Firewalls chap 3
Perimeter network
Screened subnet connected to a firewall at the edge of a protected network
dual-homed host
A ______-_____ ______ is a fancy term for a computer that has two network interfaces.
indispensable
A critical resource is defined as a software- or hardware-related item that is ______ to the operation of the device or program.
routers
Many operating systems perform IP forwarding, as do ______.
Screened subnet
Network exposed to an external network but partially protected by a firewall
DMZ
One advantage to setting up a ___ with two firewalls is you can control where traffic goes in the three networks.
Screening router
Filters traffic passing between one network to another
router
A ______ determines where packets should go through an interface and which should be blocked based on a set of rules called an access control list.
DMZ screened subnet
A ___ ______ ______ is a network of publicly accessible servers that is connected to the firewall but is outside the internal network being protected.
NAT router
A ___ ______ converts publicly accessible IP addresses to private ones and vice versa.
DMZ
A ___ is a network that sits outside the internal network but is connected to the firewall and provides publicly available servers.
deny all approach
A ____ ____ _____ will block everything by default and only specifically allow those services you need on a case-by-case basis.
dual homed-host
A ____ _____-_____is a client computer that is connected to the Internet and hosts firewall software.
bastion host
A _____ ____ needs to have sufficient processor speed and memory to handle the network's present traffic and increased traffic as the network grows.
screening router
A _____ _____ filters traffic to individual computers within the internal network.
tunnel server
A ______ _____ is a server that creates a secure tunnel connection.
reverse firewall
A ______ ______ is a device that monitors information going out of a network rather than trying to block what is coming in.
screened host
A ______ ______ is sometimes called a dual-homed gateway or bastion host.
reverse firewall
A ______ ______ monitors outbound rather than inbound traffic.
scalable
A firewall needs to be _____ so that it can grow with the network it protects.
service network
A subnet that is attached to the firewall and contained in the DMZ is called a ______ _______.
Dual-homed host
A workstation with an internal interface and an external Internet interface
Stateful failover
Backup services are provided by maintaining copies of connection states
tri-homed firewall
The arrangement of a DMZ enclosed by two firewalls is sometimes called a ___-_____ _______.
Failover firewall
Designed to maintain connections in case a primary firewall stops working
Tunnel server
Enables VPN clients to connect to it based on their IP addresses
Three-pronged firewall
Has three interfaces connecting it to the external network, DMZ, and protected LAN
NAT
IPSec and Kerberos are incompatible with ___.
port scanning attack
If you are a victim of a ____ _____ _____, you should review your firewall logs and block access from the "bad" IP addresses.
Port 25
If you are a victim of a harmful e-mail attachments attack, you should use software that scans ____ ___ for SMTP traffic.
strict
If you follow a "____" approach to security, set up application proxy gateways that forward requests on behalf of internal users.
cautious
If you follow a "_____" approach to security, you should set up a stateful instead of a stateless packet filter.
failover firewall
If you want a ______ ______, both models must be compatible so that they can be configured for seamless operation.
Reverse firewall
Inspects and monitors traffic leaving a local network
state update packets
The Cisco PIX Failover Firewall uses ______ ______ ______ to pass data about the state of the current connections between the primary and the failover firewall.
DNS server
The ___ ______ in the DMZ needs only list a limited number of public IP addresses.
tri-homed firewall
The firewall in a DMZ screened subnet is sometimes called a ___-_____ ______.
important configuration file
The most _____ _____ ____ on your firewall is the rules file.
Tri-homed firewall
The use of two firewalls to set up three separate networks
screened subnet
You create a ______ ______ by adding servers that permit public services and combining them to the firewall's subnet.