Network Security Quiz: Firewalls and Perimeter Networks

Questions and Answers

What is the primary function of a perimeter network in relation to external communications?

To permit secure communications with third parties (correct)

To increase network complexity

To enhance risk assessment processes

To evaluate the costs of security implementation

Which of the following is NOT a method of attack that firewalls protect against?

Brute force attacks

SYN floods

Ping of death

Social engineering attacks (correct)

How do firewalls manage data flow between networks?

By inspecting packets and determining their transmission (correct)

By establishing trust zones within the network

By conducting regular risk assessments

By enhancing cost-effectiveness of network security

What is a potential drawback of having a firewall as a single point of network access?

It creates a bottleneck in data traffic management

Which of the following contributes to a defence-in-depth strategy within perimeter security?

Implementing multiple layers of security controls

Which of the following statements accurately describes security policy?

A security policy is a document that states specific requirements or rules.

Which of the following best represents a component of Defence-in-Depth strategy?

Using multiple layers of security controls.

What does the acronym CIA stand for in the context of network security?

Confidentiality, Integrity, Availability

Which of the following is a key purpose of keeping log files at the network perimeter?

To detect external attacks and intrusions.

What is the role of firewalls in risk management?

To reduce the likelihood of unauthorized access.

In the context of risk assessment, which of the following best describes the term 'vulnerability'?

A weakness that can be exploited by a threat.

What is the main purpose of a security standard?

To establish system-specific or procedural requirements.

Which of the following devices would typically be included in network complexity considerations?

Intrusion Detection Systems (IDS)

What does Annual Loss Expectancy (ALE) represent?

Money allocated to handle risks on an annual basis

Which layer is NOT part of the defence-in-depth strategy?

Firewall layer

What is the function of the outermost perimeter in a network?

To separate the network from the ISP's network

Which of the following is considered a semi-trusted network?

A demilitarized zone (DMZ)

How is Single Loss Expectancy (SLE) calculated?

Total cost incurred if the risk occurs

What is the primary goal of deploying a defence-in-depth strategy?

To provide multiple layers of protection against network attacks

Which of the following best describes untrusted networks?

Networks that are outside the security perimeter

In the risk assessment context, what does Annualized Rate of Occurrence (ARO) measure?

Frequency of a risk occurring in a year

Which of the following statements about internal perimeters is true?

They are the boundaries you keep your protected networks within.

Study Notes

Firewall Technologies

• Firewall technologies are used for network perimeter defense.
• Security is a primary concern in designing networks.
• CIA (Confidentiality, Integrity, Availability) is the goal of security.
• DAD (Disclosure, Alteration, Denial) is the opposite of CIA.
• Firewalls, authentication, and authorization measures aim to reduce unauthorized intrusions.

Learning Objectives

• Understanding network perimeter defense is a key objective.
• Identifying the perimeter of a trusted network is vital.
• Identifying devices that provide defense at the network perimeter is essential.
• Understanding the functions of devices located at the perimeter of a network is crucial.
• Designing firewalls to implement the policies of devices at the perimeter is needed.
• Understanding the need for keeping log files of devices at the perimeter is paramount.

Introduction

• Security is crucial when designing networks.
• Security means protecting or maintaining CIA.
• CIA stands for Confidentiality, Integrity, and Availability.
• DAD is the opposite of CIA, standing for Disclosure, Alteration, and Denial.
• A comprehensive network security solution with formal measures for authentication, authorization, confidentiality, availability, and integrity is needed to reduce unauthorized intrusions.

Security Policy

• Security policy documents outline specific requirements and rules.
• Security policies are usually point-specific and cover a single area.
• Password policies must include sufficient standards to properly secure resources.
• Security standards provide a collection of requirements for systems and procedures.
• Password standards specify the need for password generators.
• Security guidelines offer best practice suggestions for systems and procedures.
• Password guidelines list recommended password generators.

Network Complexity

• Different types of networks include the internet, intranet, extranet, public servers, and internal servers.
• These are interconnected using devices like IDS, firewalls, scanners, filters, and VPNs.

Risk Assessment

• Risk factors include worth, attraction, threat, vulnerability, and probability.
• Countermeasures include prevention (cryptography, firewalls, vulnerability scanning), and detection (intrusion detection systems, log analysis, digital signatures).
• Proper risk management is key to digital security.

