Lesson 8: Defining Network Infrastructures And Network Security

A worldwide system of connected computer networks.
Computers that connect to the internet use the _________ protocol suite.
Internet Assigned numbers Authority (IANA)
The internet’s IP classification system is defined by the ____________.
Internet Engineering Task Force (IETF)
DNS is defined by the ___________.
World Wide Web (WWW)
An enormous system of interlinked hypertext documents that can be accessed with a web browser.
Web 2.0
An interactive type of web experience. It allows users to interact with each other and act as contributors to Web sites as well.
Intranets & Extranets
Used by organizations to share data with select individuals.
A private computer network or single Web site that an organization implements in order to share data with employees around the world.
Used to share data with sister companies or other partnered organizations.
Virtual Private Network (VPN)
Allows connectivity between two remote networks.
Virtual Private Network (VPN)
A connection between two or more computers or devices that are not on the same private network.
VPNs normally utilize one of two tunneling protocols.
The more commonly used VPN tunneling protocol as well as the less secure option.
This VPN tunneling protocol generally includes security mechanisms, and no additional software or protocols need to be loaded.
The Point-to-Point Tunneling Protocol (PPTP) utilizes port __________.
Point to Point Protocol (PPP)
PPTP works within the ___________, which is also used for dial-up connections.
A VPN tunneling protocol that utilizes IPsec as its security protocol.
A VPN device or server that allows incoming L2TP connections must have inbound port ________ open.
Used to protect a network from malicious attack and unwanted intrusion.
The most commonly used type of security device in an organization’s perimeter.
The two two types of firewall technologies built into firewalls.
Packet Filtering
Inspects each packet that passes through the firewall and accepts or rejects it based on a set of rules.
Stateless Packet Filtering
Does not retain memory of packets that have passed through the firewall which makes it vulnerable to IP spoofing attacks.
Stateful Packet Inspection (SPI)
A firewall running this is normally not vulnerable to IP spoofing attacks because it keeps track of the state of network connnections by examining the header in each packet.
Stateful Packet Inspection (SPI)
This function operates at the network layer of the OSI model.
NAT Filtering
Filters traffic according to ports (TCP or UDP)
NAT Filtering utilizes ______ or ______.
Application level Gateway (ALG)
Supports address and port translation and checks whether the type of application traffic is allowed.
Application level Gateway (ALG)
This type of Firewall Methodology checks each type of packet coming in and discards those that are Telnet packets.
Circuit level Gateways
These hide information about the private network, but they do not filter individual packets.
Circuit level Gateways
This works at the session layer of the OSI model when a TCP or UDP connection is established.
Proxy Server
Acts as an intermediary between a LAN and the Internet.
Proxy Server
This means “go-between” and acts as a mediator between a private and public network.
Proxy Server
Evaluates requests from clients, and if they meet certain criteria, forwards them to the appropriate server.
Caching Proxy
Attempts to serve client requests without actually contacting the remote server.
The most common caching proxy is the _______ proxy, also known as a web proxy, which caches web pages from servers on the Internet for a set amount of time.
HTTP Proxy
This is utilized to save bandwidth on the company’s internet connection and to increase the speed at which client requests are carried out.
IP Proxy
Secures a network by keeping machines behind it anonymous; it does this through the use of NAT.
IP Proxy
A basic four-port router will act as an IP Proxy for the clients on the LAN it protects. This is an example of __________.
Internet Content Filter
Filters out various types of Internet activities, such as access to certain Web sites, email, instant messaging, and so on.
An Internet Content Filter, or simply a content filter, is usually applied as software at the ____________ layer of the OSI model.
Network Intrusion Detection System (NIDS)
A type of IDS that attempts to detect malicious network activities by constantly monitoring network traffic.
Network Intrusion Prevention System (NIPS)
Designed to inspect traffic, and, based on its configuration or security policy, it can remove, detain, or redirect malicious traffic in addition to simply detecting it.
