Securing Networks

Question 1

What is a UTM?

Answer 1

Unified threat management.

An all in 1 device employ for network security. Provides a wide range of services like:

IPS/IDS
Firewall
Content Filtering
NAT

Question 2

What is a firewall?

Answer 2

A device that filters traffic as it moves from an area of your network to another area of you network or to an area outside your network.

Question 3

What is a stateless firewall?

Answer 3

Does NOT keep track of session information. Source destination and port#.

Question 4

What is a stateful Firewall?

Answer 4

Does keep track of session information. Maintain aware of active connections. It sequences everything also. It can make a more inform decision.

Question 5

What is an application based firewall?

Answer 5

Tracks sessions information. They track on Layer 7 and user behavior.

Ex. Guardicore

Question 6

What is a screened subnet (DMZ) topology?

Answer 6

Is the buffer zone between the internet and private network. Your publicly accessible services are places here. You can control the traffic to protect your connection.

Question 7

What is a Bastion Host / Jump Box ?

Answer 7

A device we setup in the DMZ zone to enhance remote access security.

You have to harden your jump box to prevent any compromise activity.

You make an SSH connection to the jumpbox then to the internal.

Question 8

What is an IDS/NIDS system?

Answer 8

Intrusion detection system is a device that can alert you of any anomalies on your network for you to react. Traffic already reached the destination.

Its job is to alert but not react

Question 9

What is an IPS/NIPS system?

Answer 9

Intrusion prevention system. It will alert you of any issues and prevent/react. It has to be inline on the traffic.

Signature based / stateful protocol analysis /

Question 10

What is a proxy server?

Answer 10

An device that sits between a client that is requesting a resource and a server that is providing a resource.

Features:
It can mask the client from the server

Reverse Proxy - is from client to server
Maintain session persistence with the back end.
Load balancers

Question 11

What is a VLAN?

Answer 11

Logical segmentation on the same physical switch.

Question 12

What is IPSec?

Answer 12

A framework that provides the means of creating a secure trusted IP tunnel over untrusted networks

Confidentiality with encryption

Integrity with hashing

Authentication with RSA

Anti-replay with sequencing

Question 13

What is Spanning-tree protocol used for?

Answer 13

Prevent layer 2 loop from crashing our L2 network

Question 14

What is BPDU guard?

Answer 14

Prevent rogue devices from modifying our STP topology by sending bogus BPDU into our network

Question 15

What are storm control used?

Answer 15

Rate limit the number of broadcast, multicast or unicast packets to prevent a storm

Question 16

What is DHCP snooping?

Answer 16

Prevent a rogue DHCP server from handing out false DHCP information

Question 17

What is MAC filtering?

Answer 17

Prevent unauthorized devices from connecting to the network.