Cost of Security & Risk Assessment

• Annualized Rate of Occurrence (ARO) calculates the likelihood of a risk occurring within a year.
• Single Loss Expectancy (SLE) is the potential cost of a risk occurring.
• Annual Loss Expectancy (ALE) is the total cost of a risk occurring, and is equal to ARO x SLE.
• Example: A web server failing has a 30% (ARO) probability. Website downtime for 2 hours costs $10,000/hour, and the repair cost is $6,000. Total Cost of risk (SLE) is 10,000 x 2 + 6000 = $26,000. Calculation of ALE is 26,000 x 0.3 = $7,800

What is network perimeter?

• Every network has a perimeter, a gateway to the internet.
• A perimeter surrounds the network with a single entry point for external traffic.
• A fortified boundary of our network.
• The concept of using multiple layers of defense to mitigate security threats is known as defense-in-depth.
• This uses traditional techniques like IP filtering gateways, proxy gateways, and combinations (defense in depth).

Defence-in-Depth

• A multilayer model for network protection.
• Each layer provides network and host defense.
• Each layer can stop network or host attacks.
• This is the fundamental aspect of network security.
• Multi-chokepoints to contain malicious activity and stop the spread.
• Four Main Layers: Authentication, perimeter, host intrusion prevention layer, and security best practices.

Types of Network

• Networks are categorized as trusted, semi-trusted, and untrusted based on the level of access and security.

Network Classifications

• Trusted networks are inside the security perimeter.
• Semi-trusted networks allow access to data and email resources.
• Untrusted networks are outside the perimeter and often include the DMZ.

Perimeter Networks

• Classifications of perimeters include the outermost and internal perimeters covering unknown networks, public servers, external routers, internal routers, firewall and trusted networks.

Perimeter Classification

• Outermost perimeter is the point of separation between your assets and those of the internet service provider.
• This perimeter is the most insecure area.
• It typically contains routers, firewalls, and servers, like HTTP, FTP, or Gopher.
• Internal perimeters are additional boundaries for other security measures, containing your critical networks.

Perimeter Devices

• Network hardware devices are important perimeter devices (routers, firewalls, modems, switches, and wireless hubs)
• Servers could be considered perimeter devices based on their connectivity to the internet and intranet.
• Clients from outside the perimeter may connect to the internal network.
• Perimeter security is traditionally provided by security perimeter devices like firewalls.
• Perimeter devices route traffic between networks.

A SMB network

• A firewall alone doesn't represent the only perimeter device.
• Outermost, Dirty, and Protected DMZs are part of the perimeter network.
• Firewalls, perimeter routers, servers, and internal servers are examples of devices in the perimeter.

Perimeter-Ownership

• Defines a perimeter device as any device that routes packets between two networks (firewall, router, switch).
• Devices shown in a diagram are considered perimeter devices depending on their access.

Perimeter Security Topologies

• Firewalls and routers place secure communication channels at the network's edge for organizations and third parties.
• Key enabling technologies include DMZs, extranets, and intranets.
• The goal of the perimeter network is selective data flow based on criteria like type, source, destination, and content.

Firewalls

• Hardware or software that secures a network from unwanted access.
• Protects networks from intrusions.
• May be a dedicated physical device or a software feature within routers, switches.
• Firewalls inspect packets and sessions to determine if they should be transmitted.
• Firewalls are a single point of entry for network access.
• Firewalls use scripts to control application, address, and user parameters.

What Do Firewalls Protect Against?

• Firewalls protect against denial-of-service (DoS) attacks such as ping of death, teardrop or raindrop attacks, SYN flood, and LAND attacks.
• Firewalls provide protection against brute-force, smurf attacks, and IP spoofing.

How Do Firewalls Work?

• Firewalls use network address translation (NAT).
• Firewalls use basic packet filtering.
• Firewalls use stateful packet inspection (SPI).
• Firewalls use application gateways.
• Firewalls will use access control lists (ACL).

Routers

• Network management devices connecting network segments and routing traffic.
• Critical for enabling communication between networks and the internet.
• Act as "digital traffic cops" handling packet filtering in addition to their primary function.

How a Router Moves Information

• Routers examine packets, compare the destination address to lookup tables, and then determine the next router for the packet, as needed.
• Routes packets to make sure information comes to its right destination

Perimeter/Firewall Router Functions

• The functionality of a perimeter/firewall router is varied.
• Protection Services/Methods control evesdropping, unauthorized access, session replay, inbound connections, outbound connections, packet filtering.

