Chapter 9

firewall

1. The _________ is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter to protect the premises network from Internet-based attacks.

C

1. _________ control determines the types of Internet services that can be accessed, inbound or outbound. A. Behavior B. Direction C. Service D. User

B

10. A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control. A. packet filtering firewall B. distributed firewall C. personal firewall D. stateful inspection firewall

host-based IPS (HIPS)

10. A ___________ makes use of both signature and anomaly detection techniques to identify attacks.

C

11. Typical for SOHO applications, a __________ is a single router between internal and external networks with stateless or full packet filtering. A. single bastion T B. double bastion inline C. screening router D. host-resident firewall

Pattern

11. _________ matching scans incoming packets for specific byte sequences (the signature) stored in a database of known attacks.

Traffic

12. __________ anomaly watches for unusual traffic activities, such as a flood of UDP packets or a new service appearing on the network.

A

12. __________ are attacks that attempt to give ordinary users root access. A. Privilege-escalation exploits B. Directory transversals C. File system access D. Modification of system resources

Sdrop

13. Snort Inline adds three new rule types: drop, reject, and _________.

D

13. __________ scans for attack signatures in the context of a traffic stream rather than individual packets. A. Pattern matching B. Protocol anomaly C. Traffic anomaly D. Stateful matching

UTM (unified threat management)

14. A single device that integrates a variety of approaches to dealing with network-based attacks is referred to as a __________ system.

B

14. __________ looks for deviation from standards set forth in RFCs. A. Statistical anomaly B. Protocol anomaly C. Pattern matching D. Traffic anomaly

A

15. The _________ attack is designed to circumvent filtering rules that depend on TCP header information. A. tiny fragment B. address spoofing C. source routing D. bastion host

defense in depth

15. The firewall follows the classic military doctrine of _________ because it provides an additional layer of defense.

packet filtering

2. A _________ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

B

2. _________ control controls how particular services are used. A. Service B. Behavior C. User D. Direction

source

3. The ________ IP address is the IP address of the system that originated the IP packet.

C

3. _________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall. A. Behavior B. User C. Direction D. Service

spoofing

4. An intruder transmitting packets from the outside with a source IP address field containing an address of an internal host is known as IP address _________.

A

4. ________ control controls access to a service according to which user is attempting to access it. A. User B. Direction C. Service D. Behavior

D

5. The _________ defines the transport protocol. A. destination IP address B. source IP address C. interface D. IP protocol field

SOCKS

5. The __________ protocol is an example of a circuit-level gateway implementation that is conceptually a "shim-layer" between the application layer and the transport layer and does not provide network-layer gateway services.

D

6. A __________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. A. packet filtering B. stateful inspection C. application-level D. circuit-level

bastion host

6. Identified as a critical strong point in the network's security, the _________ serves as a platform for an application-level or circuit-level gateway.

personal

7. A __________ firewall controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side.

B

7. An example of a circuit-level gateway implementation is the __________ package. A. application-level B. SOCKS C. SMTP D. stateful inspection

VPN (virtual private network)

8. A ________ uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet.

A

8. Typically the systems in the _________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server. A. DMZ B. IP protocol field C. boundary firewall D. VPN

C

9. A _________ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security. A. proxy B. UTM C. VPN D. stateful inspection firewall

IPSec

9. __________ protocols operate in networking devices, such as a router or firewall, and will encrypt and compress all traffic going into the WAN and decrypt and uncompress traffic coming from the WAN.