This chapter is from the book
This chapter is from the book
This chapter is from the book
Chapter Review Activities
Use the features in this section to study and review the topics in this chapter.
Chapter Summary
Well, it goes without saying that there are many potential attackers who would “storm the castle.” The question presents itself: Have you performed your due diligence in securing your computer networking kingdom?
If you answered yes, then it most likely means you have implemented some kind of unified threat management solution; one that includes a firewall, content filter, anti-malware technology, IDS/IPS, and possibly other network security technologies. This collaborative effort makes for a strong network perimeter. The firewall is at the frontlines, whether it is part of a UTM or running as a separate device. Its importance can’t be stressed enough, and you can’t just implement a firewall; it has to be configured properly with your organization’s policies in mind. ACLs, stateful packet inspection, and network address translation should be employed to solidify your firewall solution.
If you answered no, then prepare ye for more metaphorical expression. Remember that enemy forces are everywhere. They are lying in wait just outside your network, and they can even reside within your network—for example, the malicious insider, that dragon who has usurped the mountain and is perhaps in control of your precious treasure...your data. Analogies aside, this is all clear and present danger—it is real, and should be enough to convince you to take strong measures to protect your network.
Often, the act of securing the network can also provide increased efficiency and productivity. For example, a proxy server can act to filter content, and can provide anonymity, but also saves time and bandwidth for commonly accessed data. A honeypot can trap an attacker, thus securing the network, but the secondary result is that network bandwidth is not gobbled up by the powerful attacker. However, the same act can have the opposite effect. For example, a NIDS that is installed to detect anomalies in packets can slow down the network if it is not a powerful enough model. For increased efficiency (and lower all-around cost), consider an all-in-one device such as a UTM, which includes functionality such as firewalling, IDS/IPS, AV, VPN, and DLP. Just make sure it has the core processing and memory required to keep up with the amount of data that will flow through your network.
If you can find the right balance of security and performance while employing your network security solution, it will be analogous to your network donning the aegis, acting as a powerful shield against network attacks from within and without.
Review Key Topics
Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 8-2 lists a reference of these key topics and the page number on which each is found.
Table 8-2 Key Topics for Chapter 8
| Key Topic Element | Description | Page Number |
| Figure 8-1 | Diagram of a basic firewall | 175 |
| Bulleted list | Types of firewalls | 176 |
| Figure 8-2 | Back-to-back firewall/DMZ configuration | 177 |
| Bulleted list | Types of proxies | 179 |
| Figure 8-4 | Illustration of an HTTP proxy in action | 180 |
| Figure 8-5 | Illustration of NIDS placement in a network | 183 |
| Table 8-1 | Summary of NIDS versus NIPS | 185 |
){kind=link}
){kind=link}
){kind=link}
){kind=link}
Define Key Terms
Define the following key terms from this chapter, and check your answers in the glossary:
network perimeter
access control list
explicit allow
explicit deny
implicit deny
packet filtering
stateful packet inspection
application-level gateway
circuit-level gateway
application firewall
web application firewall
proxy server
IP proxy
HTTP proxy (web proxy)
proxy auto-configuration (PAC)
Internet content filter
web security gateway
honeypot
honeynet
data loss prevention (DLP)
network intrusion detection system (NIDS)
promiscuous mode
network intrusion prevention system (NIPS)
false positive
false negative
unified threat management (UTM)
Complete the Real-World Scenarios
Complete the Real-World Scenarios found on the companion website (www.pearsonitcertification.com/title/9780134846057). You will find a PDF containing the scenario and questions, and also supporting videos and simulations.
Review Questions
Answer the following review questions. Check your answers in Appendix A, “Answers to the Review Questions.”
1. Which tool would you use if you want to view the contents of a packet?
A. TDR
B. Port scanner
C. Protocol analyzer
D. Loopback adapter
2. The honeypot concept is enticing to administrators because
A. It enables them to observe attacks.
B. It traps an attacker in a network.
C. It bounces attacks back at the attacker.
D. It traps a person physically between two locked doors.
3. James has detected an intrusion in his company network. What should he check first?
A. DNS logs
B. Firewall logs
C. The Event Viewer
D. Performance logs
4. Which of the following devices should you employ to protect your network? (Select the best answer.)
A. Protocol analyzer
B. Firewall
C. DMZ
D. Proxy server
5. Which device’s log file will show access control lists and who was allowed access and who wasn’t?
A. Firewall
B. Smartphone
C. Performance Monitor
D. IP proxy
6. Where are software firewalls usually located?
A. On routers
B. On servers
C. On clients
D. On every computer
7. Where is the optimal place to have a proxy server?
A. In between two private networks
B. In between a private network and a public network
C. In between two public networks
D. On all of the servers
8. A coworker has installed an SMTP server on the company firewall. What security principle does this violate?
A. Chain of custody
B. Use of a device as it was intended
C. Man trap
D. Use of multifunction network devices
9. You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in?
A. Half-duplex mode
B. Full-duplex mode
C. Auto-configuration mode
D. Promiscuous mode
10. Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses?
A. HTTP proxy
B. Protocol analyzer
C. IP proxy
D. SMTP proxy
E. PAC
11. If your ISP blocks objectionable material, what device would you guess has been implemented?
A. Proxy server
B. Firewall
C. Internet content filter
D. NIDS
12. Of the following, which is a collection of servers that was set up to attract attackers?
A. DMZ
B. Honeypot
C. Honeynet
D. VLAN
13. Which of the following will detect malicious packets and discard them?
A. Proxy server
B. NIDS
C. NIPS
D. PAT
14. Which of the following will an Internet filtering appliance analyze? (Select the three best answers.)
A. Content
B. Certificates
C. Certificate revocation lists
D. URLs
15. Which of the following devices would detect but not react to suspicious behavior on the network? (Select the most accurate answer.)
A. NIPS
B. Firewall
C. NIDS
D. HIDS
E. UTM
16. One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next?
A. ACLs
B. NIDS
C. AV definitions
D. FTP permissions
17. Which of the following is likely to be the last rule contained within the ACLs of a firewall?
A. Time of day restrictions
B. Explicit allow
C. IP allow any
D. Implicit deny
18. Which of the following best describes an IPS?
A. A system that identifies attacks
B. A system that stops attacks in progress
C. A system that is designed to attract and trap attackers
D. A system that logs attacks for later analysis
19. What is a device doing when it actively monitors data streams for malicious code?
A. Content inspection
B. URL filtering
C. Load balancing
D. NAT
20. Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what?
A. Port security
B. Content inspection
C. Firewall rules
D. Honeynet
21. Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? (Select the three best answers.)
A. AV software
B. Proxy server
C. Spam filter
D. Load balancer
E. Firewall
F. URL filter
G. NIDS
22. You have implemented a technology that enables you to review logs from computers located on the Internet. The information gathered is used to find out about new malware attacks. What have you implemented?
A. Honeynet
B. Protocol analyzer
C. Firewall
D. Proxy
23. Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer?
A. Router
B. Firewall
C. Content filter
D. NIDS
24. Your boss has asked you to implement a solution that will monitor users and limit their access to external websites. Which of the following is the best solution?
A. NIDS
B. Proxy server
C. Block all traffic on port 80
D. Honeypot
25. Which of the following firewall rules only denies DNS zone transfers?
A. deny IP any any
B. deny TCP any any port 53
C. deny UDP any any port 53
D. deny all dns packets