Home > Articles

📄 Contents

  1. Foundation Topics
  2. Chapter Review Activities
  • Print
  • + Share This
This chapter is from the book

Chapter Review Activities

Use the features in this section to study and review the topics in this chapter.

Chapter Summary

Well, it goes without saying that there are many potential attackers who would “storm the castle.” The question presents itself: Have you performed your due diligence in securing your computer networking kingdom?

If you answered yes, then it most likely means you have implemented some kind of unified threat management solution; one that includes a firewall, content filter, anti-malware technology, IDS/IPS, and possibly other network security technologies. This collaborative effort makes for a strong network perimeter. The firewall is at the frontlines, whether it is part of a UTM or running as a separate device. Its importance can’t be stressed enough, and you can’t just implement a firewall; it has to be configured properly with your organization’s policies in mind. ACLs, stateful packet inspection, and network address translation should be employed to solidify your firewall solution.

If you answered no, then prepare ye for more metaphorical expression. Remember that enemy forces are everywhere. They are lying in wait just outside your network, and they can even reside within your network—for example, the malicious insider, that dragon who has usurped the mountain and is perhaps in control of your precious treasure...your data. Analogies aside, this is all clear and present danger—it is real, and should be enough to convince you to take strong measures to protect your network.

Often, the act of securing the network can also provide increased efficiency and productivity. For example, a proxy server can act to filter content, and can provide anonymity, but also saves time and bandwidth for commonly accessed data. A honeypot can trap an attacker, thus securing the network, but the secondary result is that network bandwidth is not gobbled up by the powerful attacker. However, the same act can have the opposite effect. For example, a NIDS that is installed to detect anomalies in packets can slow down the network if it is not a powerful enough model. For increased efficiency (and lower all-around cost), consider an all-in-one device such as a UTM, which includes functionality such as firewalling, IDS/IPS, AV, VPN, and DLP. Just make sure it has the core processing and memory required to keep up with the amount of data that will flow through your network.

If you can find the right balance of security and performance while employing your network security solution, it will be analogous to your network donning the aegis, acting as a powerful shield against network attacks from within and without.

Review Key Topics

Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 8-2 lists a reference of these key topics and the page number on which each is found.

key_topic.jpg

Table 8-2 Key Topics for Chapter 8

Key Topic Element Description Page Number
Figure 8-1 Diagram of a basic firewall 175
Bulleted list Types of firewalls 176
Figure 8-2 Back-to-back firewall/DMZ configuration 177
Bulleted list Types of proxies 179
Figure 8-4 Illustration of an HTTP proxy in action 180
Figure 8-5 Illustration of NIDS placement in a network 183
Table 8-1 Summary of NIDS versus NIPS 185

Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:

  • network perimeter

  • access control list

  • explicit allow

  • explicit deny

  • implicit deny

  • packet filtering

  • stateful packet inspection

  • application-level gateway

  • circuit-level gateway

  • application firewall

  • web application firewall

  • proxy server

  • IP proxy

  • HTTP proxy (web proxy)

  • proxy auto-configuration (PAC)

  • Internet content filter

  • web security gateway

  • honeypot

  • honeynet

  • data loss prevention (DLP)

  • network intrusion detection system (NIDS)

  • promiscuous mode

  • network intrusion prevention system (NIPS)

  • false positive

  • false negative

  • unified threat management (UTM)

Complete the Real-World Scenarios

Complete the Real-World Scenarios found on the companion website (www.pearsonitcertification.com/title/9780134846057). You will find a PDF containing the scenario and questions, and also supporting videos and simulations.

Review Questions

Answer the following review questions. Check your answers in Appendix A, “Answers to the Review Questions.”

  • 1. Which tool would you use if you want to view the contents of a packet?

    • A. TDR

    • B. Port scanner

    • C. Protocol analyzer

    • D. Loopback adapter

  • 2. The honeypot concept is enticing to administrators because

    • A. It enables them to observe attacks.

    • B. It traps an attacker in a network.

    • C. It bounces attacks back at the attacker.

    • D. It traps a person physically between two locked doors.

  • 3. James has detected an intrusion in his company network. What should he check first?

