Term
| What firewalls inspect the header of each packet to locate the source and destination IP Addresses, protocol id, type of packet, routing protocols etc? |
|
Definition
| Packet Filtering Firewalls |
|
|
Term
What are the following?:
•Restricts traffic allowed on network
•Used to implement security zones
•Configured with access control rules
•Different types of firewall |
|
Definition
| Basic Firewall Attributes |
|
|
Term
What are the following?:
oCan examine TCP headers
oState table
o(Can also apply packet filtering rules)
o Better protects against DOS |
|
Definition
| Attributes of Stateful Inspection Firewalls |
|
|
Term
What are the following?:
•“Stateful Multilayer Inspection” or “Deep Packet Inspection”
•Can examine packet payload and monitor connections (stateful)
•Requires filter for each application type |
|
Definition
| Attributes of Aware Firewalls |
|
|
Term
|
Definition
|
|
Term
What are the following?:
•Rule-based management
•Firewall rules (tuples)
•Access Control List
•Flood guard
•Implicit deny
•Troubleshooting |
|
Definition
| Elements of Firewall Configuration |
|
|
Term
What are the following?:
•Able to inspect code in HTTP packets
•Matches suspicious code to vulnerability database
•Can be implemented as software on host or as appliance |
|
Definition
| Attributes of Web Application Firewalls |
|
|
Term
What are the following?:
oBreaks end-to-end connection between hosts
oProxy opens the connection with the server on behalf of the client (or vice versa)
oMost stateful firewalls are implemented as proxies
oMost can also cache and pre-fetch content to improve performance |
|
Definition
|
|
Term
| What is a packet filtering firewall forwards or blocks only? |
|
Definition
|
|
Term
What are the following?:
oSpoof victim's IP address and attempt to open connections with multiple servers
oThose servers direct their SYN/ACK responses to the victim |
|
Definition
| Attributes of Amplified SYN flood |
|
|
Term
|
Definition
|
|
Term
| What is ping amplifying a network using victim IP? |
|
Definition
|
|
Term
What are the following?:
oDirect responses at victim
oQueries can be constructed to generate large response packets |
|
Definition
| Capabilities of Bogus DNS / NTP queries |
|
|
Term
|
Definition
|
|
Term
| What is an Amplification Attack? |
|
Definition
| Distributed Reflection DoS (DRDoS) |
|
|
Term
| What does a Bogus DNS Server Allow A Hacker To Do? |
|
Definition
| Redirect you anywhere they want |
|
|
Term
| What drops traffic to protect other hosts in the routing domain? |
|
Definition
|
|
Term
| What distributes requests across farm or pool of servers (nodes)? |
|
Definition
|
|
Term
|
Definition
•Provides stateful fault tolerance
•Configure nodes for failover |
|
|
Term
|
Definition
| DNS server returns IP from a group in response to name queries |
|
|
