Deck 6: Firewalls and Border Security

Network redundancy translation is used when there is a limited number of decoy addresses available, or when there are more computers on the internal network than decoy addresses.

A route map is used to determine the best route through a network.

With CIDR, the number after the slash is the number of bits in the address that are allocated for the host identifier.

There are six IP address classes, Class A through Class F, each used with a different type of network.

Some proxies are able to provide caching services as a way to reduce the load on servers within the internal network.

IP is a connection-oriented protocol because its primary mission is to provide network-to-network addressing and routing information, and to change the size of packets when the size varies from network to network.

One element in border security is to configure security policies on each firewall so that access is automatically allowed, except for those who are manually configured to have access blocked through the firewall.

In Windows Server 2003, Radius is a set of services that enable or manage remote access to Windows Server 2003, for instance, through dial-up or telecommunications lines.

A router performs packet filtering and is often used as a firewall on a network, in addition to the other functions it performs.

UDP does not provide the same level of reliability and error checking as TCP, because it relies only on the checksum to ensure reliability.

The border router is a firewall that is configured with security policies to control the traffic that is permitted to cross a border in either direction.

The payload data within the IP packet is actually the TCP header and the application data when connection-oriented services are used.

Packet filtering is accomplished using one of two techniques: stateless filtering and stateful filtering.

Routers can isolate portions of a network to prevent areas of heavy traffic from reaching the broader network system.

IPTables is a powerful tool that can be used to implement network security in many ways; it is configured through a terminal window using the iptables command.

Class D addresses do not reflect the network size, but only tell you that the communication is a multicast.

The simplest way to configure a firewall in Red Hat Linux 9.x is by using the Security Level Configuration tool.

TCP/IP consists of nearly 200 nonproprietary protocols that interconnect computer systems efficiently and reliably.

Stateless filtering does not filter on the basis of the context of the communication, and so it has limited value in a firewall.

Does NetBEUI use the type of addressing that would enable it to be forwarded or routed to networks other than the one on which it is used?

When two devices communicate using connection-oriented methods, do they establish sequence numbers for each frame that is transmitted and place the sequence number in the frame header?

Does dynamic NAT translate a range of addresses on the internal network to a range of specific decoy addresses?

Are network classes A through C intended for unicast addressing methods?

Does UDP provide the same level of reliability and error checking as TCP?

Does RIP have the ability to send only routing updates to other routers instead of the entire routing table?

What are the three component protocols within the TCP/IP protocol suite?

In TCP communications, the number of data bytes transmitted in a frame is called the ____________________ because the number can be increased or decreased from one moment to the next by mutual agreement of the two communicating stations.

When a TCP segment is formatted with the additional IP header information, the entire unit is called a(n) ____________________ or packet.

In a TCP header, the ____________________ is a 16-bit CRC that is computed by adding the length of all header fields plus the length of the data payload field. 6

Firewalls provide border security by using three different approaches. What are they?

Can routers filter packets on the basis of information associated with each port (inbound and outbound connections) to control network traffic?

What five border points should be protected by a strong border security design?

UDP does not provide the same level of reliability and error checking as TCP, because it relies only on the ____________________ to ensure reliability.

When a server is set up for ______________________________, it performs address translation between the local network clients (including the server as an Internet user) and the Internet.

When an application on a network station uses a(n) ____________________ packet (which is the most typical packet used by an application), one copy of each packet in a transmission is sent to each destination intended to receive the packet.

What four fields does a UDP header contain?

What are the four ways to perform network address translation?

Red Hat Linux 9.x offers the ____________________ interface for configuring NAT and complex firewall security from the command line in a terminal window.

Connection-oriented services occur between the ____________________ sublayer of the data-link layer (layer 2) and the network layer (layer 3) in the OSI model.

A newer way to ignore address class designation is by using ______________________________ addressing, which puts a slash (/) after the dotted decimal notation.

Is Internet Connection Firewall available in Windows Server 2003, Enterprise Edition?

Is one function of a proxy to screen application requests that go across a firewall placed between an internal network and an external or public network?

Do routers maintain information about network station addresses and network status in databases?

TCP (and UDP) ____________________ software may be used to simply collect information about a target, without the target's knowledge; it may be used to gain access to a system, or it may be used to crash a system.