Vocab / Use Case
Client → SYN to server
Servers → SYN/ACK to client
Clients → ACK
Bonus: You can use a ____ to block and allow traffic on routers and firewalls just as you can block or allow traffic based on ports.
What is Transmission Control Protocol?
Bonus: What is Protocol Number?
Can learn which computers are attached to each of its physical ports. It then uses this knowledge to create internal connections when two computers communicate with each other.
What are Switches?
Limits the computers that can connect to physical ports on a switch
Disables unused ports
Limits the # of MAC per ports
Restricts each physical port to only a single MAC
What is Port Security?
A protocol that translates public IP addresses to private IP addresses and private IP address to public
Enabled on an Internet facing firewall.
Bonus: Common form of the above protocol.
What is NAT - Network Address Translation?
Bonus: What is PAT - Port Address Translation?
Filter incoming / outgoing traffic by a single host or between networks
What is a Firewall?
A firewall can ensure only specific types of traffic are allowed into a network or host and only specific types of traffic are allowed out of network or host.
Ping
Tracert
Pingpath
What is ICMP - Internet Control Message Protocol?
Indicates that all traffic that isn’t implicitly denied
Bonus: A network ___ connects multiple networks together and can be used instead of a router in some situations.
What is Implicit Deny?
Bonus: What is Bridge?
Admin’s use ___ to divide larger IP address ranges into smaller ranges then implements rules with ACL’s to allow/block traffic.
What is subnetting?
Uses a single public IP address in a one to one mapping.
It maps a private IP address with a single public IP address.
What is Static Nat?
Application Based Firewall
It monitors traffic passing through the NIC and prevents intrusions into the computer via the NIC.
Provide protection for individual hosts, such as servers or workstations
Provide intrusion protection for the host
What is Host Based Firewalls?
Host Based Firewalls monitors traffic going in and out of a single host such as a server or workstation.
Resolves IPv4 addresses to media control addresses
TCP/IP address to get a packet to a destination network, but once it arrives on the destination network, it uses the MAC address to get it to the correct host.
What is ARP - Address Resolution Protocol?
A device that converts data from the format used on one network to the format used on another network.’
Example: VoIP gateway converts telephony traffic between traditional phone lines and an IP based network
What is Media Gateway?
A single solution that combines multiple security controls
Combines multiple security controls into a single appliance
Inspect data streams and often include URL filtering, malware inspection and contention inspection components.
What is Unified Threat Management?
Uses multiple IP addresses in a one to many mapping.
Decides which public IP address to use based on load.
What is Dynamic NAT?
Permissions - Permit / Allow or DENY
Protocols - TCP or UDP or ICMP
Source - Traffic comes from a source IP address
Destination - Traffic is addressed to a destination IP Address
Port or Protocol
Might need a subnet mask in the rule
What is Stateless Firewall Rules?
Uses rules implemented as ACL’s to identify allowed and block traffic
If a stateless firewall doesn’t have an implicit deny rule , it can allow all traffic into the network.
Use ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic.
What is ARP Poisoning Attack?
A server that examines all incoming and outgoing email and attempts to reduce risks associated with email.
Includes DLP - Data Loss Prevention capabilities,
They examine outgoing email looking for confidential and sensitive information.
What is Mail Gateways?
it accepts requests, forwards the requests to the appropriate server and then sends the response to the original requestor.
What is Application Proxy?
Segregation - provides basic separation
Segmentation - putting traffic on different segments
Isolation- the system’s are completely separate
What is Network Separation?
Inspects traffic and makes decisions based on the context, or state of traffic
It blocks traffic that isn’t part of an established session.
What is Stateful Firewall Rules?
FTPS (File Transfer Protocol Secure)*
FTP (File Transfer Protocol)*
TFTP (Trivial File Transfer Protocol)*
SSH (Secure Shell)
SSL (Secure Sockets Layer)
TLS (Transport Layer Security)
SFTP (Secure File Transfer)
What is File Transfer Use Case?
Can modify or filter requests
Restricts what users can access with the use of URL filters
Bonus: will accept and forward requests without modifying them- easy to connect and provides caching.
What is Nontransparent Proxy?
Bonus: What is Transparent Proxy?
Mimics the behavior of a router and allows network admin to create virtual local area networks (VLAN’s)
Forwards traffic based on the destination IP address instead of the MAC address
Creates multiple VLAN’s to separate the computer’s based on logical needs rather than physical location.
What is Layer 3?
A firewall specifically designed to protect a web application hosted on a web server.
Located between a server hosting a web application and a
What is Web Application Firewall (WAF)?