    • A. DNS logs

    • B. Firewall logs

    • C. The Event Viewer

    • D. Performance logs

  • 4. Which of the following devices should you employ to protect your network? (Select the best answer.)

    • A. Protocol analyzer

    • B. Firewall

    • C. DMZ

    • D. Proxy server

  • 5. Which device’s log file will show access control lists and who was allowed access and who wasn’t?

    • A. Firewall

    • B. Smartphone

    • C. Performance Monitor

    • D. IP proxy

  • 6. Where are software firewalls usually located?

    • A. On routers

    • B. On servers

    • C. On clients

    • D. On every computer

  • 7. Where is the optimal place to have a proxy server?

    • A. In between two private networks

    • B. In between a private network and a public network

    • C. In between two public networks

    • D. On all of the servers

  • 8. A coworker has installed an SMTP server on the company firewall. What security principle does this violate?

    • A. Chain of custody

    • B. Use of a device as it was intended

    • C. Man trap

    • D. Use of multifunction network devices

  • 9. You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in?

    • A. Half-duplex mode

    • B. Full-duplex mode

    • C. Auto-configuration mode

    • D. Promiscuous mode

  • 10. Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses?

    • A. HTTP proxy

    • B. Protocol analyzer

    • C. IP proxy

    • D. SMTP proxy

    • E. PAC

  • 11. If your ISP blocks objectionable material, what device would you guess has been implemented?

    • A. Proxy server

    • B. Firewall

    • C. Internet content filter

    • D. NIDS

  • 12. Of the following, which is a collection of servers that was set up to attract attackers?

    • A. DMZ

    • B. Honeypot

    • C. Honeynet

    • D. VLAN

  • 13. Which of the following will detect malicious packets and discard them?

    • A. Proxy server

    • B. NIDS

    • C. NIPS

    • D. PAT

  • 14. Which of the following will an Internet filtering appliance analyze? (Select the three best answers.)

    • A. Content

    • B. Certificates

    • C. Certificate revocation lists

    • D. URLs

  • 15. Which of the following devices would detect but not react to suspicious behavior on the network? (Select the most accurate answer.)

    • A. NIPS

    • B. Firewall

    • C. NIDS

    • D. HIDS

    • E. UTM

  • 16. One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next?

    • A. ACLs

    • B. NIDS

    • C. AV definitions

    • D. FTP permissions

  • 17. Which of the following is likely to be the last rule contained within the ACLs of a firewall?

    • A. Time of day restrictions

    • B. Explicit allow

    • C. IP allow any

    • D. Implicit deny

  • 18. Which of the following best describes an IPS?

    • A. A system that identifies attacks

    • B. A system that stops attacks in progress

    • C. A system that is designed to attract and trap attackers

    • D. A system that logs attacks for later analysis

  • 19. What is a device doing when it actively monitors data streams for malicious code?

    • A. Content inspection

    • B. URL filtering

    • C. Load balancing

    • D. NAT

  • 20. Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what?

    • A. Port security

    • B. Content inspection

    • C. Firewall rules

    • D. Honeynet

  • 21. Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? (Select the three best answers.)

    • A. AV software

    • B. Proxy server

    • C. Spam filter

    • D. Load balancer

    • E. Firewall

    • F. URL filter

    • G. NIDS

  • 22. You have implemented a technology that enables you to review logs from computers located on the Internet. The information gathered is used to find out about new malware attacks. What have you implemented?

    • A. Honeynet

    • B. Protocol analyzer

    • C. Firewall

    • D. Proxy

  • 23. Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer?

    • A. Router

    • B. Firewall

    • C. Content filter

    • D. NIDS

  • 24. Your boss has asked you to implement a solution that will monitor users and limit their access to external websites. Which of the following is the best solution?

    • A. NIDS

    • B. Proxy server

    • C. Block all traffic on port 80

    • D. Honeypot

  • 25. Which of the following firewall rules only denies DNS zone transfers?

    • A. deny IP any any

    • B. deny TCP any any port 53

    • C. deny UDP any any port 53

    • D. deny all dns packets

  • + Share This
  • 🔖 Save To Your Account