Quiz I Review Firewalls and Networking
List the typical minimum set of mechanisms for assuring the security of a DMZ:
A dedicated port on the firewall device or a screened subnet. DMZ segment with additional authentication and authorization controls.
Describe what a firewall does?
A firewall can be either hardware or software implemented on a host computer. A firewall is a means of controlling traffic into or out of a system or network.
What is a Bastion host? Give an example of it's use.
A highly secure host system that can if exposed to hostile elements it can withstand it.
What Is Default Route Configuration Command In Asa Firewall?
A static route with 0.0.0.0/0 (IPv4) or ::/0 (IPv6) as the destination IP address.
Packet-filtering router
Ability to restrict a specific service Standard in most routers Unable to detect whether packet headers have been modified
Application Layer Gateways
Also called proxy server Works at the application layer Intermediary between two systems Control the way applications inside the network access external networks
Explain how a firewall restricts access to a network
Filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your network.
Firewall infrastructure considerations
Firewall placement is crucial, Firewalls are not substitutes for security policy, Trained administrators must understand network protocols and the security policy, Firewalls will introduce latency
*Describe how firewall rules are created and how they are used to control the behavior of the firewall.
Firewall rules are stored in the non-volatile memory, configurable and available each time devices are restarted. They are used to control communication on its installed systems by denying or allowing traffic behavior.
*List the types of firewall protection as well as the types of firewall implementations and the ways they are used: Static packet filtering
First generation devices that examine data packets at Network layer 3 , based on pre-configured rules
What does the command "nameif " do?
Gives the interface a name and assigns a security level.
What does the command "interface' do?
Identifies either the hardware interface or the switch virtual interface(VLAN interface) that will be configured.
List one Disadvantage of multi-layer filtering.
It adds latency on network transmission causing long processing time.
Packet Filtering FWR Simple and effective however they?
Lacks strong authentication Complex ACLs can degrade network performance
Proxy Server task include
Load balancing IP address mapping Filtering specific content URL filtering Fragmentation attack prevention
*List the types of firewall protection as well as the types of firewall implementations and the ways they are used: Dynamic Packet-filtering (aka stateful firewall)
Monitors the actual communication process by maintaining a state table. Packets that are part of an existing session(or state) are permitted to pass.
At which OSI layer is a logical path created between two host systems?
Network
Best firewall configuration depends on: (Choose All that Apply)
Objectives of the network Organization's ability to develop and implement architecture Available budget
List the types of firewall protection as well as the types of firewall implementations and the ways they are used: Circuit-level
Operates at the transport layer 4, Doesn't usually examine traffic, creates tunnels connecting specific processes or systems.
Screened Host Firewalls
Packet-filtering router is combined with a separate dedicated firewall. Router prescreens packets and minimizes load on internal proxy.
Show mac-address-table
Shows all MAC table entries of all types
*When configuring a Packet Filter what is one of the first things you should do?
Start with a security policy, specify allowable packets in terms of logical expressions on packet fields, Rewrite expressions in syntax supported by your vendor.
Which of the following are associated with the application layer of the OSI model? (Choose two.)
Telnet FTP
While troubleshooting a network connectivity problem, a technician observes steady link lights on both the workstation NIC and the switch port to which the workstation is connected. However, when the ping command is issued from the workstation, the output message "Request timed out." is displayed. At which layer of the OSI model does the problem most likely exist?
The network layer
Which of the following correctly describe steps in the OSI data encapsulation process? (Choose two)
The transport layer divides a data stream into segments and adds reliability and flow control information. Packets are created when the network layer adds Layer 3 addresses and control information to a segment.
Show Vlan
To display all VLANs information on the switch
Show interface
To display statistics for all interfaces configured on the router or access server.
Show running-config
To display the configuration information currently running on the terminal.
show version
To display the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images.
show ip route
To display the current state of the routing table.
Show privilege
To show the current privilege level, username, and status of cumulative privilege support
Define the Media Access Control
Transmission of data packets to and from the network interface card to and from another remotely shared channel.
Dynamic stateful filtering firewalls make changes to filtering rules based on events as they happen (True/False).
