CHAPTER SUMMARY

Never deploy firewalls hastily. Instead, use careful investigation and planning in the design and use of firewalls. Consider the numerous firewall deployment issues regarding your business needs and network situation.

Some important concerns include deciding:

  • Which security strategies to integrate
  • How AAA enforces security
  • Whether you need reverse proxy
  • Whether to configure port forwarding
  • Which bastion host OS to use
  • How to monitor firewalls and handle log data
  • How to deal with IDS/IPS false positives and false negatives
  • How the firewall will interact or interfere with business processes

KEY CONCEPTS AND TERMS

Aggregation

Alert

Anomaly-based detection

Bastion host OS

Behavioral-based detection

Centralized logging system

Correlation

Database-based detection

Deduplication

Diversity of defense

Fail-closed

Fail-open

Fail-safe

Fail-secure

False negative

False positives

General-purpose OSs

In-band management

Knowledge-based detection

Logging

Monitoring

N-tier deployment

Out-of-band management (OBM)

Port-based network access (admission) control (PNAC)

Principle of least privilege

Proprietary OSs

Reverse caching

Security information and event management (SIEM)

Security through obscurity

Separation of duties

Signature-based detection

Steganography

Syslog

Time synchronization

Universal participation

Weakest link

Write-once read-many (WORM)

CHAPTER 7 ASSESSMENT

  1. When is a reverse proxy useful?
    1. To grant outside users access to internal email servers
    2. To support internal users accessing the public Internet
    3. To allow internal users to access external web servers
    4. To offer external entities access to an internal web server
  2. Which of the following is an event found in a firewall log file that is a symptom of a rogue host operating within the private network?
    1. Packets from an unassigned internal address
    2. Packets to an unknown port on an internal host
    3. Packets in a serial grouping, attempting to access a series of ports
    4. Packets that are all exactly the same, directed toward a single target
  3. Which security strategy is based on locking the environment down so users can perform their assigned tasks, but little else?
    1. Creating chokepoints
    2. Diversity of defense
    3. Principle of least privilege
    4. Separation of duties
  4. Which of the following statements is true regarding a reverse proxy?
    1. The reverse proxy server can act as the endpoint for a TLS tunnel.
    2. A reverse proxy cannot be used in conjunction with secured websites.
    3. A reverse proxy can be used with tunnel mode IPSec VPNs.
    4. A reverse proxy cannot support simultaneous SSL tunnels.
  5. Which of the following is the most important feature of a bastion host OS?
    1. Leveraging existing OS administrative knowledge
    2. Inherent ease of use
    3. Resistance to attacks and compromise attempts
    4. Unlimited remote administration
  6. When considering deployment of an IDS or IPS, what is the biggest problem?
    1. Failing anomaly detection
    2. False positives
    3. False negatives
    4. Failing to operate at wire speed
  7. Which of the following is a highly recommended method or technique for keeping firewall logs secure and uncorrupted?
    1. Storing the logs in binary form
    2. Using high-capacity hard drives
    3. Using timestamps
    4. Using WORM drives
  8. Which standard allows a firewall to hand off authentication to a dedicated service hosted on a different system?
    1. IEEE 802.1x
    2. IIEE 802.3
    3. IEEE 802.11
    4. IEEE x801
  9. Which security stance focuses on the use of firewalls as its primary means of controlling communications?
    1. Chokepoint
    2. Universal participation
    3. Fail-safe
    4. Weakest link
  10. Which term describes the deployment of multiple subnets in a series to separate private resources from public?
    1. Diverse
    2. Separation
    3. N-tier
    4. DMZ
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.142.2