Net Admin Unit 6
6.3.4 Configure a Screened Subnet (DMZ)
2.a. Interfaces > Assignments. b. Select Add. c. Select OPT1. d. Enable interface. e.Description field to DMZ f. Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4. g. Under Static IPv4 Configuration, change the IPv4 Address field. to 172.16.1.1 h. Use the Subnet mask to 16. i. Save. j. Apply Changes. 3. a. Firewall > Rules. b. Under the Firewall breadcrumb, select DMZ. c. Select Add. d. Pass is selected. e. For the Interface field, make sure DMZ is selected. f. For the Protocol, use the drop-down menu to select Any. g. Under Source, use the drop-down menu to select DMZ net. h. Under Destination, make sure it is configured for any. i. Under Extra Options, enter Allow DMZ to any rule as the description. j. Save. k. Apply Changes. 4.a. From the menu bar, select Services > DHCP Serverb. Under the Services breadcrumb, select DMZ. c. Select Enable. d. Configure the Range: 172.16.1.100 -172.16.1.200 e. Scroll to the bottom and select Save.
6.4.4 Implement Intrusion Prevention
2.a. Services > Snort>Global Settings. 3.Enable Snort VRT. b. Snort Oinkmaster Code field, 992acca37a4dbd7. c. Enable Snort GPLv2. d. Enable ET Open. 4.Under Sourcefire OpenAppID Detectors, Enable OpenAppID. b. Enable RULES OpenAppID. 5. Under Rules Update Settings, Update Interval drop-down menu select 4 DAYS. b. Update Start Time, change to 00:10 c. Hide Deprecated Rules Categories. 6. Under General Settings, Remove Blocked Hosts Interval drop-down menu select 1 Day. b. Startup/Shutdown Logging. c. Save. 7. Under the Services breadcrumb, Snort Interfaces and then Add. b. Under General Settings, Enable interface c. For Interface, drop-down menu to WAN d. Description, Snort-WAN. e. Under Alert Settings, Send Alerts to System Log. f. Block Offenders. g. Save. 8. Start Snort on the WAN interface. a. Under the Snort Status column, select the arrow to start Snort. b. Wait for a checkmark to appear, indicating that Snort was started successfully.
6.2.8 Configure a Perimeter Firewall Part 2
3. Create and configure a firewall rule a. For the rule just created, select the Copy icon (two files). b. Under Source, select Display Advanced. c. Change the Source Port Range to HTTPS (443). d. Under Destination, change the Destination Port Range to HTTPS (443). e. Under Extra Options, change the Description field to HTTPS to DMZ from WAN f. Select Save. g. Select Apply Changes. 4. Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network. a. Select Add (either one). b. Make sure Action is set to Pass. c. For Interface, use the drop-down menu to select LAN. d. For Protocol, use the drop-down menu to select Any. e. Under Source, use the drop-down menu to select LAN net. f. Under Destination, use the drop-down menu to select DMZ net. g. Under Extra Options, in the Description field, enter LAN to DMZ Any. h. Select Save. i. Select Apply Changes.
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use?
A network-based firewall
Which of the following is true about a network-based firewall?
A network-based firewall is installed at the edge of a private network or network segment.
How does a proxy server differ from a packet-filtering firewall?
A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer.
These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do?
Add a permit statement to the bottom of the access list.
Which of the following are characteristics of a stateless firewall? (Select two.)
Allows or denies traffic by examining information in IP packet headers Controls traffic using access control lists, or ACLs.
Which of the following describes how access control lists can improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
Which of the following is true about an intrusion detection system?
An intrusion detection system monitors data packets for malicious or unauthorized traffic.
Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline?
Anomaly-based
Which of the following are specific to extended Access control lists? (Select two.)
Are the most used type of ACL. Use the number ranges 100-199 and 2000-2699.
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion
Which of the following are true about reverse proxy? (Select two.)
Can perform load balancing, authentication, and caching. Handles requests from the internet to a server on a private network.
Which of the following does the sudo iptables -F command accomplish?
Clears all the current rules.