Switches

• Network devices that provide bridges, dividing collision domains but using ASICs (optimized).
• Improve network security by minimizing the collision domain to only two nodes.
• Collision domain separation reduces sniffing. (Switches use ACLs and VLANs)

Security Problems with Switches

• Default passwords on switches pose a security risk.
• Sniffing networks to gain administrator passwords via SNMP or Telnet can be problematic.

Securing a Switch

• Isolate management interfaces and use a serial port for management.
• Secure shells (SSH) or other encrypted methods are secure.
• Separate switches for DMZs to physically isolate them.
• Using VLAN jumping for preventing unauthorized access is a good measure.
• Keeping the switch updated with the latest versions of software and security patches.
• Product documentation is useful to determine the processes and steps.

VLAN (Virtual Local Area Network)

• VLANs separate subnets and create dedicated security zones.
• VLANs offer complete isolation between zones.
• VLAN compromises can lead to significant denial-of-service attacks.
• Can be "destroyed" to lead to an overall denial-of-service attack.

Virtual Local Area Networks

• Broadcast domain in a switched network.
• Has encryption to control user access.
• Prevents data interception.
• Clusters users into smaller groups, increasing security.
• Decreases the threat of broadcast storms.

Layer 2 Attacks

• Layer 2 attacks can target different aspects of the network, including MAC, ARP, and various VLAN attacks.
• Different attacks target aspects of how the network functions.

Perimeter Expansion

• Increased bandwidth (remote offices, telecommuters, roaming users, partners) leads to more potential vulnerabilities and harder detection.
• Improvements in technology (cryptography, content scanning, intrusion detection, vulnerability scanning) are needed, as well as countermeasures (prevention and detection techniques).

What we can do at the perimeter?

• Application systems, presentation systems, and session layers are parts of the layer architecture.
• Proxy systems, Stateful inspection, and packet filtration tools are used to prevent attacks.
• These tools are used to detect and control access into protected networks.

Packet filters (Routers)

• Packet filtering at the application, presentation, session, transport, network, data link, and physical layers.
• Advantage features are high performance, scalability, and application independence.
• Disadvantages include low security, no screening in upper layers, no state or application information.

Proxy systems/Application Layer Gateways

• Proxy systems are used in the application, presentation, session, transport, network, data link, and physical layers.
• Proxy systems have advantages like good security and application awareness.
• Disadvantages include poor performance and limiting application support.

Stateful Inspection

• Inspection in the application, presentation, session, transport, and network layers.
• Advantages are high security, scalability, and independence from application layer awareness,
• Disadvantages include an expensive solution.

Security Processes

• Security is an ongoing process, requiring ongoing analysis of new vulnerabilities and appropriate actions.
• Security is a process, and expert teams are needed.

Event Logging

• Complete and finely-grained event logging is vital for prevention, analysis, detection, and statistics.
• It's easily processed, readable, and suitable for manual, statistic, and expert system log analysis.

Logging

• Logging process controls the distribution of logs to various destinations such as logs, terminal lines, a syslog server, and the severity level.
• Logging enables timestamping of messages.
• Logging can be turned on with a RouterA(config)# logging on command.

Logging Level

• Logging level controls logging messages to the console, terminal lines, and syslog servers, depending on severity and configuration.

Syslog Severity Levels and Their Messages

• Severity levels range from emergency to debugging.
• Different levels categorize the severity of network events.
• Descriptions of these messages are detailed.

SYSLOG

• Syslog is a protocol used to inspect device behavior.
• Using a syslog server daemon on a PC can monitor all devices configured for syslog.
• Configure network devices to use the syslog server on a PC using commands like RouterA#config t, Router(config)#logging 150.100.1.242, RouterA#(config)#logging trap warnings, RouterA#(config)#end.

Chapter Summary

• A perimeter is a fortified boundary of a network.
• A trusted network is within the security perimeter.
• Perimeter devices like firewalls and routers route packets between networks.
• Firewalls inspect packets to determine if they should be allowed through.
• Event logging provides useful data for analysis, detection, prevention, and statistics gathering.

Review Questions

• Review questions cover topics like CIA, SLE, possible threats from inside an organization, the definition of a perimeter, network classifications, perimeter devices, switch security methods, and security mechanisms. There are questions about security at the perimeter such as firewall, network devices, VPN concentrators, proxy systems and more.

Thank You

• A concluding acknowledgment.

Description

Test your knowledge on network security concepts focusing on firewalls and perimeter networks. This quiz covers functions, attack methods, data flow management, and defense strategies. Ideal for those studying cybersecurity and network protection mechanisms.