Ch. 11 LAN-to-WAN Domain
RSA Access Control System Bypass
Initially, an attacker attempts to steal account credentials only to find you have implemented two factor authentication with key fobs (rotating random pins). The initial attack is thwarted. • Later a port scan on the network finds that there is flaw in the server that hosts the RSA authentication system. The attacker gains access to the server and modifies one of the configuration parameters for a single account to allow single factor authentication unbeknownst to administrators. • Later, the attacker logs in using the stolen account
FCAPS
Fault, Configuration, Accounting, Performance, and Security management
A DoS Attack
Initially, a direct DoS attack occurs but your IPS devices in the LAN-to-WAN Domain immediately identify and stop the attack. • The attacker the searches for other vulnerabilities and finds a way to use social engineering to install a Trojan horse on the IPS device. This is a "backdoor" into the IPS.
14. The _________ feature speeds up routing network packets by adding a label to each packet with routing.
Multi-Protocol
What are the Two main LAN-to_WAN monitoring techniques?
Network device based - Devices often include monitoring functionality Non-device based - Require that you add additional hardware or software to capture traffic and analyze it
3. A ______ makes requests for remote services on behalf of local clients.
Proxy server
6. If only have one connection to the internet and that connection fails, your organization loses its internet connection. This is an expample of a ______/
Single point of failure
Before doing a penetration test for following should be gathered..?
Specific IP addresses or ranges of nodes you will test ▪Specific IP addresses of nodes that will conduct the tests ▪A list of nodes that should be excluded from the tests ▪A list of the techniques used in the tests ▪A schedule or time frame approved for the tests to occur ▪Points of contact for the testing team and the approving organization(s) ▪Procedures for handling collected test data
Content analysis—
This involves evaluating text and non- text content for inappropriate content
▪ Blacklist— .
This provides a list of uniform resource locators (URLs) or Domain Name System (DNS) entries from which all transfers are blocked.
LAN-to-WAN Domain should have a DMZ with at least two firewalls. T/F
True
least one IPS for should be deployed for each WAN connection. T/F
True
11. Many organizations use a _________ to allow remote users to connect to internal network resources.
VPN
It's important to have current recovery plans for all _________ on the LAN-to-WAN Domain.
Web servers
1. A distributed application is one in which the comments that make up the application reside on different computers. A. True B. false
a
Data leak security appliances (also called data loss security appliances)
are network devices or software running on computers that scan network traffic for data- matching rules.
intrusion prevention system (IPS)
extends the IDS capability by doing something to stop the attack.
▪ ▪ Content keyword filtering ▪
his involves evaluating text in content for inappropriate content using a dictionary of inappropriate search terms.
What role do implementers plan in LAN-toWAN configuration change management?
make approved changes, validate current config against authorized baseline, test config changes, create new authorized baseline
Web content filtering devices include?
▪ Blacklist— ▪ URL filter— Content keyword filter ▪ Content analysis—
Traffic monitoring devices help prevent ..?
▪Denial of service (DoS) or DDoS attacks ▪Device or communications failure ▪Bandwidth saturation
How can an organization Maximizing LAN-to-WAN Domain C-I-A?
▪Minimizing single points of failure ▪Using dual-homed ISP connections ▪Using redundant and alternate ISP connections ▪Deploying redundant routers and firewalls ▪Backing up Web server data ▪Using VPNs for remote access to organizational systems and data
12. You only need written authorization prior to conducting a penetration test that accesses resources outside your organization. A. True B. False
B
5. Which type of network device is most commonly used to filter network traffic? A. Router B. Firewall c. Switch D. IDS
B
7. Which of the following devices detect potential intrusions? pick 2 A. firewall b. IPS c. IDS D. Load balancer
B and C
What devices are on the LAN-to-WAN Domain?
- Router Firewall Proxy erver DMZ Honeypot ISP IDS IPS
13. NAT is helpful to hide internal IP addresses from the outside world. A. True B. False
A
15. Which of the following best describes the term honey pot? A. A server that's deliberately set up in an insecure manner to attract attackers B. A server that contains extremely sensitive data C. A collection of computers that are vulnerable to attack and could allow your network to be compromised D. vulnerable servers in your network that wouldn't be dangerous if compromised
A
2. Which of the following is commonly the primary security control for data entering the LAN-toWAN domain? A. filtering B. NAT C. Encryption D. Address validation
A
9. Which of the following is a solution that defines and implements a policy that describes the requirements to access your network? A. NAC B. NAT C. NIC D. NOP
A
What items fall under Network Access Control (NAC)?
Anti-malware protection Firewall status and configuration Operating system version and patch level Node role and identity Custom attributes for enterprise configuration
10. Which of the following best describes a dual homed ISP connection? A. An ISP connection using 2 firewalls B. Connecting 2 LANs to the internet using a single ISP connection C. A network that maintains 2 ISP connections D. Using 2 routers to split a single ISP connection in 2 subnets
C
8. What does it mean when there are differences between the last security configuration baseline and the current security configuration settings? A. Unathuroized changes have occurred B. Authorized changes have occurred. C. Changes have occurred D. Unapproved changes are awaiting deployment
C
4/ A _____ is an isolated part of a network that s connected both to the internet and your internal secure network and is a common home for internet facing web servers.
DMZ
URL filter
—This involves scanning and evaluating URLs for inappropriate content using a dictionary of inappropriate search items.