CMSY-163 Intro to Firewalls
What type of documentation should you keep for your bastion host?
- Name and location of Bastion Hose - Bastion Host IP address and domain name - Bastion Host OS - Location of Backup files - What to do in case of system crash - Levels of patches made to OS - Customized Scripts
What type of fees do hosting service charge?
- data backup - recovery - startup - help-desk support calls - monthly fees
On a bastion host that is intended to function as a Web server, for instance, you only need to enable traffic on TCP Port 80 and Port ____ for SSL traffic.
443
Where should a bastion host be located?
A DMZ that is connected to the firewall but isolated from the internal network to protect internal users from attacks. Or at any point in a network that is considered vulnerable or where an extra level of security is needed.
How should a firewall administrator guard against new risks?
A firewall administator can guard against new risks by running frequent security checks and maintenance as well as frequently adding software updates and patches designed to meet threats.
How should organizations cope with proxy server slowdown?
Add multiple proxy servers to the same network connection.
It is a best practice idea to rename the ____ account on a bastion host after initial configuration.
Administrator
Proxy servers perform operations on ____-level data.
Application
A ____ is a level of performance that you consider acceptable and against which the system can be compared.
Baseline
Of central importance to the operation of the firewall software that it hosts.
Bastion Host
System specifically designed and implemented to withstand attacks.
Bastion Host
You can check your computer's system information for the clock speed of your processor, which may be called the ____.
Central Processing Unit (CPU)
When selcting a bastion host operating system, the most important consideration is ____.
Choose the OS you're most familiar with
____________________ occurs when a company physically hosts its server(s) in a data center that is managed by a third party.
Co-Location
____ attacks are collections of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.
Correlation
____ is the process of deciphering the original message from an encrypted message without knowing the algorithms and keys used to perform the encryption.
Cryptanalysis
In general, where should bastion hosts be located on the network?
DMZ
No-man's-land between the inside and outside networks that serves as a buffer against outside attacks.
DMZ (Demilitarized Zone)
Speed up the retrieval and storage of stored data.
Data Cache
The concept of ____ requires hardening the system at multiple levels to minimize the possibility of intrusion.
Defense in Depth
____ attacks can be successful when the ciphertext consists of relatively few characters.
Dictionary
The formula ____ represents the application of encryption (E) to a message (M) using a cryptovariable to create ciphertext (C)
E(M, K) = C { E(M) = C } ?
Describe the Content Vectoring Protocol (CVP).
Enables firewalls to work with virus-scanning applications so that such content can be filtered out, this integration allows for firewalls to be content validators.
A good alternative to setting up a dedicated proxy server for small businesses is to use a publicly accessible proxy server online.
False
Bastion hosts should contain the latest and most expensive processor/memory combinations.
False
Network administrators should leave all ports open on a bastion host for maximum network throughput.
False
Once you have configured and deployed a bastion host, there is no need for further maintenance.
False
Squid is a full-featured Windows-based firewall that performs access control and filtering and is especially good at quickly serving cached files..
False
The only reason you should place a proxy server directly on the Internet is if the proxy is intended to serve as a transparent proxy.
False
Tell the firewall what types of traffic to let in and out of your network
Firewall Rules
Log files can point to ports, machines, or other vulnerable computers through which hackers can gain entry. These entry points are known as ____.
Holes
A ____ server is a machine that is placed in the DMZ to attract hackers and direct them away from the servers being protected.
Honeypot
A ____ firewall combines several different security technologies, such as packet filtering, application-level gateways, and VPNs.
Hybrid
Enables a packet to get from one network's OSI stack of interfaces to another
IP Forwarding
____ is the predominant cryptographic authentication and encryption protocol suite in use today.
IP Security (IPSec)
What is IP forwarding?
IP forwarding enables a packet to get from one network's OSI stack of interfaces to another, this process is important in the routing of data accross networks and routers to get it to its destination.
Speeds up the processing of executable instructions.
Instruction Cache
____ is a Kerberos service that generates and issues session keys.
Key Distribution Center (KDC)
Records detailing who accessed resources on the server and when the access attempts occurred.
Log Files
Hard drives for rack-mounted servers range from $250 to $750 per terabyte depending on ____.
Manufacturer, Drive Speed, Form Factor
____ is a method of using multiple systems to take turns handling requests, to prevent any one system from getting overloaded.
Network load balancing (NLB)
The first step in securing a bastion host is:.
Obtain a mcahine with sufficient memory and processor speed.
On a Windows bastion host, consider creating two ____________________: one for the operating system and one for the Web server, DNS server, or other software you plan to run on the host.
Partitions
Virtually all proxy server products scan the ____ of a packet and provide some sort of content-filtering system.
Payload
The ____________________ location is defined as the exact building and room in which the device is located.
Physical
Rate at which the logic circuitry or microprocessor within a computing device processes the basic instructions that make the device operate.
Processor Speed
Discuss the pros and cons of having more than one bastion host.
Pros More services since 1 bastion host can only handle 1 service more = more maximum security Cons More cost risk of losing proprietary information grows as you add more hosts that contain that information More load-balancing to do
Because a proxy server ____ all packets that pass between the Internet and the internal hosts, attacks that can start with mangled packet data never reach the internal host.
Rebuilds
A critical ____________________ is defined as a software- or hardware-related item that is indispensable to the operation of a device or program.
Resource
Set of rules that blocks all access by default, and then permits only specific types of traffic to pass through
Restrictive
A ____ is a service that acts as a proxy for inbound connections.
Reverse Proxy
Password you need to enter to make your screen saver vanish so you can return to your desktop and resume working.
Screen Saver Password
You can configure a proxy server on a ____ host and install routers that function as packet filters on either side.
