Deck 9: Firewalls and Intrusion Prevention Systems

A firewall can serve as the platform for IPSec.

One disadvantage of a packet filtering firewall is its simplicity.

The firewall may be a single computer system or a set of two or moresystems that cooperate to perform the firewall function.

The countermeasure to tiny fragment attacks is to discard packets withan inside source address if the packet arrives on an external interface.

An important aspect of a distributed firewall configuration is securitymonitoring.

The primary role of the personal firewall is to deny unauthorizedremote access to the computer.

Distributed firewalls protect against internal attacks and provideprotection tailored to specific machines and applications.

A traditional packet filter makes filtering decisions on an individualpacket basis and does not take into consideration any higher layer context.

Snort Inline enables Snort to function as an intrusion preventioncapability.

A prime disadvantage of an application-level gateway is the additionalprocessing overhead on each connection.

The firewall can protect against attacks that bypass the firewall.

A packet filtering firewall is typically configured to filter packets goingin both directions.

Unlike a firewall, an IPS does not block traffic.

A DMZ is one of the internal firewalls protecting the bulk of theenterprise network.

The ________ IP address is the IP address of the system that originated the IP packet.

An intruder transmitting packets from the outside with a source IP address field containing an address of an internal host is known as IP address _________.

A ___________ makes use of both signature and anomaly detection techniques to identify attacks.

The __________ protocol is an example of a circuit-level gateway implementation that is conceptually a "shim-layer" between the application layer and the transport layer and does not provide network-layer gateway services.

Identified as a critical strong point in the network's security, the _________ serves as a platform for an application-level or circuit-level gateway.

A ________ uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet.

A _________ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

__________ protocols operate in networking devices, such as a router or firewall, and will encrypt and compress all traffic going into the WAN and decrypt and uncompress traffic coming from the WAN.

The _________ is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter to protect the premises network from Internet-based attacks.

A __________ firewall controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side.

The firewall follows the classic military doctrine of _________ because it provides an additional layer of defense.

A single device that integrates a variety of approaches to dealing with network-based attacks is referred to as a __________ system.

__________ anomaly watches for unusual traffic activities, such as a flood of UDP packets or a new service appearing on the network.

_________ matching scans incoming packets for specific byte sequences (the signature) stored in a database of known attacks.

Snort Inline adds three new rule types: drop, reject, and _________.