True
Need separate proxies for each service: (True/ False) i. E.g., SMTP (E-Mail)
True
Need separate proxies for each service: (True/ False) ii. NNTP (Net news)
True
Need separate proxies for each service: (True/ False) iii. DNS (Domain Name System)
True
Need separate proxies for each service: (True/ False) iv. NTP (Network Time Protocol)
True
Stateless inspection ignores state of the connection (True/False).
True
*In the Packet Tracer Lab 1... Logging Synchronous is used. What is the purpose of this?
Used to synchronize unsolicited messages and debug output with solicited CISCO IOS software output and prompts for a specific console port line, aux port line, or vty.
Dual-homed host firewalls
With this approach, the bastion host contains two NICs. One NIC is connected to the external network, and one is connected to the internal network, providing an additional layer of protection. With two NICs, all traffic must go through the firewall in order to move between the internal and external networks.
*List the types of firewall protection as well as the types of firewall implementations and the ways they are used:Application Layer aka (Proxy Server)
Works at the application layer 7,6,5, Intermediary between two systems, Controls the way applications inside the network access external networks.
*Can We Block Https Traffic On Firewall?
Yes, but this blocks access to sites that may not need to be blocked. Best way is to block https traffic for specific IP range,
It is known that the OSI model has seven layers. Can you tell me at which layers of the OSI model WANs operate? (Choose two.)
datalink layer physical layer
Show clock
displays the system time
What functions do routers perform in a network? (Choose two.)
path selection packet switching
Application-Level Filtering have full access to protocol> One the following in the order they occur: Enter (second)
proxy validates request as legal
Application-Level Filtering have full access to protocol> One the following in the order they occur: Enter ( third)
then actions request and returns result to user
Application-Level Filtering have full access to protocol> One the following in the order they occur: Enter (first)
user requests service from proxy
A well placed firewall can correct all security issues (True/False).
False
Explain how intrusion detection and prevention systems are related and how they may be made to interact with one another.
Both read network packets and they interact by comparing the contents to a database of known threats.
Local devices address packets to the router's MAC address in the MAC header. After receiving the packets, the router must perform the following steps: 4.
Build the new MAC header and forward the packet. Finally, the router builds a new MAC header for the packet. The MAC header includes the router's MAC address and the final destination MAC address or the MAC address of the next router in the path. Figure 5 shows the contents of a packet before and after it has been forwarded by a router. Figure 5 also shows the contents of the router's routing tables. Figure 5: Routers forward packets based on the network address.
Local devices address packets to the router's MAC address in the MAC header. After receiving the packets, the router must perform the following steps: 1.
Check the incoming packet for corruption, and remove the MAC header . The router checks the packet for MAC-layer errors. The router then strips off the MAC header and examines the network layer header to determine what to do with the packet.
*What does Deep packet inspection do?
Combines stateful packet filtering with ability to analyze protocols for inconsistencies
Multi-Layer Filtering
Deep packet inspection which combines stateful packet filtering with ability to analyze protocols for inconsistencies. However its disadvantage is longer processing time.
How do you enter User EXEC Mode
Default mode after booting. Press enter for accessing this. router>...en...Router#.....config t...Router(config)#
Local devices address packets to the router's MAC address in the MAC header. After receiving the packets, the router must perform the following steps: 3.
Determine the route to the destination. Routers maintain a routing table that lists available networks, the direction to the desired network (the outgoing interface number), and the distance to those networks. After determining which direction to forward the packet, the router must build a new header. (If you want to read the IP routing tables on a Windows 95/98 workstation, type ROUTE PRINT in the DOS box.)
*List the types of firewall protection as well as the types of firewall implementations and the ways they are used: Transparent
Easy to add to an existing network and they Filter and inspect traffic flows based on pre-configured rules and interface security levels.
Stateful packet-filtering firewalls
Examine data in the packet Examine state of the connection between internal and external computers Allows incoming packets sent in response to internal requests
Local devices address packets to the router's MAC address in the MAC header. After receiving the packets, the router must perform the following steps: 2.
Examine the age of the packet. The router must ensure that the packet has not come too far to be forwarded.
