Damon Baker (15622970)

June 24, 2015

IS3220
dbaker158@email.itt-tech.edu
Notes
DMZ firewalls
VPN Bastion Host
Ingress firewalking
Egress fragmentation
Internal code planting
Buffer overflow
Web server and mail server should be placed where?
Webserver should be on the outside of the firewall to filter the internet as it comes into the internal network
The correct rules have to be set up on the firewall in order for it to be successful.

A Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is
allocated to hold. Exploiting a buffer overflow allows an attacker to modify portions of the target process' address space.
Firewalking is a technique developed by Mike Schiffman and David Goldsmith that utilizes traceroute techniques and TTL
values to analyze IP packet responses in order to determine gateway ACL (Access Control List) filters and map networks.
It is an active reconnaissance network security analysis technique that attempts to determine which layer 4 protocols a
specific firewall will allow.
A Bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The
computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to
reduce ththe process or state of breaking or being broken into small or separate parts.
Fragmentation - the process or state of breaking or being broken into small or separate parts.
Ingress Network traffic that originates from outside of the networks routers and proceeds toward a destination inside
of the network. For example, an e-mail message that is considered ingress traffic will originate somewhere outside of a
enterprises LAN, pass over the Internetand enter the companys LAN before it is delivered to the recipient.
Egress Network traffic that begins inside of a network and proceeds through its routers to a destination somewhere
outside of the network. For example, an e-mail message that is considered egress traffic will travel from a users
workstation and pass through the enterprises LANrouters before it is delivered to the Internet to travel to its final
destination.
Encrypted transport tunnel mode encrypts the original payload and header
Transport mode encrypts only the payload
Firewall cannot filter encrypted data
An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a
particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its
access control list. The list has an entry for each system user with access privileges. The most common privileges include
the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable
file, or program). Microsoft Windows NT/2000, Novell's NetWare, Digital's OpenVMS, and UNIX-based systems are
among the operating systems that use access control lists. The list is implemented differently by each operating system.