Information Technology /Security+ (SY0-701): Lesson 5: Secure Enterprise Part 2
Security+ (SY0-701): Lesson 5: Secure Enterprise Part 2
This deck covers key concepts from Lesson 5: Secure Enterprise Part 2, focusing on firewalls, ACLs, proxy servers, and intrusion detection systems.
What is the risk of entering a fail-closed state of failure?
System downtime
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
What is the risk of entering a fail-closed state of failure?
System downtime
Define a 'Packet Fileting Firewall'
A Layer 3 device; Compares packet headers against ACLs to determine which network traffic to accept.
What information from a packet header is used to define rules in an ACL?
IP, Protocol, and Port.
What actions can be defined in an ACL rule?
Accpet/permit, drop/deny, reject/block
What is the outcome of a drop/deny?
Silently discards the packet.
What is the outcome of a reject/block?
Blocks the packet but responds to the sender with an ICMP message, such as 'port unreachable'.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What is the risk of entering a fail-closed state of failure? | System downtime |
Define a 'Packet Fileting Firewall' | A Layer 3 device; Compares packet headers against ACLs to determine which network traffic to accept. |
What information from a packet header is used to define rules in an ACL? | IP, Protocol, and Port. |
What actions can be defined in an ACL rule? | Accpet/permit, drop/deny, reject/block |
What is the outcome of a drop/deny? | Silently discards the packet. |
What is the outcome of a reject/block? | Blocks the packet but responds to the sender with an ICMP message, such as 'port unreachable'. |
What are the two types of ACLs? |
|
Define an 'appliance firewall' | A standalone hardware device that performs only the function of a firewall (filter/monitor inbound and outbound traffic) |
What are the 3 ways to deploy an appliance firewall? |
|
Define a 'routed (layer 3)' firewall | Performs forwarding between subnets; Each interface connects to a different subnet representing a different security zone; Interfaces configured with an IP and MAC address. |
Define a 'bridged (layer 2)' firewall | Inspects traffic passing between two nodes, such as a router and a switch; bridges the Ethernet interfaces between the two nodes and each interfaces is configured with a MAC but no IP. |
Define a 'Inline (layer 1)' firewall | Firewall acts as a cable segment and has no MAC or IP address; Traffic received on one interface is either blocked or forwarded over the other interface. |
Define a 'transparent firewall' | Standalone firewall deployed in front or in-between nodes without having to reconfigure subnets and reassign IP addresses on other devices; Bridged and Inline firewalls. |
Define a 'router firewall' | A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware. |
Why is a packet filtering firewall stateless? | Does not persevere information about network sessions/connections. |
Define a 'stateful inspection firewall' | Tracks information about the session established between two hosts; analyze packets down to the application layer rather than filtering packets only by header information. |
How does a stateful inspection firewall process packets? | Firewall confirms whether it belongs to an existing connection; If not, it applies ordinary packet filtering rules to determine whether to allow it. |
What two layers of the OSI model does a stateful inspection firewall operate at? | layer 4 and layer 7 |
Define a 'layer 4 firewall' | A stateful inspection firewall that can monitor TCP/UDP sessions. |
What mechanism does a layer 4 firewall inspect when determining if packet belongs to an existing connection? | Examines the TCP three-way handshake to distinguish new from established connections. |
How does a layer 4 firewall leverage the 3 way handshake to process a packet? | A legitimate TCP connection should follow a SYN > SYN/ACK > ACK sequence with corresponding sequence number; Deviations from this can be dropped as malicious flooding or session hijacking attempts. |
Define a 'layer 7 firewall' | A stateful inspection firewall that can filter traffic based on specific application protocol headers and payload, such as web or email data. |
Define a 'proxy server' | Mediates the communications between a client and another server; Can filter/forward communicates and improve performance with caching. |
Define a 'caching engine' | Feature of many proxy servers that enables the servers to retain a copy of frequently requested web pages. |
Define a 'forward proxy server' | Outbound protocol specific proxy connections. |
Besides Forward/Reverse proxy, what are the two proxy server implementations? |
|
Define a 'non-transparent proxy server' | A server that redirects requests and responses for clients configured with the proxy address and port. |
Define a 'Transparent proxy server' | Implemented as a router or as an inline network appliance to intercept client traffic. |
Define a 'reverse proxy server' | Proxy server that protects servers from direct contact with client requests; Deployed on the network edge and configured to listen for protocol-specific inbound traffic. |
Define an 'intrusion detection system (IDS)' | Performs real-time analysis of either network traffic or system and application logs. |