Sunteți pe pagina 1din 5

CIST 2602 Homework Chapter 6 Page numbers and answers 1.

What are the advantages of Behavior-Based Monitoring over that of Anomaly-Based or Signature-Based monitoring? Page 221. The major advantage that Behavior-based monitoring attempts is to stop attacks before they happen rather than waiting until they start. 2. How can subnetting be used to enhance security? Page 230. It can be used to isolate groups of hosts. This decreases attack surfaces and helps to separate departments. 3. What part of the network benefits the most from faster switching and routing? (All is not an answer.) Page 210 The backbone will benefit the most from faster switching and routing. 4. What are the differences between a Hub and a Switch? How do these differences affect Network Security?

Page 209 A hub functions at layer 1. It does nothing to the data except regenerate it and send it out all of its ports. A switch functions at layer 2. It can examine the data, as far as layer 2 and forward intelligently through selected ports. It can also be used to separate networks through the use of Vlans. Unlike hubs, they are not vulnerable to protocol analyzers. 5. Describe load balancing AND how we can achieve it. Page 212. Load balancing is a method used to distribute the load evenly across the network. It is achieved one of two ways. Either through software on a computer, or a hardware device known as a load balancer. 6. Describe Stateful Packet Filtering and how tracking it can improve network security. Page 214. It will keep track of the connection between the internal computer and the external devices as well as the conditions surrounding the connection that was made. This helps to keep unwanted connections from coming in that werent first initiated within the network. 7. Describe a Proxy Server. Where are they placed in the network? What protocols can the proxy? Page 215-6.

A proxy server is a computer or program that accepts a user request from the internal secure network and then processes it on behalf of the user. They are most usually placed between the firewall and the network device (switch, router, etc). They can handle HTTP and FTP. 8. Describe the reverse proxy service. What devices does it usually service? Page 216-7. A reverse proxy routes the incoming requests to the proper server. It usually services devices that are outside of that network. 9. Describe the VPN process and list the protocols involved in building and maintaining the tunnel. Page 219. A VPN utilizes two endpoints, where one is where the user is and the other is the network he is accessing. Between the two endpoints is the encrypted tunnel that the information travels down via the internet and use PPTP and Ipsec. 10. How does a web security gateway work? Where is it placed? Page 220. Blocks malicious web content based upon application level filtering. It should be placed on the client because it deals with ActiveX objects, cookies, adware, spyware, IM and etc. 11. Describe the Signature-Based monitoring process. Page 221. It examines network traffic and compares it to a defined signature. To be effective, it must be kept upto-date in order to capture the newest behaviors. Unfortunately, as time goes on the number of signatures to compare to is very large, and if they are too specific, they may be ineffective. 12. What is a System Call? Page222. A system call is an occurance that happens when an operation requests the attention of the operating system. 13. Describe the differences AND uses of NAT and PAT. Page 224-5 NAT is a method of replacing an internal private IP address with an outgoing public IP address, so it can access the internet or other resources not local to the network. Each outgoing packet is assigned a public address, and is associated with a private one internally, when the packets are incoming the process is simply reverse.

PAT is similar to NAT, in that it will allow a private addresses to be associated with a public address, to get out on the internet, however PAT most commonly uses a single public address and varies its TCP port number. This method allows several PCs to go out to the public network with one public address, whereas in NAT each PC had its own public address to go out with. 14. What are private IP address networks used for? List the normal Private IP address ranges for Class A, B, and C networks. Page 225. Private Ip addresses are used for local networks so that the IPv4 Range can be conserved. The ranges for the classful addresses are: 15. Class A: 10.0.0.0-10.255.255.255 Class B: 172.16.0.0-172.31.255.255 Class C: 192.168.0.0-192.168.255.255 Describe a DMZ. What services are normally hosted in a DMZ? What support services should you include?

Page 228 A DMZ is a procedure used to separate your public devices from the secure network. This way, the outsiders that need to access your devices arent inside your secure network when they do so. Commonly hosting web and mail services. 16. Describe a VLAN. How can they be used to improve Network Security? Page 231 Vlans are a way of using switches to logically group devices that have a common purpose despite not being located physically together. Devices that are not within the same vlan usually cannot communicate directly unless there has been some routing aspect added. This adds a layer of security to your network. 17. Describe Remote Access. How can we ensure the security of such access? Page 232. Remote access is a way to allow users into your local network when they are not at the location. This can be done securely through a dedicated line, such as Dial-up or a VPN. 18. Describe how to obtain a good network baseline. Page 221 You would measure the operation of the network, when it is working normally, over time 19. Describe a HIDS. What devices is it normally run on?

Page 222. Normally, it is run on a local host computer. HIDS is a software program that detects attacks as they are occuring and monitor, system calls, file system access, system registry settings, and host input/output. 20. What protocols are used for TCP/IP based emails? What port numbers do they use? Page 217. SMTP: 25, POP3: 110 21. List and describe five features of Internet Content Filters. Page 220 URL and Content filtering: block access to specific websites, or block websites containing keywords, or only allow access to certain websites Malware Filtering: Assess if a website contains malicious elements Prohibit File Download: Deny download of .exe, audio/video, and archive files Profiles: blocks content-specific websites, adult, hacking, virus-infected, etc Detailed reporting: can monitor internet traffic and identify those users who attempt to bypass the filters. 22. Describe the differences between an Active and a Passive NIDS. Page 223 A passive nids will take no action against the attack, only sound an alarm and log the event. An active one will do that plus take action to fight the attack. 23. Describe the differences between subnetting and VLANS. Page 229-232 Subnetting is a process that is used by the TCP/IP suite, and can divide the network into smaller, more manageable nets containing the computers allowed in it. The Subnetting process and helps if they are physically located together, but is not required. Vlans usually and do not need to be located together. Vlans allow for an additional layer of isolation atop of subnetting. 24. Describe how NAC works. Page 226-7

NAC is used to determine if a client is healthy enough to connect to the network. This is done generally: 1. 2. 3. 4. The client performs a self-assessment using SHA The assessment, known as the SoH is sent to the HRA If it passes, it is given a health certificate The certificate is presented to the network servers to ensure the clients security condition has been approved 5. If it does not pass, it will be sent to a quarantine network and will remain there until the deficienies are corrected.

25. Describe All-In-One network security appliances. (Can I get one to match my stove?) Page 224. An All-In-One security appliance is a device that provides a combination of security tasks such as: Anti-Spam/Phishing Anti-virus/Spyware Bandwidth optimization Content Filtering Firewall Instant messaging control Intrusion protection And more

Where it is very likely that you can purchase one to match your stove, I must question the validity of your network if it has any major devices located in the kitchen area.

S-ar putea să vă placă și