INTERNET SECURITY

Chapter 6 Review Questions/Answers

CHAPTER 6

Security Technology: Firewalls and VPNs . . . . . . . . . . . . . . . . . . . . 245

CHAPTER 7

Security Technology: Intrusion Detection and Prevention Systems,

and Other Security Tools . . . . . 291

1. What is the typical relationship among the untrusted network, the firewall, and the
trusted network?

Firewall regulates data between an untrusted and trusted networks. The data enters from an
untrusted network to a firewall and the firewall filters the data, preventing suspicion data from
entering the network.

2. What is the relationship between a TCP and UDP packet? Will any specific
transaction usually involve both types of packets?

A TCP send a data packet and then reports back to the sender about the status of the transfer
while UDP is more interested in speed and does not report back to the sender. I dont think so
that there would be any specific transaction usually involving both TCP and UDP. I would
personally prefer TCP.

3. How is an application layer firewall different from a packet-filtering firewall? Why

an application layer firewall is sometimes called a proxy server?

A packet filtering firewall checks packets for the allowed destination, source and port address
information. An application layer firewall may be called a proxy server because it utilizes some
software application that act as proxies.

4. How is static filtering different from dynamic filtering of packets? Which is

perceived to offer improved security?

Static filtering has are installed with specific rules while dynamic filtering is perceived a more
secure as they are intelligent and can amend the rules by themselves.

5. What is stateful inspection? How is state information maintained during a network

connection or transaction?

Stateful inspection keeps an eye on external and internal connections to a network. It keeps track
of the system by keeping a table of the states.
 6. What is a circuit gateway, and how does it differ from the other forms of firewalls?

A circuit gateway operates at the transport layer level. It is used to prevent direct connection
between two different networks.

7. What special function does a cache server perform? Why is this useful for larger
organizations?

A cache server stores frequently used web pages and returns them on user request from the local
computer. It saves internet bandwidth for organization and provides a quick loading of the
cached pages.

8. Describe how the various types of firewalls interact with the network traffic at
various levels of the OSI model.

These firewalls include packet filtering, dynamic filtering, static filtering and stateful inspection
filtering. They work on transport level and prevent the network from external threats.

9. What is a hybrid firewall?

A hybrid firewall is that kind of firewall that is used to combine other kinds of firewall like
packet filtering firewall and proxy servers firewalls.

10. List the five generations of firewall technology. Which generations are still in
common use?

Five generation for firewall technology are, static packet filtering, application level firewalls,
inspection firewalls, dynamic packet filtering firewalls and kernel proxy. Almost all of them are
in common use depending on the needs of a network.

11. How does a commercial-grade firewall appliance differ from a commercial-grade

firewall system? Why is this difference significant?

Firewall appliances may feature as a general computer and is a standalone combination of

computing hardware and software while a commercial grade firewall system is the actual
software application that runs on a general purpose computer.

12. Explain the basic technology that makes residential/SOHO firewall appliances
effective in protecting a local network. Why is this usually adequate for protection?

Residential/SOHO firewall appliances are commonly known as broadband routers or modems

and are used in many homes and offices around the world. They act as a stateful firewall and
control traffic from the internet world that is transferred between the host compute and the
internet service provider.

13. What key features point up the superiority of residential/SOHO firewall appliances
over personal computer-based firewall software?

Residential/SOHO firewall appliances are superior to personal computer based firewalls because
they are the first line of defense to external threat. They have the capability to restrict specific
MAC addresses.
 14. How do screened host architectures for firewalls differ from screened subnet
firewall architectures? Which of these offers more security for the information
assets that remain on the trusted network?

Screen subnet firewalls are considered more secure than screened host architectures. They
provide a DMZ while screened host architecture provides a kind of dedicated firewall.

15. What a sacrificial host? What is a bastion host?

Both of them function similar. Both are in the front line to an untrusted network. Bastion host has
a separate dedicated firewall while a sacrificial host is defending the network on its own.

16. What is a DMZ? Is this really an appropriate name for the technology, considering
the function this type of subnet performs?

It is short for Demilitarized Zone. It acts as space is the zone where the fight for the trusted
network is conducted.

17. What are the three questions that must be addressed when selecting a firewall for a
specific organization?

The three questions are: 1. is it cost effective? 2. What is included in the base price and what is
not included? and 3. Will it be able to meet growing organization security requirements?

18. What is RADIUS? What advantage does it have over TACACS?

RADIUS is a check for the identity of anyone who wishes to enter the system. RADIUS is
widely supported by a variety of applications as compared to TACACS.

