Subject Name: CS9224 - INFORMATION SECURITY
Unit - 5
1. What are firewalls?
A firewall is any device that prevents a specific type of information from moving between the untrusted network outside and the trusted network inside The firewall may be:
a separate computer system
a service running on an existing router or server
a separate network containing a number of supporting devices
2. Explain different generations of firewalls.
First Generation - packet filtering firewalls
Second Generation-application-level firewall or proxy server
Third Generation- Stateful inspection firewalls
Fourth Generation-dynamic packet filtering firewall
Fifth Generation- kernel proxy
3. Mention the functions of first generation firewall
Examines every incoming packet header and selectively filters packets based on
address, packet type, port request, and others factors
4. What are the restrictions of first generation firewall?
The restrictions most commonly implemented are based on:
IP source and destination address
Direction (inbound or outbound)
TCP or UDP source and destination port-requests
5. What is the advantage of Second Generation firewalls?
The primary disadvantage of application-level firewalls is that they are designed for a specific protocol and cannot easily be reconfigured to protect against attacks on protocols for which they are not designed
6. Define stateful inspection firewall
It keeps track of each network connection established between internal and external systems using a state table which tracks the state and context of each packet in the conversation by recording which station sent what packet and when
7. What is the disadvantage of third generation firewalls?
The primary disadvantage is the additional processing requirements of managing and verifying packets against the state table, which can possibly expose the system to a DoS attack. These firewalls can track connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic
8. What is the function of Fifth Generation firewall?
The final form of firewall is the kernel proxy, a specialized form that works under the Windows NT Executive, which is the kernel of Windows NT. It evaluates packets at multiple layers of the protocol stack, by checking security in the kernel as data is passed up and down the stack
9. How firewalls are categorized by processing mode?
The five processing modes are
Packet filtering
Application gateways
Circuit gateways
MAC layer firewalls
Hybrids
10. What is the drawback of packet-filtering router?
The drawback of packet-filtering router includes a lack of auditing and strong authentication
11. What are Screened-Host Firewall Systems
Screened-Host firewall system allows the router to pre-screen packets to minimize the network traffic and load on the internal proxy
12. What is the use of an Application proxy?
An Application proxy examines an application layer protocol, such as HTTP, and performs the proxy services
13. What are dual homed host firewalls?
The bastion-host contains two NICs (network interface cards)
One NIC is connected to the external network, and one is connected to the internal network
With two NICs all traffic must physically go through the firewall to move between the internal and external networks
14. What is the use of NAT?
A technology known as network-address translation (NAT) is commonly implemented to map from real, valid, external IP addresses to ranges of internal IP addresses that are non-routable
15. What are Screened-Subnet Firewalls?
Consists of two or more internal bastion-hosts, behind a packet-filtering router, with each host protecting the trusted network
The first general model consists of two filtering routers, with one or more dual-homed bastion-host between them
The second general model involves the connection from the outside or untrusted network
16. What are the factors to be considered while selecting a right firewall?
What type of firewall technology offers the right balance of protection features and cost for the needs of the organization?
What features are included in the base price? What features are available at extra cost? Are all cost factors known?
How easy is it to set up and configure the firewall? How accessible are staff technicians with the mastery to do it well?
Can the candidate firewall adapt to the growing network in the target organization?
17. What are Sock Servers?
The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation
18. What are the recommended practices in designing firewalls?
All traffic from the trusted network is allowed out
The firewall device is always inaccessible directly from the public network
Allow Simple Mail Transport Protocol (SMTP) data to pass through your firewall, but insure it is all routed to a well-configured SMTP gateway to filter and route messaging traffic securel,
All Internet Control Message Protocol (ICMP) data should be denied
Block telnet (terminal emulation) access to all internal servers from the public networks
When Web services are offered outside the firewall, deny HTTP traffic from reaching your internal networks by using some form of proxy access or DMZ architecture
19. What are intrusion detection systems(IDS)?
IDSs work like burglar alarms
IDSs require complex configurations to provide the level of detection and response desired
An IDS operates as either network-based, when the technology is focused on protecting network information assets, or host-based, when the technology is focused on protecting server or host information assets
IDSs use one of two detection methods, signature-based or statistical anomaly-based
20. What are different types of IDSs?
Network-based IDS
Host-based IDS
Application-based IDS
Signature-based IDS
Statistical Anomaly-Based IDS
21. Define NIDS
A network-based IDS(NIDS) resides on a computer or an appliance connected to a segment of an organization's network and monitors traffic on that network segment,looking for indications of ongoing or successful attacks.
22. What is HIDS?
A Host-based IDS(HIDS) works differently from a network-based version of IDS. A host-based IDS resides on a particular computer or server,known as the host and monitors activity only on that system. HIDs are also known as System Integrity Verifiers as they benchmark and monitorthe status of key system files and detect when an intruder creates ,modifies or deletes monitored files.
23. What is the use of HIDS?
A HIDs is also capable of monitoring system configuration databases,such as windows registries,in addition to stored configuration files like .ini,.cfg,and .dat files.
