Network Security Overview

Questions and Answers

What protocol does the internal trusted administrative server use to connect to the Web server?

HTTP

SSH (correct)

Telnet

FTP

The SSH server on the Web server allows connections from any host.

False

What is the principle that states that unauthorized changes in the Web server are mitigated by updates from the WWW-clone?

separation of privilege

The data entered by the consumer on the Drib's website is saved to a __________.

file

Match the following concepts with their descriptions:

SSH Protocol = Used for secure remote connections Principle of Least Privilege = Limits knowledge about network addresses to those who need it Cryptographic Support = Ensures confidentiality and integrity of data DMZ Web Server = Hosts the public-facing website for Drib

What happens to the original order file after it is enciphered?

It is deleted.

The WWW-clone system is used to gather orders from customers.

False

What is the primary purpose of using an enciphered version of the order file?

To ensure confidentiality and protect sensitive information

What is the primary purpose of the DMZ configuration in a network?

To protect internal network data from external threats

The WWW-clone system allows unauthorized users to update the DMZ Web server.

False

What cryptographic support does the DMZ WWW server use for maintenance and updating?

SSH

The principle of __________ prevents unauthorized access to sensitive data on the DMZ Web server.

least privilege

Match the following principles with their descriptions:

Least Privilege = Users have access only to the information necessary for their roles Separation of Privilege = Requires multiple factors to access sensitive information Fail-Safe Defaults = Systems are designed to default to a secure state Public Key Cryptography = Uses a pair of keys to encrypt and decrypt information

How does the DMZ WWW server ensure that customer order information is secure?

By encrypting the order information before storage

The customer information is stored in clear text on the DMZ WWW server.

False

What happens to the original file after the order information is enciphered?

It is deleted.

What is the primary purpose of the log server writing to write-once media?

To ensure logs are not overwritten by attackers

The log server can initiate transfers to the inner network.

False

What principle is applied when using write-once media for the log server?

Least privilege

Each server has the minimum knowledge of the network necessary to perform its task, which follows the principle of _________.

least privilege

Match the following principles with their descriptions:

Separation of privilege = Minimizes risk by dividing access Fail-safe defaults = Assumes the default is denial of access Least privilege = Grants only the permissions necessary for a task Compartmentalization = Isolates systems to prevent malware spread

Which of the following is NOT a benefit of minimizing operating system features on servers?

Allows for feature expansion later

How can administrators access logs on the log server?

By viewing them directly or replacing write-once media.

The servers can perform any operations on behalf of a remote process if compromised.

False

What is the primary function of the DMZ WWW server?

Facilitate secure connections to an internal trusted server

The DMZ DNS server contains information only about the internal trusted administrative host.

False

What protocol does the internal trusted administrative server use to connect to the DMZ WWW server?

SSH

The DMZ log server is used to log the ____ of all DMZ machines.

activity

Match the DMZ servers with their respective functions:

DMZ WWW Server = Facilitates secure connections and data encryption DMZ DNS Server = Maintains directory service information DMZ Mail Server = Handles mail transfers and forwarding DMZ Log Server = Records machine activity for security assessment

What security principle is applied when the SSH server rejects connections from any host other than the trusted internal administrative server?

Principle of fail-safe defaults

All logs on the DMZ log server are secure and cannot be tampered with by attackers.

False

The DMZ mail server needs to know the addresses of the two ____ for mail transfers.

firewalls

What is the primary role of the DMZ Mail Server?

To perform address and content checking on email messages.

The DMZ Mail Server allows direct access to the internal network.

False

What does the mail proxy primarily scan for in incoming emails?

Malicious content such as viruses and known malicious logic.

The __________ ensures that address lines are less than 80 characters long by splitting them if necessary.

mail proxy

Match the following DMZ servers with their functions:

DMZ Mail Server = Address and content checking of emails DMZ WWW Server = Hosting web applications DMZ DNS Server = Translating domain names to IP addresses DMZ Log Server = Storing logs of network activity

What is not a function of the DMZ Mail Server?

Storing files on behalf of the internal network.

The DMZ infrastructure includes only one type of firewall.

False

Describe the function of the DMZ Log Server.

It stores logs of network activity.

Study Notes

Network Security Overview

• Network security architecture includes firewalls, proxies, and a Demilitarized Zone (DMZ) for enhanced protection.
• A DMZ serves as a buffer between an internal network and external threats, hosting essential services like mail, web, DNS, and log servers.

DMZ Components

• DMZ Mail Server

  • Performs address and content checking on emails to protect internal information.
  • Reassembles messages into their original format for efficient scanning.
  • Scans for viruses and malicious logic before forwarding emails to the internal mail server.
  • Implements the principle of least privilege to obscure internal addresses from external entities.

• DMZ WWW Server

  • Utilizes a system known as “WWW-clone” for updating purposes, ensuring that unauthorized changes are prevented.
  • Processes customer orders securely, creating enciphered versions of files to protect sensitive data like credit card information.
  • Employs public key cryptography to maintain confidentiality, with only the public key stored on the DMZ server.
  • Denies connections from unauthorized hosts to enhance security.

• DMZ DNS Server

  • Maintains directory service information for hosts essential to DMZ operations.
  • Contains entries for mail, web, log hosts, and the firewalls, allowing flexibility in network addressing.

• DMZ Log Server

  • Centralizes logging from all DMZ machines for monitoring and forensic analysis in case of security breaches.
  • Utilizes write-once media for logs to prevent tampering and ensure integrity.
  • Confined activity to avoid initiating transfers to the inner network, ensuring administrative access only from trusted hosts.

Security Principles Applied

• Principle of Least Privilege: Each server possesses only the necessary permissions to perform their functions, reducing risk exposure.
• Separation of Privilege: Authorized access and updates are managed to prevent unauthorized alterations.
• Fail-Safe Defaults: Systems are configured to deny all connections unless explicitly allowed, enhancing security integrity.

Summary and Best Practices

• Servers are designed with minimal operational capabilities to limit potential exploitation.
• Trust is placed in operating systems developed with security in mind, either through assurance techniques or disabling unnecessary features.
• A compromised server restricts information flow without jeopardizing the integrity of the internal network.

Description

Test your knowledge on network security concepts including firewalls, proxies, and DMZ configurations. This quiz covers key areas of network organization and infrastructure analysis. Perfect for those studying cybersecurity.