Exam 9: Firewalls and Intrusion Prevention Systems

A prime disadvantage of an application-level gateway is the additional processing overhead on each connection.

An intruder transmitting packets from the outside with a source IP address field containing an address of an internal host is known as IP address _________.

________ control controls access to a service according to which user is attempting to access it.

_________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.

A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.

A __________ gateway sets up two TCP connections,one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.

The __________ protocol is an example of a circuit-level gateway implementation that is conceptually a "shim-layer" between the application layer and the transport layer and does not provide network-layer gateway services.

A __________ firewall controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side.

__________ looks for deviation from standards set forth in RFCs.

A _________ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security.

A ________ uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network,typically the Internet.

The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface.

The firewall can protect against attacks that bypass the firewall.

Snort Inline adds three new rule types: drop,reject,and _________.

Typical for SOHO applications,a __________ is a single router between internal and external networks with stateless or full packet filtering.

__________ protocols operate in networking devices,such as a router or firewall,and will encrypt and compress all traffic going into the WAN and decrypt and uncompress traffic coming from the WAN.

__________ scans for attack signatures in the context of a traffic stream rather than individual packets.

The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.

An example of a circuit-level gateway implementation is the __________ package.

An important aspect of a distributed firewall configuration is security monitoring.