Deck 9: Firewalls and Intrusion Prevention Systems

The firewall may be a single computer system or a set of two or more
systems that cooperate to perform the firewall function.

The countermeasure to tiny fragment attacks is to discard packets with
an inside source address if the packet arrives on an external interface.

One disadvantage of a packet filtering firewall is its simplicity.

The primary role of the personal firewall is to deny unauthorized
remote access to the computer.

The firewall can protect against attacks that bypass the firewall.

Unlike a firewall,an IPS does not block traffic.

A packet filtering firewall is typically configured to filter packets going
in both directions.

A firewall can serve as the platform for IPSec.

Distributed firewalls protect against internal attacks and provide
protection tailored to specific machines and applications.

A logical means of implementing an IPSec is in a firewall.

A traditional packet filter makes filtering decisions on an individual
packet basis and does not take into consideration any higher layer context.

A DMZ is one of the internal firewalls protecting the bulk of the
enterprise network.

A prime disadvantage of an application-level gateway is the additional
processing overhead on each connection.

Snort Inline enables Snort to function as an intrusion prevention
capability.

The ________ IP address is the IP address of the system that originated the IP packet.

The __________ protocol is an example of a circuit-level gateway implementation that is conceptually a "shim-layer" between the application layer and the transport layer and does not provide network-layer gateway services.

A _________ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

A __________ firewall controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side.

The _________ is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter to protect the premises network from Internet-based attacks.

An intruder transmitting packets from the outside with a source IP address field containing an address of an internal host is known as IP address _________.

A ________ uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network,typically the Internet.

A ___________ makes use of both signature and anomaly detection techniques to identify attacks.

__________ protocols operate in networking devices,such as a router or firewall,and will encrypt and compress all traffic going into the WAN and decrypt and uncompress traffic coming from the WAN.

Identified as a critical strong point in the network's security,the _________ serves as a platform for an application-level or circuit-level gateway.

__________ anomaly watches for unusual traffic activities,such as a flood of UDP packets or a new service appearing on the network.

A single device that integrates a variety of approaches to dealing with network-based attacks is referred to as a __________ system.

The firewall follows the classic military doctrine of _________ because it provides an additional layer of defense.

Snort Inline adds three new rule types: drop,reject,and _________.

_________ matching scans incoming packets for specific byte sequences (the signature)stored in a database of known attacks.