Deck 21: Network Endpoint Security

One limitation of a firewall is that an improperly secured wireless
LAN may be accessed from outside the organization.

the primary benefit of a host-based IDS is that it can detect both
external and internal intrusions.

Packet filter firewalls are susceptible to security breaches caused
by improper configurations.

the internal firewall provides a measure of access control and
protection for the DMZ systems consistent with their need for external connectivity.

the firewall provides an additional layer of defense, insulating
internal systems from external networks or other parts of the internal network.

Analyzers are responsible for collecting dat
A.

A circuit-level gateway permits an end-to-end tCP connection.

the user control feature is typically applied to users outside the
firewall perimeter.

Multiple internal firewalls can be used to protect portions of the
internal network from each other.

A firewall may filter traffic on the basis of IP address, protocol, or
port number.

Packet filter gateways tend to be more secure than application-
level gateways.

A firewall may not act as a packet filter.

the first step in a DDoS attack is for the attacker to infect a
number of machines with zombie software that will ultimately be
used to carry out the attack.

A stateful packet inspection firewall reviews the same packet
information as a packet filtering firewall, but also records information about tCP connections.

the countermeasure for __________ is to discard packets with an inside source address if the packet arrives on an external interface.

there are four techniques that firewalls use to control access and enforce the site's security policy: service control, direction control, user control, and __________ .

A(n) __________ is placed at the edge of a local or enterprise network, just inside the boundary router that connects to the Internet or some wide area network.

A(n) __________ is hardware or software products that gather and analyze information from various areas within a computer or a network for the purpose of finding, and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner.

A __________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.

An IDS comprises three logical components: sensors, __________ , and user interface.

A __________ attack can be defeated by enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header.

the __________ to an IDS enables a user to view output from the system or
control the behavior of the system.

A __________ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

__________ control determines the types of Internet services that can be accessed, inbound or outbound.

__________ is the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the dat
A.

there are two general approaches to intrusion detection: Misuse detection
and ___________ .

A __________ attack attempts to consume the target's resources so that it
cannot provide service.

Information security ___________ consists of processes for detecting,
reporting, assessing, responding to, dealing with, and learning from
information security incidents.

Malicious software, commonly called __________ , is perhaps the most
significant security threat to organizations.