24. What is Application-based IDS?
A refinement of Host-based IDs is the application-based IDS(AppIDS). The application based IDs examines an application for abnormal incidents. It looks for anomalous occurrences such as users exceeding their authorization,invalid file executions etc.
25. What is Signature-based IDS?
A signature-based IDS(also called Knowledge-based IDs) examines data traffic in search of patterns that match known signatures - that is,preconfigured ,predetermined attack patterns.
26. What is LFM?
Log File Monitor(LFM) is an approach to IDS that is similar to NIDS. Using LFm the system reviews the log files generated by servers,network devices,and wven other IDSs. These systems look for patterns and signatures in the log files that may indicate an attack or intrusion is in process or has already succeeded.
27. What are Honey Pots?
Honey pots are decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves. These systems are created for the sole purpose of deceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.
28. What are Honey Nets?
When a collection of honey pots connects several honey pot systems on a subnet,it may be called a honey net.
29. What are Padded Cell Systems?
A Padded Cell is a honey pot that has been protected so that it cannot be easily compromised. In otherwords,a padded cell is a hardened honey spot..
30. What are the advantages and disadvantages of using honey pot or padded cell approach?
Advantages:
Attackers can be diverted to targets that they cannot damage.
Administrators have time to decide how to respond to an attacker.
Attackers action can be easily and extensively monitored
Honey pots may be effective at catching insiders who are snooping around a network.
Disadvantages:
The legal implication of using such devices are not well defined.
Honey pots and Padded cells have not yet been shown to be generally useful security technologies.
An exper attacker,once diverted into a decoy system,may become angry and launch a hostile attack againt an organization's systems
Admins and security managers will need a high level of expertise to use these systems.
31. What are foot printing and finger printing?
One of the preparatory part of the attack protocol is the collection of publicly available information about a potential target,a process known as footprinting. Footprinting is the organized research of the Internet addresses owned or controlled by the target organization.
The next phase of the attack protocol is a second intelligence or data-gathering process called fingerprinting. This is systematic survey of all of the target organization's Internet addresses(which are collected during the footprinting phase); the survey is conducted to ascertain the network services offered by the hostsin that range. Fingerprinting reveals useful information about the internal structure and operational nature of the target system or network for the anticipated attack.
32. What are Vulnerability Scanners?
Vulnerability scanners are capable of scanning networks for very detailed information
As a class, they identify exposed usernames and groups, show open network shares, expose configuration problems, and other vulnerabilities in servers
33. Define Packet Sniffers
A network tool that collects copies of packets from the network and analyzes them
Can be used to eavesdrop on the network traffic
To use a packet sniffer legally, you must be:
on a network that the organization owns
under direct authorization of the owners of the network
have knowledge and consent of the content creators (users)
34. What is Cryptography?.
Cryptography, which comes from the Greek work kryptos,meaning "hidden",and graphein,meaning "to write",is aprocess of making and using codes to secure the transmission of information.
35. What is Cryptoanalysis?
Cryptoanalysis is the process of obtaining the original message(called plaintext) from an encrypted message(called the ciphertext) without knowing the algorithms and keys used to perform the encryption.
36. Define Encryption
Encryption is the process of converting an original message into a form that is unreadable to unauthorized individuals-that is,to anyone without the tools to convert the encrypted message back to its original format.
37. Define Decryption
Decryption is the process of converting the cipher text into a message that conveys readily understood meaning.
38. What is Public Key Infrastructure (PKI)?
PKI or Public Key Infrastructure
Public Key Infrastructure is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption
PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs) and can:
Issue digital certificates
Issue crypto keys
Provide tools to use crypto to secure information
Provide verification and return of certificates
39. What are the PKI Benefits
PKI protects information assets in several ways:
Authentication
Integrity
Privacy
Authorization
Nonrepudiation
40. .How E-mail systems are secured?
Encryption cryptosystems have been adapted to inject some degree of security into e-mail:
S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication
Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a standard to function with the public key cryptosystems
PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures
Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher along with RSA for key exchange
41. What are the seven major sources of physical loss?
Temperature extremes
Gases
Liquids
Living organisms
Projectiles
Movement
Energy anomalies
42. What is a Secure Facility?
A secure facility is a physical location that has been engineered with controls designed to minimize the risk of attacks from physical threats
A secure facility can use the natural terrain; traffic flow, urban development, and can complement these features with protection mechanisms such as fences, gates, walls, guards, and alarms
43. What are the controls used in a Secure Facility?
Walls, Fencing, and Gates
Guards
Dogs, ID Cards, and Badges
Locks and Keys
Mantraps
Electronic Monitoring
Alarms and Alarm Systems
Computer Rooms
Walls and Doors
44. What are the functions of Chief Information Security officer?
The CISO performs the following functions:
Manages the overall InfoSec program
Drafts or approves information security policies
Works with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans
Develops InfoSec budgets based on funding
Sets priorities for InfoSec projects & technology
Makes decisions in recruiting, hiring, and firing of security staff
Acts as the spokesperson for the security team
No comments:
Post a Comment