Back To Back
This configuration has a DMZ situated between two firewall devices, which could be black box appliances or Microsoft Internet Security and Acceleration (ISA) Servers.
3 Leg Perimeter Configuration
In this configuration, the DMZ is usually attached to a separate connection of the company firewall.
Lan, DMZ, Internet
In the 3-Leg Perimeter Configuration, the firewall has three connections: one to the company _______, one to the _______, and one to the _________.
You have been tasked to set up an authentication server on a DMZ that will allow only users from a partner company. What kind of network are you configuring?
You are in charge of setting up a VPN that allows connections on inbound port 1723. What tunneling protocol are you going to use?
Proseware, Inc., wants you to set up a VPN server. What service in Windows Server 2008 should you use?
The IT director has asked you to install a firewall. Which of the following is not a type of firewall?
You suspect an issue with one of the ports on the firewall. You decide to scan the ports. Which of the following is the appropriate tool to use?
Your client wants a server that can cashe web pages in order to increase the speed of commonly accessed Web sites. What type of server does the client require?
The customer you are working for wants a device that can detect network anomalies and report them to an administrator. What type of device is the customer looking for?
Your boss asks you to set up an area that is not on the LAN but not quite on the internet. This area will house servers that will serve requests to users who are connecting to your intranet. What type of zone does your boss want you to set up?
You have been asked by a client to install a VPN server that can offer unencrypted tunnels by default, or encrypted tunnels by using IPSec. Which of the following services should you choose in order to accomplish this?
You have set up a default VPN in Windows Server 2008. However, your boss is not happy with the level of security. She would rather have L2TP combined with IPsec. What tunneling prtocol is running currently on the server?
Web 2.0
Allows users to interact with each other and contribute to Web Sites.
Internet Engineering Task Force (IETF)
The ___________ defines DNS.
World Wide Web (WWW)
The ___________ is an enormous system of interlinked hypertext documents.
You have set up a netowrk zone that allows remote access for employees of your company. This is known as a ____________.
You install a VPN server that uses inbound port 1701. The server is utilizing the ____________ protocol.
Configure Users
You installed a VPN server and configured a VPN adapter on a client computer. However, the connection cannot be completed from the client to the server. This is because you skipped the ____________ step.
The VPN server has been configured and is running properly. however, it has not been configured to hand out IP addresses to clients. When a VPN server is configured this way, the clients obtain their IP addresses from a ___________ server.
A firewall normally has a private and a __________ IP address.
Stateful Packet Filtering
You have installed a firewall that accepts or rejects packets based on a set of rules. This firewall keeps track of the state of the network connection. it is running a type of packet filtering known as __________.
aYou have configured a firewall so that all ports are closed. Now you are attempting to scan the firewall’s ports to verify that there are no open ones. you should use the ___________ option within the Nmap port scanning program.
What type of network can you set up that is another company’s internal network?
What technology can you use temporarily to connect netowrks from two different companies?
Which VPN technology is the most common and the easiest to set up?
What port does L2TP use?
Packet Filtering
Which type of firewall blocks packets based on rules that are based on IP addresses or ports?
Stateful Packet Inspection
What technology used in firewalls keeps tracks of conversations so that it knows what to allow back into a network?
Proxy Server
What acts as a middleman that translates between internal and external addresses and that caches previously accessed web pages so that it can provide those more quickly in the futue?
Network Intrusion Prevention System (NIPS)
What type of device is designed to inspect traffic, detect malicious activities, and take steps to mitigate the malicious activity?
3 leg perimeter configuration
Which DMZ configuration uses one firewall with three interfaces?
What protocol is used with L2TP to provide encryption?
Circuit level Gateway
What type of firewall works on the Session layer that creates a connection and allows packets to flow between the two hosts without further checking?
Internet Content Filter
What type of firewall do you use to block access to certain websites or instant messengers?
When trying to protect your network, you should create your secure network based on ____________.
What device is used to protect one network from another by using filtering packets?
Back to Back
What type of configuration creates a DMZ between two firewalls?