19. What is a content filter? Where is it placed in the network to gain the best result for
the organization?

A content filter gives the administrator the power to restrict access to the content on a network. It
is based inside the trusted network.

20. What is a VPN? Why is it becoming more widely used?

VPN is a virtual private network which is widely used for network security on the internet with
encryption and IPsec techniques
 Review Questions Chapter 7
1. *What common security system is an IDPS most like? In what ways are
these systems similar?*

We have home security alarms that are set with instructions to go off
when a thief enter the home. The same mechanism is incorporated in IDPS.

2. *How does a false positive alarm differ from a false negative one?
From a security perspective, which is least desirable?*

When an IDPS recognizes a threat when it did not exist in reality, we

call it a false positive. On the other hand a least desirable alarm is
the false negative which occurs when a threat is present but the IDPS
does not recognize and report it.

3. *How does a network-based IDPS differ from a host-based IDPS?*

These two differ in the range of their responsibility i.e. network based
IDPS protects a network while a host based IDPS secures a specific
device or host.

4. *How does a signature-based IDPS differ from a behavior-based IDPS?*

A signature based IDPS is fed with the identification of specific

threats and a behavior based IDPS has specifications of threats and it
observes the threats and corresponds in accordance to the specifications.

5. *What is a monitoring (or SPAN) port? What is it used for?*

SPAN is a replicates data from a network switch. It is used as a storage

device for an IDPS.

6. *List and describe the three control strategies proposed for IDPS
Control.*

IDPS has different strategies for its control mechanisms including fully
Distributed, partially and centralized control strategies.

7. *What is a honeypot? How is it different from a honeynet?*

When different honeypots are working together in a network to secure a

system, it is referred to as honeypot. A honeypot diverts threats
towards itself that were directed at the network.

8. *How does a padded cell system differ from a honeypot?*

When a honeypot is suspected to be less secured, it is improved and then

called a padded cell system.
9. *What is network footprinting? What is network fingerprinting? How
are they related?*

Footprinting is done to get information about the domains owned by an

organization on the internet. Fingerprinting is the next level of
footprinting which also gathers information about the resource utilized
by an organization which is already been footprinted.

10. *Why do many organizations ban port scanning activities on their

internal networks? *

Internet service providers do not consider themselves responsible for

external attacks that are performed via port scanning techniques.
Therefore organizations ban it to secure themselves from threats.

11. *Why would ISPs ban outbound port scanning by their customers?*

Customers might want to carry out attacks by port scanning. This is why
ISPs might ban it.

12. *What is an open port? Why is it important to limit the number of

open ports to only those that are absolutely essential?*

Open port is used from different services at port including accepting

traffic through TCP. Ports should be configured so that they are ready
to identify external threats.

13. *What is a vulnerability scanner? How is it used to improve security?*

Vulnerability scanners keep a check on open ports and assesses their

vulnerability to external threats. It is used to improve security as it
identify poor prepared ports.

14. *What is the difference between active and passive vulnerability

scanners?*

Active vulnerability scanners can initiate network traffic while passive

cannot.

15. *What kind of data and information can be found using a packet sniffer?*

In each network packets travel all around. A packet sniffer can be

utilized to monitor these packets.

16. *What capabilities should a wireless security toolkit include?*

A wireless security toolkit must be able to manage the confidentiality

and privacy of the wireless network.
17. *What is biometric authentication? What does the term biometric mean?*

Biometric is from the biological aspects of a human that means measuring

physical characteristics of human beings. These physical aspects like
retina scans or finger prints are used in security clearance processes.

18. *Are any biometric recognition characteristics considered more

reliable than others? Which are the most reliable? *

Retina scan is considered as one of the most reliable biometric

recognition tool.

19. *What is a false reject rate? What is a false accept rate? What is
their relationship to the crossover error rate?*

False reject rate is the rate at which authentic users are denied access
while false accept rate is the rate at which non authentic users are
granted access and identified as authentic. These both measures are used
on cross over error rate to configure system sensitivity.

20. *What is the most widely accepted biometric authorization

technology? Why do you think this technology is acceptable to users?*

Signatures are the most widely accepted biometric authorization

technology in the world in my opinion. It is accepted widely due to ease
of availability.

21. *What is the most effective biometric authorization technology? Why

do you think this technology is deemed to be most effective by
security professionals?*

Any biometric recognition that can most effectively differentiate

between human physical attributes would be the most effective. At
present time Iris is considered as the most effective biometric
Authentication technology.