6.2.5 Configure Network Security Appliance Access
Complete this lab as follows: 1. Access the pfSense management console. a. From the taskbar, select Google Chrome. b. Maximize the window for better viewing. c. In the Google Chrome address bar, enter 198.28.56.22 and then press Enter. d. Enter the pfSense sign-in information as follows: Username: admin Password: pfsense e. Select SIGN IN. 2. Change the password for the default (admin) account. a. From the pfSense menu bar, select System > User Manager. b. For the admin account, under Actions, select the Edit user icon (pencil). c. For Password, change to P@ssw0rd (0 = zero). d. Enter P@ssw0rd in the Confirm Password field. e. Scroll to the bottom and select Save. 3. Create and configure a new pfSense user. a. Select Add. b. Enter lyoung as the username. c. Enter C@nyouGuess!t in the Password field. d. Enter C@nyouGuess!t in the Confirm Password field. e. Enter Liam Young in Full Name field. f. For Group membership, select admins and then select Move to "Member of" list. g. Scrol
6.2.6 Configure a Security Appliance
Complete this lab as follows: 1. Access the pfSense management console. a. Sign in using the following case-sensitive information: Username: admin Password: P@ssw0rd (zero). b. Select SIGN IN or press Enter. 2. Configure the DNS servers. a. From the pfSense menu bar, select System > General Setup. b. Under DNS Server Settings, configure the primary DNS server. Address: 163.128.78.93 Hostname: DNS1 Gateway: None c. Select Add DNS Server to add a secondary DNS server and then configure it. Address: 163.128.80.93 Hostname: DNS2 Gateway: None d. Scroll to the bottom and select Save. 3. Configure the WAN settings. a. From pfSense menu bar, select Interfaces > WAN. b. Under General Configuration, select Enable interface. c. Use the IPv4 Configuration Type drop-down to select Static IPv4. d. Under Static IPv4 Configuration, in the IPv4 Address field, use 65.86.24.136 e. Use the IPv4 Address subnet drop-down to select 8. f. Under Static IPv4 Configuration, select Add a new gateway. g. Co
6.2.8 Configure a Perimeter Firewall Part 1
Complete this lab as follows: 1. Sign in to the pfSense management console. a. In the Username field, enter admin. b. In the Password field, enter P@ssw0rd (zero). c. Select SIGN IN or press Enter. 2. Create and configure a firewall rule to pass HTTP traffic from the internet to the web server. a. From the pfSense menu bar, select Firewall > Rules. b. Under the Firewall breadcrumb, select DMZ. c. Select Add (either one). d. Make sure Action is set to Pass. e. Under Source, use the drop-down menu to select WAN net. f. Select Display Advanced. g. For Source Port Range, use the From drop-down menu to select HTTP (80). h. Under Destination, use the Destination drop-down menu to select Single host or alias. i. In the Destination Address field, enter 172.16.1.5 j. Using the Destination Port Range drop-down menu, select HTTP (80). k. Under Extra Options, in the Description field, enter HTTP to DMZ from WAN. l. Select Save. m. Select Apply Changes.
6.1.7 Configure a Host Firewall
Complete this lab as follows: On Dorm-PC: 1. Add the fastest router to the workspace and provide power. a. Under Shelf, expand Routers. b. Drag Router, 100/1000BaseTX Ethernet to the Workspace. For convenience, place the router to the left of the wall plate. c. Above the router, select Back to switch to the back view of the router. d. Under Shelf, expand Cables and then select Power Adapter, AC to DC. e. From the Selected Component pane: Drag the DC Power Connector to the power port on the back of the router. Drag the AC Power Adapter to the surge protector. 2. Connect the Dorm-PC to the router and internet. a. Drag the Ethernet cable currently connected to the wall plate (the other end is connected to Dorm-PC) to a LAN port on the router. b. Under Shelf, select Cat5e Cable, RJ45. c. From the Selected Component pane: Drag an RJ45 Connector to the WAN port on the router. Drag the unconnected RJ45 Connector to the Ethernet port on the wall plate. d. (Optional) Above the router, sel
Which of the following BEST describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic?
False positive
Which of the following chains is used for incoming connections that aren't delivered locally?
Forward
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall
You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
Which of the following is true about an NIDS?
It detects malicious or unusual incoming and outgoing traffic in real time.
Which IDS type can alert you to trespassers?
PIDS
Which of the following is a firewall function?
Packet filtering
What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet?
Packet filters
Which options are you able to set on a firewall? (Select three.)
Packet source address Port number Packet destination address
You are managing a network and have used firewalls to create a screened subnet. You have a web server that internet users need to access. It must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the database server on the private network. Put the web server inside the screened subnet.
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the database server on the private network. Put the web server inside the screened subnet.
Based on the diagram, which type of proxy server is handling the client's request?
Reverse proxy server
Which of the following uses access control lists (ACLs) to filter packets as a form of security?
Screened router
Which of the following can serve as a buffer zone between a private, secured network and an untrusted network?
Screened subnet
Which of the following is another name for a firewall that performs router functions?
Screening router
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Signature-based IDS
Which of the following are true about routed firewalls? (Select two.)
Supports multiple interfaces. Counts as a router hop.
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance?
Unified Threat Management (UTM)
Which of the following combines several layers of security services and network functions into one piece of hardware?
Unified Threat Management (UTM)
You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?
Update the signature files.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use?
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet.
Which of the following is the BEST solution to allow access to private resources from the internet?
VPN
Which of the following is true about a firewall?
You must manually specify which traffic you want to allow through the firewall. Everything else is blocked.
In which of the following situations would you MOST likely implement a screened subnet?
You want to protect a public web server from attack.
How many network interfaces does a dual-homed gateway typically have?
three