Flashcards in chapter15 Deck (34):
what are firewalls?
they are a combination of hardware and software, the hardware [part is a router, computer or a black box.
the software part is responsible for packets filtering.
network based firewall:
it protect a network of computers, normally used in big companies.
it is a combination of software and hardware.
Host based firewall:
it is Implemented on a single computer and it protect only that computer.
it is a software firewall.
what do Access control lists do?
they are sets of rules used by the firewall to determines which traffic can pass through it.
2 main types of ACL what are they?
Standard ACL and Extended ACL.
it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic.
Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.
what is DMZ?
DeMilitarized Zone and acts as a buffer area between outside users (the internet) and a private (local or wide area network) server. DMZs accepts internet traffic such as DNS, FTP and Web servers and email server.
DMZ can be placed outside of the firewall or inside which mean between the firewall and the network.
what is a proxy server?
A Proxy server is an intermediary machine, between a client ( internal host) and the actual server ( external hosts), which is used to filter or cache requests made by the client.
what are some types of proxy server?
-it hide the IP addresses of all the devices on the internal network by exchanging its IP address for the address of any station.
-they are called network address translation ( NAT )
also called HTTP proxy, it processes HTTP requests on behalf of the sending workstation.
- when the requested page is returned the proxy server caches a copy of it locally for next use.
- it increase the network security by filtering out content.
FTP (File Transfer Protocol) is used to send files from one computer to a different computer. The FTP server can be a resource that keeps files on the same network or on a different network.
use the SMTP-proxy to control email messages and email content. The proxy scans SMTP messages for any unsecure materials and block it.
stateful Network layer firewall:
it keeps track of the established connection passing through it, so when another packet is received that is part of a current state that packet is passed without checking the ACL
stateless network layer firewall:
it is a basic packet filtering, it examines each packet individually that means that it does not care whether the packet is a stand- alone or part of bigger message stream.
stateful firewalls are more powerful and secure then a stateless firewall. T/F
application layer firewall:
they work at the application layer, they work by inspecting more then just data in the IP header, they will know if the packet is FTP, SNMP, HTTP or any other protocol.
they are slower then the network layer firewalls.
we use port security to maintain security between users in the same network, that mean that the security is on the switch on the layer 2 ( MAC addresses )
door access control
is keeping people from physically getting into your equipment.
the data layer should have more the one form of security, it should have 3 barrier, we call that multiple barrier system.
what does IDS do?
Intrusion Detection System inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
network based IDS ( NIDS )
it is the most common implementation of IDS, it is a separate device attached to the network via switch or tap
IPS intrusion protection system
when an IDS move to prevent an attack it is a reactive system or IPS
there are 3 types of IPS, what are they?
-changing network configuration
-deceiving the attack
changing network configuration
if an attack come through a port, the IDS clos the port for 60 seconds.
the IDS will force all sessions to close and restart
deceiving the attack
it tricks the bad gay into thinking their attack is really working when it is not,for that we use some thing called honeypot which is a server or access points, to which the hacker is directed, it keep them long enough to gather more information of them and their attack method so it can prevent another attack.
host-based IDS ( HIDS )
the software run on one computer to detect abnormalities on that system alone.
A vulnerability is a security weakness in a software program that puts the program or computer at risk of malicious programs and users.
it is used to verify the proper application of some ACLs to a firewall.
2 of the most known and effective programs that are used for vulnerability scanner, what are they?
it operates by performing a port scan and then follows up with more specific tests.