powerful and secure then a stateless firewall. T/F
542

True

18

application layer firewall:

542

they work at the application layer, they work by inspecting more then just data in the IP header, they will know if the packet is FTP, SNMP, HTTP or any other protocol.
they are slower then the network layer firewalls.

19

port security


533

we use port security to maintain security between users in the same network, that mean that the security is on the switch on the layer 2 ( MAC addresses )

20

physical security:

554

physical barriers
network closets
Video monitoring
door access control
biometrics
security gared

21

physical barriers



555

is keeping people from physically getting into your equipment.
the data layer should have more the one form of security, it should have 3 barrier, we call that multiple barrier system.

22

what does IDS do?
548

Intrusion Detection System inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

23

network based IDS ( NIDS )
549

it is the most common implementation of IDS, it is a separate device attached to the network via switch or tap

24

IPS intrusion protection system

549

when an IDS move to prevent an attack it is a reactive system or IPS

25

there are 3 types of IPS, what are they?

549-550

-changing network configuration
-terminating sessions
-deceiving the attack

26

changing network configuration
549

if an attack come through a port, the IDS clos the port for 60 seconds.

27

terminating sessions
550

the IDS will force all sessions to close and restart

28

deceiving the attack




550

it tricks the bad gay into thinking their attack is really working when it is not,for that we use some thing called honeypot which is a server or access points, to which the hacker is directed, it keep them long enough to gather more information of them and their attack method so it can prevent another attack.

29

host-based IDS ( HIDS )


551

the software run on one computer to detect abnormalities on that system alone.

30

vulnerability:

551

A vulnerability is a security weakness in a software program that puts the program or computer at risk of malicious programs and users.

31

vulnerability scanners

551

it is used to verify the proper application of some ACLs to a firewall.

32

2 of the most known and effective programs that are used for vulnerability scanner, what are they?
551

_Nessus
_NMAP

33

Nessus:
551

it operates by performing a port scan and then follows up with more specific tests.

34

NMAP
552

network mapper can be used from the command line and it can be used with web based interfaces to be controlled remotely.