Network Security Fundamentals

Questions and Answers

What is the basis for identification in mail servers?

By IP address

By user name

By host name (correct)

By email subject

The DMZ mail server sends outgoing mail using the user name as an identifier.

False

What principle is applied to ensure that information about the internals of the network is not exposed?

Principle of least privilege

The web server identifies itself as __________.

www.drib.org

Match the following server types with their primary functions:

DMZ Mail Server = Handles mail and performs checks DMZ WWW Server = Accepts and services web requests SSH Server = Allows remote configuration Firewalls = Perform rudimentary checks

Which of the following activities is NOT performed by the DMZ mail server?

Perform internal network checks

What is the primary purpose of the DMZ Mail Server?

To perform address and content checking on emails

The web server can directly contact internal network servers.

False

The DMZ serves as an additional layer of security separating the internal network from external threats.

True

The DMZ mail server rewrites recipient address lines to direct the mail to the _____ server.

internal mail

What does the mail proxy do with the attachments in an email?

It assembles and scans them for bad content before restoring them to their original form.

What major goal does the DMZ Mail Server pursue?

To handle mail and perform checks and sanitization

Match the following DMZ servers with their functions:

DMZ Mail Server = Scans email for viruses and forwards it to the internal server DMZ WWW Server = Handles web traffic DMZ DNS Server = Resolves domain names to IP addresses DMZ Log Server = Records and analyzes traffic logs

Which type of content is specifically checked for by the DMZ Mail Server?

Bad content, including viruses and malicious logic

The length limitation for address lines in emails is set at 800 characters.

False

What is one standard technique used for scanning content for malicious logic?

Signature-based detection

What principle is applied when hiding part of the DMZ configuration to prevent unnecessary exposure?

Principle of least privilege

The WWW server on the DMZ does not require cryptographic support for data integrity.

False

What system is used to update the DMZ Web server?

WWW-clone

The program checks the format and contents of the ordered file and creates an enciphered version using the ______ key.

public

Match the following functions of the DMZ Web server with their descriptions:

Accepts orders = Saves consumer data to a file Updates via WWW-clone = Allows authorized users to maintain server content Encrypts order information = Uses public key to encipher data Deletes original file = Prevents unauthorized data access

Which of the following is a benefit of using public key cryptography on the DMZ Web server?

Sensitive data remains secure even if the system is compromised.

The principle of separation of privilege allows unauthorized users to change data on the DMZ Web server.

False

What happens to the original file after the program creates an enciphered version?

It is deleted.

Which principle states that users of the DMZ WWW server are not authorized to read the sensitive data stored there?

Least privilege

Public key cryptography requires that both the public and private keys be stored on the DMZ Web server.

False

What protocol is used for secure connections between the trusted internal administrative server and the DMZ WWW server?

SSH

The DMZ Log Server is crucial for assessing the method of attack and the __________ of a compromise.

damage

What must the DMZ DNS server contain regarding the DMZ servers?

Directory name service information for various DMZ hosts

The SSH server on the DMZ Web server denies connections only from trusted hosts.

True

What can attackers potentially do to logs stored on compromised machines?

Delete or tamper with them

Match the server type to its primary function:

DMZ WWW Server = Handles web requests and secures communication DMZ DNS Server = Manages directory name service information DMZ Mail Server = Facilitates mail transfers DMZ Log Server = Records access and events for security assessments

What principle is followed by the SSH server configuration on the Web server that rejects connections from any host other than the trusted internal administrative server?

Principle of fail-safe defaults

The Drib Web server directly accepts and processes customer credit card information without any encryption.

False

What is the purpose of the 'WWW-clone' system in the network?

To update the DMZ Web server.

The public key of a system on the internal customer subnet is used to create an ______ version of the order file.

enciphered

Match the principle to its description:

Fail-safe defaults = Deny unknown connections by default Least privilege = Minimize access to essential services only Separation of privilege = Limit unauthorized changes to the system Confidentiality = Protect sensitive information from unauthorized access

What does the Web server do after a customer confirms an order?

Deletes the original order file

The SSH server provides cryptographic support for data integrity and confidentiality.

True

What is stored in the spooling area that is not accessible to the Web server?

Enciphered order files

Study Notes

Firewalls and Proxies

• Firewalls are security measures to prevent external threats from accessing an internal network.
• Proxies act as intermediaries between a user and a server, offering additional security and anonymity.

Network Infrastructure Analysis

• Outer Firewall Configuration: Controls traffic entering the network from the internet.
• Inner Firewall Configuration: Controls traffic within the internal network.

DMZ (Demilitarized Zone)

• DMZ: A separate network segment between the internet and the internal network.
  • Designed to isolate and protect sensitive information from the internet.

DMZ Mail Server

• Function: Performs address and content checks on incoming and outgoing emails to prevent malicious content.
• Process:
  • Incoming emails are reassembled and scanned for viruses and malicious logic.
  • Header lines are rewritten to hide internal host names and addresses.
  • Outgoing emails from the internal mail server are sanitized before forwarding to the firewall for delivery.
• Security:
  • Least Privilege: Only provides information necessary for its function, hiding internal network details.
  • Detailed Checks: Allows firewalls to perform rudimentary checks while the mail server handles thorough content inspection.
• SSH Server: Allows remote administration from a trusted administrative host within the internal network.

DMZ WWW Server

• Function: Services requests from the internet, but does not access internal servers.
• Security:
  • Isolation: Compromise of the WWW server cannot affect internal hosts.
  • Hardened CGI Scripts: Scripts are thoroughly checked and protected against attacks.
  • No Confidential Data: Does not store sensitive information directly.
  • Least Privilege: Identifies as "www.drib.org" and uses the outside firewall’s IP address, hiding internal network details.
• WWW-clone: A system within the internal network used to update the DMZ Web server, ensuring security and control over updates.
• SSH Server: Enables remote administration and updates with cryptographic support.
• Order Processing:
  • Customer data is saved to a file on the DMZ server.
  • An enciphered version of the file is created using a public key from the internal customer subnet.
  • The original file is deleted, preventing attackers from accessing sensitive information.
• Security Principles:
  • Least Privilege: Valuable information is not stored online in its clear form.
  • Separation of Privilege: The cryptographic key needed to access the enciphered files is not stored on the DMZ server.
  • Fail-safe Defaults: The SSH server only accepts connections from the trusted administrative host, denying unknown connections.

DMZ DNS Server

• Function: Provides directory name service information for the DMZ servers and other necessary systems.
• Entries:
  • DMZ mail, web, and log servers.
  • Internal trusted administrative host.
  • Outer firewall.
  • Inner firewall.
• Flexibility: Allows the internal network addresses to be rearranged without needing to update the DMZ DNS server.

DMZ Log Server

• Function: Collects and stores logs from all DMZ machines for analysis and security auditing.
• Advantages:
  • Helps assess attack methods, damage, and response strategies.
• Challenges: Logs could be tampered with or erased by attackers.

Description

This quiz covers essential concepts in network security, including firewalls, proxies, and DMZ configurations. Understand how these components work together to protect sensitive information and maintain secure communications. Test your knowledge on firewall settings and the role of mail servers in network security.