Upgrade to remove ads
Principles of Information Security (6th. Ed) - Chapter 6 Review Questions
Terms in this set (20)
"The firewall filters or prevents specific information from moving between the outside (untrusted) network and the inside (trusted) network."
1. What is the typical relationship among the untrusted network, the firewall, and the trusted network?
UDP packets are designed to be connectionless. -
TCP packets usually involve the creation of a connection from one host computer to another.
A single transaction would not usually involve TCP and UDP ports.
2. What is the relationship between a TCP packet and UDP packet? Will any specific transaction usually involve both types of packets?
The application layer firewall takes into consideration the nature of the applications being run (the type, timing of the network connection requests, the type and nature of the traffic generated) whereas the packet filtering firewall simply looks at the packets as they are transferred
3. How is an application layer proxy firewall different from a packet-filtering firewall?
While static filtering "filtering requires that filtering rules be developed and installed within the firewall,"
Dynamic filtering "allows firewall to react to an emergent event and update or create rules to deal with that event"
DYNAMIC provides improved security
4. How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?
Keeps track of each network connection between internal and external systems
It uses a state table to maintain records of participants in network connections.
5. What is stateful inspection? How is state information maintained during a network connection or transaction?
Main principle: That which is not permitted is prohibited.
6. Explain the conceptual approach that should guide the creation of firewall rule sets.
"These types of servers can store the most recently accessed Web pages in their internal cache memory, and thus can provide content for heavily accessed pages without the level of traffic required when pages are not cached. Larger organizations often find that just a few Web sites account for a large quantity of their traffic and that they can lower total network traffic measurably by using a cache server."
7. What special function does a cache server perform? Why is this useful for larger organizations?
8. Describe how the various types of firewalls interact with network traffic at various levels of the OSI model.
Firewall that combines elements of other types of firewalls, that is, elements of packet filtering and proxy services, or of packet filtering and circuit gateways
Alternately, may consist of two separate firewall devices; each a separate firewall system, but connected to work in tandem
Enables an organization to make security improvement without completely replacing existing firewalls
Types: UTM and NextGen
9. What is a hybrid firewall?
UTM: Networking devices categorized by their ability to perform the work of multiple deviced, such as SPI firewalls, NIDPSs, content filters, etc.
It might be a better approach because it increases memory + processor capacity and reduces complexity associated with dealing with multiple networking devices
It simplifies things.
UTM seems more a of a label and NextGen is an actual appliance. [NextGen is included in the UTM spectrum]
UTM = do a good job at a lot of things, NextGen = do an excellent job at handful of things
10. Describe Unified Threat Management. Why might it be a better approach than single-point solutions that perform the same functions? How does UTM differ from NextGen FWs?
> Hybrid firewall that combines traditional direwall functions with other network security functions
> A security appliance that delivers unified threat management capabilities in a single device.
11. What is a NextGen Firewall?
The value of a firewall comes from its ability to filter out unwanted or dangerous traffic as it enters the network perimeter of an organization.
Basically: It keeps bad stuff from entering.
12. What is the primary value of a firewall?
> A variation of NAT
> A technology in which multiple real, routable external ip address are converted to special ranges of internal IP addresses, usually on a one to MANY basis; adding a unique port number to the address when traffic leaves the private network and is placed on the public network.
> Assigns a unique port number to each external IP address and maps the address + port combination to the internal IP address
13. What is Port Address Translation (PAT)? How does it work?
14. How do screened host architectures for firewalls differ from screened subnet firewall architectures? Which offers more security for the information assets that remain on the trusted network?
A bastion host is any system, router, or firewall that is exposed to the untrusted network. A bastion host is referred to as a sacrificial host from time to time because it stands alone on the network perimeter.
Serves as the sole target for attack and should therefore be throroughly secured
15. What is a sacrificial host? What is a bastion host?
DMZ = demilitarized zone , an intermediate area between a trusted network and an untrusted network.
It is a fitting name because traffic coming into the area cannot directly access its destination AND because it refers to the UNESECURED area of the network
16. What is a DMZ? Is this really an appropriate name for the technology, considering the function this type of subnet performs?
Which technology, what features, configuration ease, adaptability
1. Which type of firewall technology offers the right balance between protection and cost for the needs of the organization?
2. What features are included in the base price? What features are available at extra cost? Are all cost factors known?
3. How easy is it to set up and configure the firewall? Does the organization have staff on hand that are trained to configure the firewall, or would the hiring of additional employees (or contractors or managed service providers) be required?
4. Can the firewall adapt to the growing network in the target organization?
17. What questions must be addressed when selecting a firewall for a specific organization?
RADIUS = Remote Authentication Dial In User Service
A computer connection system that centralized the management of user authentication by placing the responsibility for authenticating on each user on a central authentication server.
18. What is RADIUs? What advantage does it have over TACACS?
A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network- for example, restricting user access to web sites from material that is not related to business, such as pornography or entertainment.
"The content filter is placed between the flow of internal to external traffic to filter non business related content and websites accessed by internal users."
19. What is a content filter? Where is it places in the network to gain the best result for the organization?
A private, secure network operated over a public and insecure network. It keeps the contents of the network messages hidden from observers who may have access to public traffic. It allows the user to turn Internet into a private network.
It's becoming more widely used because the Internet is more widely used, and more people telework. It's very convenient for travel, etc.
20. What is a VPN? Why is it becoming more widely used?
THIS SET IS OFTEN IN FOLDERS WITH...
Principles of Info Security (6th Ed.) - Chapter 8…
Chapter 7 Review Questions
CP3302 - Chap2
YOU MIGHT ALSO LIKE...
CP3302 - Chap6
ITN 100 Final Exam
Combo with "Chapter 19: Protecting your Network" a…
ITN 100 Final Exam
OTHER SETS BY THIS CREATOR
CYBR 4305 - Chapter 15
CYBR 4330 - Chapter 12
CYBR 4305 - Chapter 14
CYBR 4330 - Chapter 11
OTHER QUIZLET SETS
ACC 231 Exam 1 Review Questions
37.1 information processing in plants
Psychology Final - 100 Introduction to Psychology
Semester 2 exam study guide history