Screened
MasterCard and VISA developed ____ in 1997.
Secure Electronic Transactions (SET)
____ was developed by Netscape in 1994 to provide security for online electronic commerce transactions.
Secure Sockets Layer (SSL)
The Microsoft ____ allows system owners to tap into a large knowledge base of details about vulnerabilities and get advice from vendor and security experts on how to make specific Microsoft operating systems and layered products like databases and Web servers more secure.
Security Assessment Tool
____________________ is a product from Microsoft that provides a baseline configuration specifically designed for high-risk environments like bastion hosts.
Security-Compliance-Manager
A network must have one or more proxy servers available for each ____ proxies on the network.
Service Protocol
The industry standard for bastion host memory is between 4 GB and 8 GB of RAM depending on the ____ of the memory.
Size, Speed, Manufacturer
A ____ is also an identifier consisting of an IP address and port number, such as 172.16.0.1:80.
Socket
Used to gain access to the BIOS set-up program or to change the BIOS password
Supervisor Password
Standard for logging program message.
Syslog Daemon
Briefly explain the GAISP (GASSP) nine Pervasive Principles?
The GAISP is a set of security and information management practices put forth by the International Information Security Foundation that have been proven in practice and accepted by practitioners as a framework to secure networks. 1.Accountability 2.Awareness 3.Ethics 4.Multidisciplinary 5.Proportionality 6.Integration 7.Timliness 8.Assessment 9.Equity
What are the critical resources for a firewall's successful operation.
The critical resouce of a firewall can vary based on the needs of a network and the traffic it deals with. For instance, in a busy network, memory is extremely important so that the firewall can handle all of the applications the business demands. In another case, a firewall that needs to hold a lot of memory needs a much larger HD capacity. An sufficient cpu as well as power supply can also be critical resources for the firewalls operation.
Describe the need for firewall scalability.
The firewall must be scalable so that it can grow with the network it protects. This is so that it can efficiently protect the network as it expands. If firewall scalibility is not considered, the firewall will not be as efficient as the company grows and the IT infrastructure of the business could collapse due to the failure and slowness of the firewall because of the load it cannot handle.
Why is it a good idea to disable user accounts on the bastion host?
They aren't needed because individual users should not be able to connect to the host from their workstations. Each user account increases chance of a security breach.
Speeds up the translation of virtual-to-physical address for both data and instructions.
Translation Lookaside Buffer
The ____ cipher rearranges the values within a block to create the ciphertext.
Transposition
As the number of users on the network grows, the machine that hosts the proxy server should be upgraded.
True
Blocking URLs is unreliable, mainly because URLs are typically blocked by proxy servers as full-text URLs.
True
Its not uncommon for companies to solicit information from a dozen or more hosting services and then request full proposals from five of those companies.
True
Windows Server 2003 and 2008 are excellent choices for bastion host operating systems because of their reliability and widespread use as servers
True
On a UNIX host, you should run a ____ check, a set of software programs that makes sure any software you're running on your system is a trusted program.
Trusted Computing Base
The ___ lists newly discovered security advisories right on its home page.
U.S. Department of Energy's Cyber Incident Response Capability
If a network administrator is most comfortable with UNIX, he or she should choose a bastion host running ____.
UNIX
Most popular operating system used to provide services on the Internet.
UNIX
How should administrators combat buffer overflow?
Update proxy servers frequently.
Many companies use the Internet to enable a(n) ____________________ that connects internal hosts with specific clients in other organizations.
VPNs (Virtual Private Networks)
DNS server located on the DMZ should be configured to prohibit unauthorized ____.
Zone Transfers
NetPatrol is ____.
an intrusion detection and prevention system that can be integrated with WinGate
A ____, which is a mirror image of all the data on a hard disk or partition, including not only files but applications and system data.
binary drive image
Must be entered to complete the process of starting up a computer
boot-up password
The practice of storing data in a part of disk storage space so it can be retrieved as needed
caching
The ____ utility reports on the services that are currently started.
chkconfig
Text that has been encrypted is called ____.
ciphertext
The reverse of the asymmetric encryption process yields ____.
digital signatures
Pretty Good Privacy (PGP) provides security for ____.
To enhance security, firewall rules can be used along with a proxy server to ____.
enable internal users to send outbound requests only at certain times
Tripwire is an example of a ____ system.
intrusion detection and prevention
The XOR cipher conversion subjects the bitstream to a Boolean XOR function against some other data stream typically a ____ stream "
key
An attacker may obtain duplicate texts, one in ciphertext and one in plaintext, which enable the individual to reverse-engineer the encryption algorithm in a ____ attack.
known-plaintext
The even distribution of traffic among two or more load-sharing firewalls can be achieved through the use of ____________________ switches, which are network devices with the intelligence to make routing decisions based on source and destination IP address or port numbers as specified in Layer 4 of the OSI reference model.
layer-four
Where should a bastion host be located if an organization does not have a dedicated server room?
locked server cabinet
The administrator should periodically review a firewall's ____________________ and analyze the traffic that passes through the firewall, paying particular attention to suspicious activity.
logs
Network administrators ____ to set up the browsers on the network to use a proxy server.
may use a configuration file
What is a downside of co-location for the bastion host?
more complicated for the administrator
Primary intent is to let all traffic through and then block specific types of traffic
permissive
A(n) ____________________ interface is software that enables you to configure and monitor one or more firewalls that are located at different network locations.
remote-management
UNIX uses a utility called ____________________, which automates the process of analyzing security patches that are already on the system and reports patches that should be added.
security_patch_check
Asymmetric encryption uses ____ separate keys for each message.
two